Play interactive tour

Edit tour

Analysis Report https://217023.8b.io/

Overview

General Information

Sample URL:	https://217023.8b.io/
Analysis ID:	339270
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

Classification

Startup

System is w10x64

iexplore.exe (PID: 5936 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4744 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5936 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mfile[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://lacecompound.com/sm/mfile/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 899552.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mfile[1].htm, type: DROPPED

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Number of links: 0
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Number of links: 0

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Form action: mai.php
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Form action: mai.php

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="author".. found
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="author".. found

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="copyright".. found
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.201.120.251:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.201.120.251:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49736 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: 217023.8b.io

Source: amp-mustache-0.2[1].js.3.dr	String found in binary or memory: http://github.com/janl/mustache.js
Source: ~DFE679E51CD7555755.TMP.2.dr, 03OIYGP2.htm.3.dr	String found in binary or memory: https://217023.8b.io/
Source: {FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://217023.8b.io/Root
Source: amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	String found in binary or memory: https://3p.ampproject.net
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://8b.com
Source: v0[1].js.3.dr	String found in binary or memory: https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout
Source: v0[1].js.3.dr	String found in binary or memory: https://amp.dev/documentation/guides-and-tutorials/learn/experimental
Source: v0[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/cache:getClientId?key=AIzaSyDKtqGxnoeIqVM33Uf7hRSa3GJxuzR7mLc
Source: v0[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId?key=
Source: imagestore.dat.3.dr, 03OIYGP2.htm.3.dr	String found in binary or memory: https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png
Source: amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	String found in binary or memory: https://cdn.ampproject.org
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://cdn.ampproject.org/v0.js
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://cdn.ampproject.org/v0/amp-mustache-0.2.js
Source: v0[1].js.3.dr	String found in binary or memory: https://developers.google.com/open-source/licenses/bsd
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Forum:400
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Neucha:400
Source: css[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/neucha/v12/q5uGsou0JOdh94bfvQlr.woff)
Source: amp-analytics-0.1[1].js.3.dr	String found in binary or memory: https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md
Source: {FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://lacecompound.c
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://lacecompound.com/sm/mfile
Source: ~DFE679E51CD7555755.TMP.2.dr, mfile[1].htm.3.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/
Source: ~DFE679E51CD7555755.TMP.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/.Sharing
Source: ~DFE679E51CD7555755.TMP.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/L
Source: {FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/Root
Source: v0[1].js.3.dr	String found in binary or memory: https://log.amp.dev/?v=012012301722001&id=
Source: amp-intersection-observer-polyfill-0.1[1].js.3.dr	String found in binary or memory: https://mths.be/cssescape
Source: 03OIYGP2.htm.3.dr	String found in binary or memory: https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg
Source: mfile[1].htm0.3.dr	String found in binary or memory: https://spoprod-a.akamaihd.net
Source: amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	String found in binary or memory: https://us-central1-amp-error-reporting.cloudfunctions.net/r
Source: amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	String found in binary or memory: https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta
Source: mfile[1].htm0.3.dr	String found in binary or memory: https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 52.201.120.251:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.201.120.251:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49736 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/24@7/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFBBCE481DAF4343C1.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5936 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5936 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://217023.8b.io/	0%	Virustotal		Browse
https://217023.8b.io/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
app.8b.io	0%	Virustotal		Browse
lacecompound.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://lacecompound.com/sm/mfile/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://lacecompound.com/sm/mfile/.Sharing	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile	0%	Avira URL Cloud	safe
https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/L	0%	Avira URL Cloud	safe
https://log.amp.dev/?v=012012301722001&id=	0%	Avira URL Cloud	safe
https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png	0%	Avira URL Cloud	safe
https://mths.be/cssescape	0%	Avira URL Cloud	safe
https://us-central1-amp-error-reporting.cloudfunctions.net/r	0%	Avira URL Cloud	safe
https://8b.com	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/Root	0%	Avira URL Cloud	safe
https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout	0%	Avira URL Cloud	safe
https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf	0%	Avira URL Cloud	safe
https://lacecompound.c	0%	Avira URL Cloud	safe
https://217023.8b.io/Root	0%	Avira URL Cloud	safe
https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
app.8b.io	104.24.104.39	true	false	0%, Virustotal, Browse	unknown
lacecompound.com	195.181.244.134	true	false	0%, Virustotal, Browse	unknown
r.8b.io	104.24.104.39	true	false		unknown
proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com	52.201.120.251	true	false		high
cdn-content.ampproject.org	108.177.119.132	true	false		high
17825-ipv4.farm.prod.aa-rt.sharepoint.com	104.146.245.41	true	false		unknown
vikinggenetics-my.sharepoint.com	unknown	unknown	false		unknown
cdn.ampproject.org	unknown	unknown	false		high
217023.8b.io	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://lacecompound.com/sm/mfile/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://217023.8b.io/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://lacecompound.com/sm/mfile/.Sharing	~DFE679E51CD7555755.TMP.2.dr	true	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile	03OIYGP2.htm.3.dr	false	Avira URL Cloud: safe	unknown
https://3p.ampproject.net	amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	false		high
https://cdn.ampproject.org/v0/amp-analytics-0.1.js	03OIYGP2.htm.3.dr	false		high
https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg	03OIYGP2.htm.3.dr	false	Avira URL Cloud: safe	unknown
https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md	amp-analytics-0.1[1].js.3.dr	false		high
https://cdn.ampproject.org/v0.js	03OIYGP2.htm.3.dr	false		high
https://lacecompound.com/sm/mfile/L	~DFE679E51CD7555755.TMP.2.dr	true	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org	amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	false		high
https://log.amp.dev/?v=012012301722001&id=	v0[1].js.3.dr	false	Avira URL Cloud: safe	unknown
https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png	imagestore.dat.3.dr, 03OIYGP2.htm.3.dr	false	Avira URL Cloud: safe	unknown
https://mths.be/cssescape	amp-intersection-observer-polyfill-0.1[1].js.3.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile/	~DFE679E51CD7555755.TMP.2.dr, mfile[1].htm.3.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://us-central1-amp-error-reporting.cloudfunctions.net/r	amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	false	Avira URL Cloud: safe	unknown
https://8b.com	03OIYGP2.htm.3.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile/Root	{FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat.2.dr	true	Avira URL Cloud: safe	unknown
https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout	v0[1].js.3.dr	false	Avira URL Cloud: safe	unknown
https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf	mfile[1].htm0.3.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.c	{FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
http://github.com/janl/mustache.js	amp-mustache-0.2[1].js.3.dr	false		high
https://217023.8b.io/	~DFE679E51CD7555755.TMP.2.dr, 03OIYGP2.htm.3.dr	false		unknown
https://spoprod-a.akamaihd.net	mfile[1].htm0.3.dr	false		high
https://217023.8b.io/Root	{FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org/v0/amp-mustache-0.2.js	03OIYGP2.htm.3.dr	false		high
https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta	amp-mustache-0.2[1].js.3.dr, amp-analytics-0.1[1].js.3.dr, v0[1].js.3.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
108.177.119.132	unknown	United States	15169	GOOGLEUS	false
104.146.245.41	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
195.181.244.134	unknown	Lithuania	62282	RACKRAYUABRakrejusLT	false
52.201.120.251	unknown	United States	14618	AMAZON-AESUS	false
104.24.104.39	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339270
Start date:	13.01.2021
Start time:	19:23:36
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://217023.8b.io/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/24@7/5
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://lacecompound.com/sm/mfile
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 40.88.32.150, 88.221.62.148, 108.177.126.95, 172.217.18.99, 51.104.144.132, 152.199.19.161 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, fonts.googleapis.com, arc.msn.com.nsatc.net, fonts.gstatic.com, ie9comview.vo.msecnd.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\ABBRNDE4\217023.8b[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	low
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDCDEC81-5617-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8574615924401467
Encrypted:	false
SSDEEP:	192:ryfZM6Z5L2J9WICtI8FfIrLSAMd66o6EilXfgL/wX:ryBMm5CJUI6IEIGdo0tJ
MD5:	E1483F92CBD19F9CC2777AE7E5FE1798
SHA1:	90AED2F22ACCAB5EB2C03D3E22FDBFEA95D343C6
SHA-256:	C0A5B0091BC5004DAB98CCACFC46298E33FB7A0360D54A9623946AC516F1CACA
SHA-512:	7812494341EF922E3E010FEAB6D96D7BF48C2BC45AF5EC20986620E89F77F9BA93DBF755716288016148C1FA267550C45EBA48AAF8C63C7A4BAE9F0C9955E1B4
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDCDEC83-5617-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	39846
Entropy (8bit):	2.1427299689112695
Encrypted:	false
SSDEEP:	192:rvZ0QM6ak4FjZ2ckWcMYYUcoKSBF7sSQ3XQmt/ZuhOJtX:rR9Xz4hoIZYVNtBp/8XQmD9T
MD5:	3C4FC29ABB91412C377B142AC59717BE
SHA1:	724340377CEC44469EBBDCCC1226CFECC1D68952
SHA-256:	BFF41ECE984219C1B9783F4327048E9F3EDAB841D2D842A2DC83CD6CDF5A0C11
SHA-512:	0F0A5F434E92FCA74E1E4491F9A574FF6EABC2764AA0A1097DF9A638027134B083F20BF55937783A21B9420DE1FA5B943824B0D13246190FE595E3BD6D22D0A1
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDCDEC84-5617-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5664794169532632
Encrypted:	false
SSDEEP:	48:IwFGcprMGwpaNG4pQd7GrapbSgjrGQpKe3G7HpRsxsTGIpG:rbZkQv6dvBSoFAhTsx4A
MD5:	14C4560B0360F6517B849356394616D6
SHA1:	9C3E28690213B6B44EFA8C4CA0420F9B0F9EE043
SHA-256:	9C1C8ADC93FDD5A5830853D9B49808DC3A69C4F1C92369A24295CEF8B40EE7B3
SHA-512:	611191CE0F34B2C5808A639E2A7A04292F485C74ABC3486C38435028326B84FEC10AACA02FE259E8CC11ABFF399810BF3E20FB96FA817A4211CD883067C78DC4
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1988
Entropy (8bit):	7.504810719771759
Encrypted:	false
SSDEEP:	48:Q5Vv64FrnMpqLQ8Ai8eL6mSRHIFcJlNK28vgNEPD:MA8LMpqaiRL6fIFcb6BPD
MD5:	1B1E2BE5F03705BAC9041461A5BCCA1C
SHA1:	D5E62F27049F8DB43055C6ECC03FEB0A97591909
SHA-256:	B9A393A64D636E247FD2F6BCE55C45845B4DA5C31FD90581F41BEE24F708433B
SHA-512:	0A5FBC739FCEAE616C923356CCFFCB3E3DEB86BC9A83E2E8F847E9F063C131084FDCBA6CCF9787065E1F8AD3E3B2C7453807BB82F613AA0118E833E9D19A90BB
Malicious:	false
Reputation:	low
Preview:	K.h.t.t.p.s.:././.a.p.p...8.b...i.o./.a.p.p./.t.h.e.m.e.s./.w.e.b.a.m.p./.p.r.o.j.e.c.t.s./.w.r.i.t.e.r./.a.s.s.e.t.s./.i.m.a.g.e.s./.l.o.g.o.1...p.n.g......PNG........IHDR....................PLTE.....................................................................................................................................................tRNS.+:...R..5.$.gy.B...K].......o....b..1.F..~e>1....IDATx..i..0....<PqA...kw......B2...>._....IH&...............7?p..p..;c.<.`.z....q.@kv.. 2.^...z.....O.:m...9>....".z...&.....l...k.R..\|......t(...1..E.ZWg3./fR.W..X.....3.#.,;.Z......b.....TL..9.c-.'.h.b../.k-\..Q..j..\1...w.u..(......j..'.....h._;.q....#.t...V.6Fo...F..w}j.#.y..O.._=...Z...y{J.....B..i...@.x.V.q.....;L...bJp.".k......c[.AO.*+..eZD-.(..iH.o.wA..V0.fv..j...j...5n.....2.xT?..3>....6E+../....k...O....m..i...n. .JKi.:.,....36...[....y..........);6n.....uS..k.....p...0...)....HeY.{.d...&...Y.....VXK..x...h.2....@.`.-L2.. ..D...J..t..4.&.N..;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\amp-analytics-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	98815
Entropy (8bit):	5.426219391512523
Encrypted:	false
SSDEEP:	1536:dCnsjVr6tmjE93elQIB+A1kfYGh8wPBDOKa:dd4u3B++oOwPBDOH
MD5:	3C7A16E30FEF30EFB221DDD3944B7F21
SHA1:	A458DBE35B4261C967EEA284B5D174335A001619
SHA-256:	F95305FFA81A843FD855D10212D8A52D308679931B107E1869239F0DFAB49EB9
SHA-512:	FFEB60D593FC3D724925377AE50689EEAA78514D78D99DB060C5EFD2F7FD41BE2B43E5E813D25EFCA4086B61B43D201CD39471758A45031A4635E7DC2A13F191
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-analytics",v:"2012301722001",f:(function(AMP,_){.'use strict';var l,aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b};function ba(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++c){var d=b[c];if(d&&d.Math==Math)return d}return function(){throw Error("Cannot find global object");}()}var ca=ba(this);"function"===typeof Symbol&&Symbol("x");var da;.if("function"==typeof Object.setPrototypeOf)da=Object.setPrototypeOf;else{var ea;a:{var fa={a:!0},ha={};try{ha.__proto__=fa;ea=ha.a;break a}catch(a){}ea=!1}da=ea?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ia=da;.function p(a,b){a.prototype=aa(b.prototype);a.prototype.constructor=a;if(ia)ia(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.ge

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\background5-h_kjukqdlq[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1446x1410, frames 3
Category:	downloaded
Size (bytes):	104013
Entropy (8bit):	7.533819949957715
Encrypted:	false
SSDEEP:	1536:AjCKmdJ+C1i7a4m3s5ciTiqtTW1VetP0TD4JXqzVFGr/4ifx61:A670OpiPHW1gQUMz2rQiI
MD5:	CD21AD096013ABD227DA90B82BFE0C3A
SHA1:	878FC3D0ABAD817D6CD5BCD81F943EB2745C820F
SHA-256:	2763F69A231E96638E749DFC9E7BBD1CA01E2664C33853BA06D4A3BBE0916FB4
SHA-512:	487115EDD004FB092C9B33F9F6EA815C21E0BEC6EBB51F314BEC8FCCC12D525D8E5B0560824E96967C301194DE38E515651698654D9A069B0F48434ABE5BDCA3
Malicious:	false
Reputation:	low
IE Cache URL:	https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg
Preview:	......JFIF.............C....................................................................C............................................................................"..........................................g...........................!1..Qaq..."2AR.....UV...36BST....#5bt..CFWrs...$4%8Du....de(9v......)Ecf...................................:.............................!QSa.1AT......5q"2BR.3bs..r............?..S..<I.%..3...c.79......N..k.,......0.t..RJ..G+..x.....S....~.K...X..........=.Y..F..."..lQ3NI..e\.n..q.G....F..i*x5=..<7F..BY^..r.q...d..v.KZ.....5....Y;.=.....kTr..Z.h.~.cr&...f...:a.$.X._.....L.s.i...)&@ZSa.X..J{....N.(X..[....\.q..52DP>.......i.dL.I,k..U..&h...2a.9..Z..5.......^..r.Vx......C.q.S.....q...c.`C...5..4..e.>.i$..}..3J1...n..Z.....j=Z.."..E<_.....p.......@.......................................................................................................................................................\.ku.y..-...cl.+z..F...1..9+..h.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pdf[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6830
Entropy (8bit):	7.849424154989951
Encrypted:	false
SSDEEP:	192:n6ND9AxRGozwHD0Ksf+GQUAU6Z0WoYGoKUcsgYRU:6xWRXwHmtfYGLUYIU
MD5:	F1E3F187F7C23FA8D1555004F3800356
SHA1:	E71E52A142E754399AE39EF38584789B66E9EA00
SHA-256:	DB307FCEF7F95139689007D7A623B340EC21282BD421C4E4B2BA09078F230545
SHA-512:	BD568B1C92D7C3B586E2EA7E9C47B08FD1171FF6615FA4F670F12950DC62315B58E6BB5336F50B111FF42B27558398DFF9715054A8E44F0A8B9CD1541F0BC07D
Malicious:	false
Reputation:	low
IE Cache URL:	https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf.png
Preview:	.PNG........IHDR.............\r.f... cHRM..z&..............u0...`..:....p..Q<....bKGD.............7IDATx..K....j.[....{..&....V6....np3...-.. $.qF..0.a....a6y...........&D.g.#.........;..aC..q.5.k....n..SU.T...Oj.[..w......:.....Nz....P.0..,..................b`..X........`10..,..................b`..X......U.@...?...Dfs..S....''.....y.I.'q.s...^.9........u.~qnn.......p.........?\u..Pz..&.>.E....)O....zzz.?..k.q#...;0..`Y...jaA.....S.\HF...#"...".dY:.O./..@.C)........f.I...<..;o.9..0... ..B.....I..&`.4...\|..1..9z...o.E...P..h...R..P.q...l....1....8....$..v.....q.q.j6.4555Vw.g..=:TJ......v\.6.%.).H(...._'.._.>.f...s].&.......j.U]..?2..-..rs....U.....7T0._.p..<........4.".\|S...C....L@=...Q..(,.^.S...`?@...f...1x......w.6.~....F......7....{.\....z..B.....d..;........F.&.... 3\.T........q..Fcq...9\|.&....A.....<........{..L 3,. ..1a...!(.`- .F.ASK&px..<p...D...d....W~g].........h.j.0.Y.....d...4dK. .F...`.Y`j..\.7SQ{_.f.AS.............\....S..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\v0[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	260053
Entropy (8bit):	5.369323142824894
Encrypted:	false
SSDEEP:	3072:1d1NMZo12NdZgOX2w/FU52Rw+o6y0OyCa:D1NMZoYNdNGw/FU5IeA
MD5:	76044E118D79DCF4046348A96A1ADF29
SHA1:	B290E62F428143D4E730E89EEAB96E7A9D0240C7
SHA-256:	4DDFCE71F7DB4C847F4410C9C4093D4182098D9A87646F6BE35AC9E65ADA543B
SHA-512:	EE62BB3330B64D944F522E5513CC08979661FF702FFCD02AE35795B9889D57973966190E735074BA2FB36A7572ACA5495BF0F70C36738BE8793E313B9FBEDCA1
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/v0.js
Preview:	self.AMP_CONFIG={"v":"012012301722001","type":"production","allow-doc-opt-in":["amp-next-page","analytics-chunks-inabox"],"allow-url-opt-in":["pump-early-frame"],"canary":0,"a4aProfilingRate":0.01,"adsense-ad-size-optimization":0.1,"amp-accordion-display-locking":1,"amp-action-macro":1,"amp-story-responsive-units":1,"amp-story-v1":1,"chunked-amp":1,"doubleclickSraExp":0.01,"doubleclickSraReportExcludedBlock":0.1,"expand-json-targeting":1,"fix-inconsistent-responsive-height-selection":0,"flexAdSlots":0.05,"intersect-resources":0,"ios-fixed-no-transfer":0,"pump-early-frame":1,"adsense-ptt-exp":0.1,"doubleclick-ptt-exp":0.1,"fie-resources":0.1,"visibility-trigger-improvements":1};/AMP_CONFIG/var global=self;self.AMP=self.AMP\|\|[];try{(function(_){.'use strict';var g,aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b};function ca(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\amp-loader-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	14986
Entropy (8bit):	5.442055514702969
Encrypted:	false
SSDEEP:	384:mSba5F4U5A4WR2vj5F4U5A4WR2vFinnHX+l:mD5F4U5A4WR2vj5F4U5A4WR2vEG
MD5:	F5256BD9CACED5B54BFF3ED3E7AD9D6B
SHA1:	4EA0EF3D3EE0A6A2CCFC324CB986A8C09C2FC824
SHA-256:	EA23401A3895913CEA6ED0EA456373C9081C4A116594B2306A994F15470BF34F
SHA-512:	9C232D49CECAA2396F4BAFFF0EDC637409AB78E041EEEB2D57E925621F7729CF53D679C1CCD1158246E33278EC75A26061B15412A878E8CDCE591027577870A9
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/rtv/012012301722001/v0/amp-loader-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-loader",v:"2012301722001",f:(function(AMP,_){.'use strict';var g=self.AMP_CONFIG\|\|{},k=("string"==typeof g.cdnProxyRegex?new RegExp(g.cdnProxyRegex):g.cdnProxyRegex)\|\|/^https:\/\/([a-zA-Z0-9_-]+\.)?cdn\.ampproject\.org$/;function l(a){if(self.document&&self.document.head&&(!self.location\|\|!k.test(self.location.origin))){var b=self.document.head.querySelector('meta[name="'+a+'"]');b&&b.getAttribute("content")}}g.cdnUrl\|\|l("runtime-host");g.geoApiUrl\|\|l("amp-geo-api");self.__AMP_LOG=self.__AMP_LOG\|\|{user:null,dev:null,userForEmbed:null};function m(a){a=a.__AMP_TOP\|\|(a.__AMP_TOP=a);var b=a.__AMP_SERVICES;b\|\|(b=a.__AMP_SERVICES={});a=b.extensions;a.obj\|\|(a.obj=new a.ctor(a.context),a.ctor=null,a.context=null,a.resolve&&a.resolve(a.obj));return a.obj};/. https://mths.be/cssescape v1.5.1 by @mathias \| MIT license /.var n;function p(a){a=a.ownerDocument\|\|a;n&&n.ownerDocument===a\|\|(n=a.createElement("div"));return q}function q(a){var b=n;b.innerHTML=a[0];

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	175
Entropy (8bit):	5.047535944462214
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCd4dSRI5XwDKLRIHDfFRWdFTfqzrZqcduTiGKOnkUYARNin:0IFFqdS+56ZRWHTizlpduTimJNin
MD5:	3A015FB2F44F9C2C0885F8B4F087B782
SHA1:	50D21ACD13DA2E6A233FE53F1058D9E35CDAE0DB
SHA-256:	7E23D171A94F7EBF386AD6E544368FFA22EC113B724E5916003F943F6B041A14
SHA-512:	36B6585DD500EB535F198900CB2ECC354DE468E5F67C0B1697E149885EC0468AB3A6877901D41119EBBCFFB31AD7D78F7BC660EF70ABBBF9A84ABD78B941AACA
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Neucha:400
Preview:	@font-face {. font-family: 'Neucha';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/neucha/v12/q5uGsou0JOdh94bfvQlr.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	172
Entropy (8bit):	5.057077814309068
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCPX7sRI5XwDKLRIHDfFRWdFTfqzrZqcdcAJICTOq7LSuMUYARNin:0IFFg+56ZRWHTizlpdcrCaYLSuNin
MD5:	C8F8B59F84161FE076FC915857FFD06F
SHA1:	B9C8C8492C55999F1188F66911935B3D0B38409F
SHA-256:	50A15F59ECB3FEBE2F62BA9DD4A12B93F7AB7E113D23A098E599F9041D1ADDFD
SHA-512:	BD7848DC190B7200E4D3D7BCFCE10D3A4E5E0DE587288DF2531A7D4183756B6C156543A1B82A609A677910DED237DFF32F95B244414AA14FA9DE86870F6F4EE7
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Forum:400
Preview:	@font-face {. font-family: 'Forum';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mfile[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	22197
Entropy (8bit):	5.833061488368081
Encrypted:	false
SSDEEP:	384:PReesgg2CtFgHdEXZDRbcOZrVorDYsCarDWWWlGhcTQmqLXJRquD2gqBzBO0:PHsgg2G6HdEXZDRSg8cchcxO0
MD5:	47D6CCFC553E918E0FC748756267866F
SHA1:	84EB468749227A656FA8BF1C9AD6CC601C01F19F
SHA-256:	CE3D11FC2297995D19C211B046134A7CFC3081CC5C4C5B5791562236D93D9B46
SHA-512:	D85ABFE968628CED336C4446CD890F10632952403AD950D446DB4F9947C0497523930B884152B6F23E89AD07EF2F919F435F4B2E58954E5E30B9243529DC99BD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mfile[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="images/favicon.ico?rev=45" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:bl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\amp-intersection-observer-polyfill-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12475
Entropy (8bit):	5.36778912603774
Encrypted:	false
SSDEEP:	192:AYRscGnKsnR8pncgHO8NN4BUcXalO/G8iQGRXOBM/Z5+p1ycO+HbXjyhXuV99QyJ:AYoAJHLwFipRCdFbye+h39j6
MD5:	9F81383065E00538C374286DFDA095C3
SHA1:	52A1A7CC4414862E71A92684FFB65774D778F081
SHA-256:	22611BBA3A501FEFB8F4BA7749809BD532AE504FB752DAD1D5A6C10AD861FAFD
SHA-512:	4535AB538871854EC6B504F0E3AEFA6007921FACBA831648542B31D59A514A71F6DEDF86967A5CFD1C7A77B3A0E8F1744DAFEC287D4E1CDFA8988EFB47C5E0A9
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/rtv/012012301722001/v0/amp-intersection-observer-polyfill-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-intersection-observer-polyfill",v:"2012301722001",f:(function(AMP,_){.'use strict';function B(c){for(var f=["object"==typeof globalThis&&globalThis,c,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],e=0;e<f.length;++e){var k=f[e];if(k&&k.Math==Math)return}(function(){throw Error("Cannot find global object");})()}B(this);.function F(){(function(){function c(a){try{return a.defaultView&&a.defaultView.frameElement\|\|null}catch(b){return null}}function f(a){this.time=a.time;this.target=a.target;this.rootBounds=E(a.rootBounds);this.boundingClientRect=E(a.boundingClientRect);this.intersectionRect=E(a.intersectionRect\|\|z());this.isIntersecting=!!a.intersectionRect;var b=this.boundingClientRect,d=b.widthb.height,g=this.intersectionRect,h=g.widthg.height;this.intersectionRatio=d?Number((h/d).toFixed(4)):this.isIntersecting?.1:0}function e(a,b){b=b\|\|{};if("function"!=typeof a)throw Error("callback must be a functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\amp-mustache-0.2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	36278
Entropy (8bit):	5.511282334881756
Encrypted:	false
SSDEEP:	768:XPBgluaZE0cYUS6KIv72SMkPH3hsUekoDJBzYXYNW+e05l:UdZEL2ksUeLq6ttl
MD5:	8B41DA4B6B319D3F8E9F1E3DAE1CA8A9
SHA1:	8639EF63F16BBD2BC53D59083E734CE07AAAEB0B
SHA-256:	18980A3ABB4D681235F6C00E44BE13D6DB484681B1361AF1999066485C78FDFF
SHA-512:	9FDBC4AE128C0312BB5E7E87004A0D53DCE7B8B88CB2D0C87B43DED44C122981274154316FE049EF536E589655E930E8A6DAF02ABC18927A86BB65D8F070B3E5
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/v0/amp-mustache-0.2.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-mustache",v:"2012301722001",f:(function(AMP,_){.'use strict';var z;function aa(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++c){var d=b[c];if(d&&d.Math==Math)return}(function(){throw Error("Cannot find global object");})()}aa(this);"function"===typeof Symbol&&Symbol("x");var ca="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},da;.if("function"==typeof Object.setPrototypeOf)da=Object.setPrototypeOf;else{var na;a:{var oa={a:!0},pa={};try{pa.__proto__=oa;na=pa.a;break a}catch(a){}na=!1}da=na?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var qa=da;function va(a,b){var c=b=void 0===b?"":b;try{return decodeURIComponent(a)}catch(d){return c}};var wa=/(?:^[#?]?\|&)([^=&]+)(?:=([^&]*))?/g;var J=self.AMP_CONFIG\|\|{},xa=("string"==typ

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1800
Entropy (8bit):	7.684986795686894
Encrypted:	false
SSDEEP:	48:0rnMpqLQ8Ai8eL6mSRHIFcJlNK28vgNEPY:0LMpqaiRL6fIFcb6BPY
MD5:	7A171A1BC5BD4C43DF195ADFEADDEB3D
SHA1:	3C144DCED2C3BBD498777DC32ACC3679E470FC44
SHA-256:	A4DC520571540D3661034628E72005CC9C52E022C67526DC7BD20B7C12CBD615
SHA-512:	2C149208ED7884ED6C2EA7F3CA822817B20226F417CE0EC51CCD0A7BD039EEDE36D477AA934D671C2E249709533E81877BE0A2213CBBF774DCD1F4E6A14E912D
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png
Preview:	.PNG........IHDR....................PLTE.....................................................................................................................................................tRNS.+:...R..5.$.gy.B...K].......o....b..1.F..~e>1....IDATx..i..0....<PqA...kw......B2...>._....IH&...............7?p..p..;c.<.`.z....q.@kv.. 2.^...z.....O.:m...9>....".z...&.....l...k.R..\|......t(...1..E.ZWg3./fR.W..X.....3.#.,;.Z......b.....TL..9.c-.'.h.b../.k-\..Q..j..\1...w.u..(......j..'.....h._;.q....#.t...V.6Fo...F..w}j.#.y..O.._=...Z...y{J.....B..i...@.x.V.q.....;L...bJp.".k......c[.AO.+..eZD-.(..iH.o.wA..V0.fv..j...j...5n.....2.xT?..3>....6E+../....k...O....m..i...n. .JKi.:.,....36...[....y..........);6n.....uS..k.....p...0...)....HeY.{.d...&...Y.....VXK..x...h.2....@.`.-L2.. ..D...J..t..4.&.N..;....UJ....%....;.....I.....swR...0..."{.._.s..^.ES.e.0.VM...Bt..2P]...D/@$IGd-......r...>Q+!.3VICGvY..z...C.B.Ml..'.U...?...*,....'^dz.Z."yx7!.0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\03OIYGP2.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	36338
Entropy (8bit):	5.157731420366808
Encrypted:	false
SSDEEP:	768:8y0DlkvJOdKkUGfkxXjwWSwOsZ4aGuejvgCijX:WDlCOdKk7IkWSwOsZ4a7ejvgT
MD5:	659A68F9335B456C05723AAC85236444
SHA1:	195AE093F4DCCB8B9E44286558C958ECF54B946A
SHA-256:	EC9E36F1DF4E04F42C3D0A1F1531D8B19DE55A35EFF85EC73CEE3D9A937AA733
SHA-512:	FA078D7D8AA29762AC71071849E856A55BA1C5CA835F0C5F97059080B362A649AB79AE6DE431977274E837BB0315AD40E21F77C82EA6833D2403F7C4A4A861CA
Malicious:	false
Reputation:	low
IE Cache URL:	https://217023.8b.io/
Preview:	<!DOCTYPE html>.<html amp>.<head>. Site made with 8b Website Builder v0.0.0.0, https://8b.com -->. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="generator" content="8b v0.0.0.0, 8b.com">. <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1">. <link rel="shortcut icon" href="https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png" type="image/x-icon">. <meta name="description" content="">. <title>2233</title>. .<link rel="canonical" href="https://217023.8b.io/">. <style amp-boilerplate>body{-webkit-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-moz-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-ms-animation:-amp-start 8s steps(1,end) 0s 1 normal both;animation:-amp-start 8s steps(1,end) 0s 1 normal both}@-webkit-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-moz-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-ms-keyfram

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\6aey4Ky-Vb8Ew8IROpQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 30208, version 1.1
Category:	downloaded
Size (bytes):	30208
Entropy (8bit):	7.982638126084365
Encrypted:	false
SSDEEP:	768:YTZ6XBcgqEOWcLaKUD2LPdndYiTJ7r08x9mQh07Eo63/aMuP:YTZIB+EOG/O1l5r08xMQh07EBiP
MD5:	B1C4BE7C6BB01AB2125BEE6D723CD52E
SHA1:	F3006406A5E4B33C0248661B1201A3B23D0DE267
SHA-256:	A4A8AC69ACE5555AA9BF5AF6824B8D1AFDB0BFA404EE63103AC7AF09859634CD
SHA-512:	5FF9DB28D72598A3CB1A3CA76C16D48B2C93005030569EE78B1984D717B7FD6F91E0FD78621B4269682D126AA99C8DA4FC732DDF4940817A1E9F64FD33074394
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff
Preview:	wOFF......v........H........................GPOS.......!.....?.SOS/2.......Q...`....VDMX......./....h.prcmap...(.......R.E.Icvt .......(...(.h.1fpgm...........s.Y.7gasp................glyf......R.....\.Nhdmx..e....M.....f..head..n....3...6..'&hhea..o,.......$.R.Mhmtx..oL.......8m...loca..q0.........z.Mmaxp..r.... ... ....name..r....%....=.Stpost..t....K....:.={prep..ud........qu..x.,..p]Q.E....mkX.m.m.6...A...`..p.A2Q.G....... ..8zv..8HA.q...=O...C3G..3g=.1W.."..]..........U....>...w._._.)P'....^.l......$\|V..VQK..i^...".&i{.K.....5..>E..#.1..e.1...L..cV2.....:UW.o.f...Y...!....d.[..R...p....?....'.H..FC...&...BV.....!/..O..R."...e)GyP.JT...A-...4....Dg..~.d(...(&2...b.s..\|...%,e....f.......'8.)Ns...............TPSI>RY.SEM5.J.uk.O.J_....e..f..d..m..l...P.1..yY..Y..Z........2oM.V(.l,c..xA..UD..Q@K..R.!.."!..VBX./..C...vb.....3...%t!.a.2B)..1B(...>....&.\|y..<...{......z.M.IEg7....o.j..O...njg.MP..Km..{[.m.m..X.>jc.Nm...6..l....)jC..R{..Ij.-...vp.......v.Z7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amp-auto-lightbox-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	5069
Entropy (8bit):	5.4494399468635635
Encrypted:	false
SSDEEP:	96:9sZVrZkAwc4nrhUAj87jdjEJaDv3/p3+e6HXFLE58M:o7wc4nrq1jEKv3xr6HNE57
MD5:	7012ACC9D81E0AF71AC19EDFD85AAF87
SHA1:	56D9539EF3E0D57B978F52279142273A851D7FD7
SHA-256:	C9029AE9DCAF52BD278EBC3A87DE7340F47F3050780994EFCBBFF06A7FD62E6C
SHA-512:	DC4A56445E3FF16627B34CE9751CC23B775B0C71EEA9480A16C8C5E15391978E08E19E49987D5012A0DF0824173F7B539AB26DFACCA8271ECB127CE518AB86C6
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/rtv/012012301722001/v0/amp-auto-lightbox-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-auto-lightbox",v:"2012301722001",f:(function(AMP,_){.'use strict';function k(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++c){var d=b[c];if(d&&d.Math==Math)return}(function(){throw Error("Cannot find global object");})()}k(this);"function"===typeof Symbol&&Symbol("x");var m;function n(){var a,b;this.promise=new Promise(function(c,d){a=c;b=d});this.resolve=a;this.reject=b};function p(a){return a?Array.prototype.slice.call(a):[]};var q=self.AMP_CONFIG\|\|{},r=("string"==typeof q.cdnProxyRegex?new RegExp(q.cdnProxyRegex):q.cdnProxyRegex)\|\|/^https:\/\/([a-zA-Z0-9_-]+\.)?cdn\.ampproject\.org$/;function t(a){if(self.document&&self.document.head&&(!self.location\|\|!r.test(self.location.origin))){var b=self.document.head.querySelector('meta[name="'+a+'"]');b&&b.getAttribute("content")}}q.cdnUrl\|\|t("runtime-host");q.geoApiUrl\|\|t("amp-geo-api")

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mfile[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	242
Entropy (8bit):	5.0737173888397455
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nP3GNKYMJfw+KqD:J0+ox0RJWWP3ezMRT
MD5:	B8664C5CB94E26F82CBA5DDD725810B8
SHA1:	C4BD14AF6073721229AEE0A7D0611F7EE3DE5027
SHA-256:	30089A819C8CD726BECD00C6088A23C250ACCDF0DB5282BC1516A0E0F83C2469
SHA-512:	FF9C5965B618A75322BE6274F606887B9AAB20BC50E451132F1D1A0E762D45A89661F3E3147C62F869B0B113BFDBEA80EDFDC65A2BDBEB90146CA2667B8D495D
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://lacecompound.com/sm/mfile/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Temp\datBA90.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 2532, version 2.24904
Category:	dropped
Size (bytes):	2532
Entropy (8bit):	7.627755614174705
Encrypted:	false
SSDEEP:	48:WGMiY6elIk7QuaqrjRh4pi6j4fN6+XRsnBBpr+bes:WRBLlIoQuHfRh4pi6sfPGnDFs
MD5:	10600F6B3D9C9BE2D2B2CE58D2C6508B
SHA1:	421CA4369738433E33348785FE776A0C839605D5
SHA-256:	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
SHA-512:	B6C04F3068EB7DAC8F782BDED0FE815B4FE5A9BECCF0B561D6CEAEAA7365919A39710B2D1AD58D252330476AA836629B3C62C84FABFA6DC4BCF1C8F055D66C1C
Malicious:	false
Reputation:	low
Preview:	wOFF..................aH....................OS/2...D...H...`1Wp.cmap.......I...b..ocvt ....... .......fpgm...........Y...gasp................glyf.............Whead.......2...6.tJ.hhea...........$....hmtx................loca.............X.hmaxp...,....... .y..name...L...........Mpost...D....... .Q.}prep...X........x...x.c`aog......:....Q.B3_dHc..`e.bdb... .`@..`.....,9.\|...V...)00...C..x.c```f.`..F.......\|... ........\..K..n.,..g`@.I\|.8"vYl.....p...0..........x.c.b.e(`h`X.......x............x.]..N.@..s$..'@:!.uC....K$.%%...J.......n..b.........\|.s...\|v..G*)V.7........!O.6eaL.yV.e.j..kN..M.h....Lm....-b....p.N.m.v.....U<..#...O.}.K..,V..&...^...L.c.x.....?ug..l9e..Ns.D....D...K........m..A.M....a.....g.P..`....d.............x..R.K.1...$....g-.B.Vq..m..Z..T..@\t.E...7X...:.).c... ].{.Q.[7'...`.^...&....{y<..N.....t...6..f....\.K1..Z}{.eA-..x.{....0P7p.....l........E...r....EVQ.....Q_.4.A.Z..;...PGs.o..Eo...{t...a.P.~...b,Dz.}.OXdp."d4."C.X..&,u.g.......r.c..j

C:\Users\user\AppData\Local\Temp\~DF35D918A5D4402B2C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.28883759889035865
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	BF5C20FE9AC2E37A2E98341C1C1B7CE8
SHA1:	4D05CA4074C665936792647919101E01DC83FDDB
SHA-256:	D2F5C6188CA81305EF7C440DA11470CB5542871AFEB6D7C6719E28A367536ADD
SHA-512:	42B370849E2871BA8EB96915013D3BD9545CEE8220C1E4237BCB5CA9606D876B8553E33A0E9CBBC9C00187FAC914A3111FEBC3751428E050B547C9A90AD17E2B
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFBBCE481DAF4343C1.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.48005770725532293
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loiF9loe9lWLvkPXKg2kvKgBgCv:kBqoIp/LvkPXd2kvdB5v
MD5:	11FE12E9FDFA76BBB3EDC1D5D0F1A28A
SHA1:	18F6BB28B66A0AB78426E01E88DA7060D2AF4705
SHA-256:	01ABBABDACBF5DA7281577FFF55EDBE081222C1C690D39D42B33EFDE61FF4AB9
SHA-512:	7B086E55DA29975819CABEE7571E8D32541C0AFDB08DC41996B4AB2B9CE8601B27D16C035BDB88CE22D43B8B3E713ADCC4181E6CA98AACD9380B494EDD956E20
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE679E51CD7555755.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	46819
Entropy (8bit):	0.9588807871049881
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+TtfW9VZFhL/hRNRHlQm2GQQa/pY5440XAZ7sh/:kBqoxKAuqR+TtfW9VZFhLhXQmt/Zuh
MD5:	EEF745AD9D071303ADB99A8C5A0F713E
SHA1:	8194571A317F70A7D03679F62816FF8315588364
SHA-256:	A52B60D46745CBA4B8C7FA9FC42760826DC948E6630D982F3633C8A433109220
SHA-512:	E691F75441224E976C4A8F7E1CFA51F3D315A72B82D3331BAF1C50203C72E654715DC570CAB7E5E37BB5C24EC4AE684A9CDB56BEE088AFC4660A913EA5EC47FA
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:24:23.685626984 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.685842991 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.812405109 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.812462091 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.812525988 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.812566042 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.818306923 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.818486929 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.944729090 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.944950104 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.945882082 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.945986986 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.946028948 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.946105957 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.946135998 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.946147919 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.946274042 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.946471930 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.946891069 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.946943998 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.946984053 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.947115898 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.947160006 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:23.947170019 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.947179079 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.947211981 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.980176926 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.980381966 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.986254930 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.986382008 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:23.986447096 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.107104063 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.107136965 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.107172966 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.107214928 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.107258081 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.107296944 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.107332945 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.107367039 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.108386993 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.109965086 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.112771988 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.112842083 CET	49713	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.112864017 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.112921953 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.155957937 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156056881 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.156105042 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156146049 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156172037 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.156183004 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156210899 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.156220913 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156245947 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.156270027 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156280994 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.156313896 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.156328917 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.156373978 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.234025002 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.234102011 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.234122038 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.234168053 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.234186888 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.234205008 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.234232903 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.234265089 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.239577055 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.239643097 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.239671946 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.239705086 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.276971102 CET	443	49713	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283008099 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283051968 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283104897 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283124924 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283139944 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283215046 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283226013 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283256054 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283272982 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283312082 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283329010 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283384085 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283415079 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283472061 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283489943 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283549070 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283557892 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283597946 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283615112 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283633947 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283653975 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283670902 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283690929 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283730984 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283739090 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283777952 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.283797026 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.283834934 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.360881090 CET	443	49712	52.201.120.251	192.168.2.3
Jan 13, 2021 19:24:24.361079931 CET	49712	443	192.168.2.3	52.201.120.251
Jan 13, 2021 19:24:24.537930012 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.538809061 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.585721970 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.585884094 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.586561918 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.586718082 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.635433912 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.637310028 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.637722015 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.683911085 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.684077978 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685108900 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685235977 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685475111 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685553074 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685600996 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685630083 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685640097 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685663939 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685682058 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685686111 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685704947 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685756922 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685760975 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685817003 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685833931 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685873985 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685925007 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685956001 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.685962915 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.685988903 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.686002016 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.686014891 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.686038971 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.686062098 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.686079979 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.686100006 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.686147928 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.695369005 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.695831060 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.696227074 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.696403027 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.696540117 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.715856075 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.716293097 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.733412981 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733484983 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733527899 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733566999 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733604908 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733644009 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733674049 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.733676910 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.733716011 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.733722925 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.733728886 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.733732939 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.733736992 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.739099979 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.739929914 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.743488073 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.743529081 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.743556023 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.743582010 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.743607998 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.743628025 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.744297981 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.745994091 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.746072054 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.746406078 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.746470928 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.747628927 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.747669935 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.747703075 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.747740030 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.750036955 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.750073910 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.750111103 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.750133038 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.751949072 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.752367973 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.752415895 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.752522945 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.754822016 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.754863977 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.754900932 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.754924059 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.757237911 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.757275105 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.757365942 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.757425070 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.759599924 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.759649038 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.759721994 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.759768009 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.762037992 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.762079000 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.762116909 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.762140989 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.763977051 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.764033079 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.764062881 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.764125109 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.764172077 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.764178991 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.764451027 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.764520884 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.764795065 CET	49718	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.787480116 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.787516117 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.787575006 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.787601948 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.787904978 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.787982941 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.788258076 CET	49719	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.791429043 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.791470051 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.791572094 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.791616917 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.792593002 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.792634010 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.792679071 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.792705059 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.795023918 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.795068026 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.795109034 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.795134068 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.797370911 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.797447920 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.797507048 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.797552109 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.799904108 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.799946070 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.800031900 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.800076962 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.802186012 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.802222967 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.802274942 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.802319050 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.804656029 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.804697037 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.804784060 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.804827929 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.807041883 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.807079077 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.807192087 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.807235956 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.809540033 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.809581041 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.809676886 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.809721947 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.811927080 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.811965942 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.812072039 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.812114954 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.814251900 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.814292908 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.814380884 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.814425945 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.816663980 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.816704988 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.816817045 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.816860914 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.818065882 CET	443	49718	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.819015980 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.819056988 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.819149017 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.819195032 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.821508884 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.821558952 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.821640015 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.821683884 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.823865891 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.823906898 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.823997974 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.824043989 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.826299906 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.826338053 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.826431036 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.826474905 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.828684092 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.828722954 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.828785896 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.828830004 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.831029892 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.831079960 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.831104994 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.831136942 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.833506107 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.833561897 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.833661079 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.833705902 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.835813999 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.835942984 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.839334011 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.839371920 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.839474916 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.839519978 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.840188980 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.840229988 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.840265989 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.840286016 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.841233969 CET	443	49719	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.841766119 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.841805935 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.841835022 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.841860056 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.843493938 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.843535900 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.843571901 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.843590021 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.844906092 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.844947100 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.845156908 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.846513987 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.846556902 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.846587896 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.846609116 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.848026991 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.848064899 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.848093033 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.848115921 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.849580050 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.849622011 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.849653006 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.849677086 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.851089954 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.851128101 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.851157904 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.851183891 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.852592945 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.852634907 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.852662086 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.852695942 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.854101896 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.854139090 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.854168892 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.854187965 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.855633974 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.855675936 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.855704069 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.855726957 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.857104063 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.857141972 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.857372999 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.858573914 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.858613014 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.858655930 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.858679056 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.860146046 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.860186100 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.860222101 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.860244989 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.861597061 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.861634970 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.861670017 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.861687899 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.863152981 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.863195896 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.863229036 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.863255978 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.864624023 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.864662886 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.864701986 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.864722967 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.864816904 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.866133928 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.866174936 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.866472960 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.867682934 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.867726088 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.867769957 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.867810011 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.869086981 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.869134903 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.869159937 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.869205952 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.870663881 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.870704889 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.870733023 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.870760918 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.872106075 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.872145891 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.872179031 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.872230053 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.873663902 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.873701096 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:24.873740911 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.873763084 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:24.918365002 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.328336000 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.376326084 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.377626896 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.377672911 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.377726078 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.377758026 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.377866983 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.377902985 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.377931118 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.377935886 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.377957106 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.377990007 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.378638983 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:25.378705978 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.780607939 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:25.834300041 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.063808918 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.064079046 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.114156961 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.114228010 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.114273071 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.114308119 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.117891073 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.118144989 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.119175911 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.166034937 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.166918039 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.166959047 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.167084932 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.167133093 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.167267084 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.167346954 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.167490959 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.167557955 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.167965889 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.168175936 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.169269085 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.170783997 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.170821905 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.170857906 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.170895100 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.170926094 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.170986891 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.171003103 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.174841881 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.176218033 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.183120966 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.183706045 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.183728933 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.183967113 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.184389114 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.221143007 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.225243092 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.225445986 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.226478100 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.226480961 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.226569891 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.227245092 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.233258009 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.233457088 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.233493090 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.233566046 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.233608007 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.233784914 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.233812094 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.233973026 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.234399080 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.234554052 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.234637976 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.234800100 CET	49722	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.235405922 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.235524893 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.236126900 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.236213923 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.236664057 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.246665001 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.276714087 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.277561903 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.281048059 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.281090021 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.281289101 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.283113956 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.283150911 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.283210039 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.283262968 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.286665916 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.292639017 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.292968035 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.293189049 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.293205023 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.293489933 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.294547081 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.295551062 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.295594931 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.295660973 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.295711994 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.295881987 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.295921087 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.295960903 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.295967102 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.296025991 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.296542883 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.296619892 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.296762943 CET	49717	443	192.168.2.3	108.177.119.132
Jan 13, 2021 19:24:26.325932026 CET	443	49722	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343044043 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343163967 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343323946 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343429089 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343636036 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343668938 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343753099 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.343839884 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.343888044 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.344485998 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.344643116 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.344922066 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.345011950 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.345360041 CET	49725	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.345957994 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.350184917 CET	443	49717	108.177.119.132	192.168.2.3
Jan 13, 2021 19:24:26.354527950 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.354572058 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.354609966 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.354635954 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.354666948 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.354672909 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.354711056 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.354769945 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.354860067 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.355556965 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.355601072 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.355675936 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.355762959 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.356717110 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.356758118 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.356822968 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.356908083 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.357928991 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.357975006 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.358151913 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.359149933 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.359186888 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.359271049 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.359332085 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.360277891 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.360317945 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.360373974 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.360441923 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.361478090 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.361521006 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.361592054 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.361665010 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.362624884 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.362672091 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.362735033 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.362823009 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.363792896 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.363828897 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.363871098 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.363895893 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.364989996 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.365030050 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.365061998 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.365098000 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.366202116 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.366244078 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.366286993 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.366314888 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.367372036 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.367413998 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.367465019 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.367486000 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.368558884 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.368597984 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.368638039 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.368657112 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.394942999 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.394985914 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.395054102 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.395103931 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.395390987 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.395427942 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.395469904 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.395492077 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.395526886 CET	443	49725	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.396576881 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.405025959 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.405071020 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.405149937 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.405216932 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.405467033 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.405517101 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.405553102 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.405603886 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.406677961 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.406718969 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.406764984 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.406810045 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.407910109 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.407958984 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.407999992 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.408050060 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.409044027 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.409085035 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.409128904 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.409189939 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.410223007 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.410260916 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.410310030 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.410347939 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.411375999 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.411417007 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.411461115 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.411510944 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.412570953 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.412619114 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.412664890 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.412705898 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.413762093 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.413804054 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.413840055 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.413867950 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.414968967 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.415009975 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.415055037 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.415079117 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.416120052 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.416160107 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.416215897 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.416240931 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.417325974 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.417380095 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.417412996 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.417485952 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.418462038 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.418504000 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.418544054 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.418562889 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.419644117 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.419692993 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.419723988 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.419748068 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.420938969 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.420980930 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.421020031 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.421061993 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.422008991 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.422056913 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.422090054 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.422112942 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.423196077 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.423238039 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.423265934 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.424386978 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.424423933 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.424439907 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.424460888 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.424499989 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.425579071 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.425616026 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.425658941 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.425678015 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.426738977 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.426780939 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.426814079 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.426836967 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.427957058 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.427994967 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.428030968 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.428055048 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.429128885 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.429169893 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.429236889 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.429282904 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.430280924 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.430319071 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.430356026 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.430383921 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.431473017 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.431504965 CET	443	49724	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.431549072 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.431569099 CET	49724	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.479260921 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.479302883 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.479340076 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.479365110 CET	443	49723	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:26.479384899 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.479429007 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:26.479490042 CET	49723	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:39.959846973 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.010175943 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.010299921 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.013096094 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.063282967 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.072968960 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.073023081 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.073067904 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.073108912 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.080708981 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.131016970 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.132008076 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.132112026 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.134840012 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:40.185118914 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.425867081 CET	443	49734	104.24.104.39	192.168.2.3
Jan 13, 2021 19:24:40.425981045 CET	49734	443	192.168.2.3	104.24.104.39
Jan 13, 2021 19:24:42.511133909 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.512321949 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.582367897 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.582390070 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.582493067 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.582525969 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.583517075 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.584039927 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.653408051 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.653913021 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.653947115 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.653975010 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.653997898 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.654031992 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.654078960 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.654087067 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.654093027 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.655092001 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.655378103 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.655400991 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.655421972 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.655436039 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.655457973 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.655483007 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.655524015 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.656095982 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.656172991 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.656187057 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.656244040 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.801793098 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.802042961 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.802246094 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.874700069 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.874800920 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.874900103 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.875010967 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.875094891 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:42.875180006 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.879683018 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:42.988980055 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.947069883 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.947257042 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.947953939 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948000908 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948036909 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948075056 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948085070 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948116064 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948127031 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948159933 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948165894 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948194027 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948194981 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948215008 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948231936 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948244095 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948270082 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:43.948287964 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:43.948318005 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.017327070 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.017376900 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.017677069 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.018529892 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.018573999 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.018605947 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.018610954 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.018639088 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.018659115 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.018661022 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.018702984 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.018718958 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.018753052 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.018795013 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.019321918 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.019375086 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.080818892 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.100338936 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.100537062 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.153470039 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.153651953 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.208581924 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.280860901 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.280977964 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.285418034 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.357296944 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:44.357469082 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:44.385788918 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.386603117 CET	49738	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.433980942 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.434433937 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.434746027 CET	443	49738	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.434838057 CET	49738	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.435446024 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.435473919 CET	49738	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.485568047 CET	443	49738	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.485594988 CET	443	49738	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.485610962 CET	443	49738	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.485627890 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.485646009 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.485658884 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.486016989 CET	49738	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.486130953 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.500641108 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.500669003 CET	49738	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.501487017 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.548738956 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.550228119 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.550257921 CET	443	49738	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.550321102 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.550348043 CET	49738	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.638601065 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.638672113 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.638712883 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.638717890 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.638751984 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.638761997 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.638767958 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.638791084 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.638811111 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.638837099 CET	443	49737	104.146.245.41	192.168.2.3
Jan 13, 2021 19:24:44.638851881 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:44.638900995 CET	49737	443	192.168.2.3	104.146.245.41
Jan 13, 2021 19:24:49.105042934 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:49.105079889 CET	443	49736	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:49.105210066 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:49.105253935 CET	49736	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:49.362132072 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:49.362174034 CET	443	49735	195.181.244.134	192.168.2.3
Jan 13, 2021 19:24:49.362216949 CET	49735	443	192.168.2.3	195.181.244.134
Jan 13, 2021 19:24:49.362255096 CET	49735	443	192.168.2.3	195.181.244.134

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:24:18.647885084 CET	64185	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:18.696011066 CET	53	64185	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:19.854541063 CET	65110	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:19.902832985 CET	53	65110	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:20.678781986 CET	58361	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:20.727063894 CET	53	58361	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:21.513556957 CET	63492	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:21.572916031 CET	53	63492	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:22.515542984 CET	60831	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:22.575056076 CET	53	60831	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:22.775511980 CET	60100	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:22.826328039 CET	53	60100	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:23.611802101 CET	53195	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:23.666194916 CET	50141	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:23.675849915 CET	53	53195	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:23.716963053 CET	53	50141	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:24.335514069 CET	53023	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:24.392066956 CET	53	53023	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:24.480214119 CET	49563	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:24.536294937 CET	53	49563	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:24.735043049 CET	51352	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:24.782927036 CET	53	51352	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:26.004601955 CET	59349	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:26.061570883 CET	53	59349	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:26.072170019 CET	57084	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:26.136073112 CET	58823	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:26.171911001 CET	53	57084	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:26.183912039 CET	53	58823	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:26.914899111 CET	57568	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:26.962816954 CET	53	57568	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:27.706162930 CET	50540	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:27.756886959 CET	53	50540	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:28.519021034 CET	54366	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:28.568106890 CET	53	54366	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:29.359289885 CET	53034	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:29.407505989 CET	53	53034	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:30.656039000 CET	57762	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:30.703989983 CET	53	57762	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:31.572029114 CET	55435	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:31.620037079 CET	53	55435	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:32.481456995 CET	50713	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:32.532480955 CET	53	50713	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:39.897914886 CET	56132	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:39.957340002 CET	53	56132	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:42.142231941 CET	58987	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:42.508584023 CET	53	58987	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:44.262964964 CET	56579	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:44.383820057 CET	53	56579	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:47.609656096 CET	60633	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:47.657654047 CET	53	60633	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:52.509288073 CET	61292	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:52.557375908 CET	53	61292	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:53.172055006 CET	63619	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:53.228282928 CET	53	63619	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:53.513302088 CET	61292	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:53.569555998 CET	53	61292	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:54.185372114 CET	63619	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:54.241776943 CET	53	63619	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:54.528206110 CET	61292	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:54.584810019 CET	53	61292	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:55.197503090 CET	63619	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:55.245729923 CET	53	63619	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:56.543057919 CET	61292	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:56.591589928 CET	53	61292	8.8.8.8	192.168.2.3
Jan 13, 2021 19:24:57.213306904 CET	63619	53	192.168.2.3	8.8.8.8
Jan 13, 2021 19:24:57.261337996 CET	53	63619	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 13, 2021 19:24:23.611802101 CET	192.168.2.3	8.8.8.8	0x76b9	Standard query (0)	217023.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:24.480214119 CET	192.168.2.3	8.8.8.8	0xe57c	Standard query (0)	cdn.ampproject.org	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.004601955 CET	192.168.2.3	8.8.8.8	0x961	Standard query (0)	app.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.072170019 CET	192.168.2.3	8.8.8.8	0x230b	Standard query (0)	r.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:39.897914886 CET	192.168.2.3	8.8.8.8	0xdbf3	Standard query (0)	app.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:42.142231941 CET	192.168.2.3	8.8.8.8	0x65e9	Standard query (0)	lacecompound.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:44.262964964 CET	192.168.2.3	8.8.8.8	0x13c4	Standard query (0)	vikinggenetics-my.sharepoint.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 13, 2021 19:24:23.675849915 CET	8.8.8.8	192.168.2.3	0x76b9	No error (0)	217023.8b.io	proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:24:23.675849915 CET	8.8.8.8	192.168.2.3	0x76b9	No error (0)	proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com		52.201.120.251	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:23.675849915 CET	8.8.8.8	192.168.2.3	0x76b9	No error (0)	proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com		52.7.227.232	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:24.536294937 CET	8.8.8.8	192.168.2.3	0xe57c	No error (0)	cdn.ampproject.org	cdn-content.ampproject.org		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:24:24.536294937 CET	8.8.8.8	192.168.2.3	0xe57c	No error (0)	cdn-content.ampproject.org		108.177.119.132	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.061570883 CET	8.8.8.8	192.168.2.3	0x961	No error (0)	app.8b.io		104.24.104.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.061570883 CET	8.8.8.8	192.168.2.3	0x961	No error (0)	app.8b.io		172.67.215.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.061570883 CET	8.8.8.8	192.168.2.3	0x961	No error (0)	app.8b.io		104.24.105.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.171911001 CET	8.8.8.8	192.168.2.3	0x230b	No error (0)	r.8b.io		104.24.104.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.171911001 CET	8.8.8.8	192.168.2.3	0x230b	No error (0)	r.8b.io		104.24.105.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:26.171911001 CET	8.8.8.8	192.168.2.3	0x230b	No error (0)	r.8b.io		172.67.215.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:39.957340002 CET	8.8.8.8	192.168.2.3	0xdbf3	No error (0)	app.8b.io		104.24.104.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:39.957340002 CET	8.8.8.8	192.168.2.3	0xdbf3	No error (0)	app.8b.io		172.67.215.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:39.957340002 CET	8.8.8.8	192.168.2.3	0xdbf3	No error (0)	app.8b.io		104.24.105.39	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:42.508584023 CET	8.8.8.8	192.168.2.3	0x65e9	No error (0)	lacecompound.com		195.181.244.134	A (IP address)	IN (0x0001)
Jan 13, 2021 19:24:44.383820057 CET	8.8.8.8	192.168.2.3	0x13c4	No error (0)	vikinggenetics-my.sharepoint.com	vikinggenetics.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:24:44.383820057 CET	8.8.8.8	192.168.2.3	0x13c4	No error (0)	vikinggenetics.sharepoint.com	614-ipv4e.clump.prod.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:24:44.383820057 CET	8.8.8.8	192.168.2.3	0x13c4	No error (0)	614-ipv4e.clump.prod.aa-rt.sharepoint.com	17825-ipv4e.farm.prod.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:24:44.383820057 CET	8.8.8.8	192.168.2.3	0x13c4	No error (0)	17825-ipv4e.farm.prod.aa-rt.sharepoint.com	17825-ipv4.farm.prod.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:24:44.383820057 CET	8.8.8.8	192.168.2.3	0x13c4	No error (0)	17825-ipv4.farm.prod.aa-rt.sharepoint.com		104.146.245.41	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 13, 2021 19:24:23.946274042 CET	52.201.120.251	443	192.168.2.3	49713	CN=8b.io CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Jul 09 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Aug 09 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:24:23.947160006 CET	52.201.120.251	443	192.168.2.3	49712	CN=8b.io CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Jul 09 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Aug 09 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 19:24:24.685760975 CET	108.177.119.132	443	192.168.2.3	49718	CN=misc-sni.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:44:18 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:44:17 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:24.685760975 CET	108.177.119.132	443	192.168.2.3	49718	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:24.686079979 CET	108.177.119.132	443	192.168.2.3	49717	CN=misc-sni.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:44:18 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:44:17 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:24.686079979 CET	108.177.119.132	443	192.168.2.3	49717	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:24.733676910 CET	108.177.119.132	443	192.168.2.3	49719	CN=misc-sni.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:44:18 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:44:17 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:24.733676910 CET	108.177.119.132	443	192.168.2.3	49719	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.170821905 CET	104.24.104.39	443	192.168.2.3	49722	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.170821905 CET	104.24.104.39	443	192.168.2.3	49722	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.170895100 CET	104.24.104.39	443	192.168.2.3	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.170895100 CET	104.24.104.39	443	192.168.2.3	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.281090021 CET	104.24.104.39	443	192.168.2.3	49724	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.281090021 CET	104.24.104.39	443	192.168.2.3	49724	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.283150911 CET	104.24.104.39	443	192.168.2.3	49725	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:26.283150911 CET	104.24.104.39	443	192.168.2.3	49725	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:24:40.073023081 CET	104.24.104.39	443	192.168.2.3	49734	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Jan 13, 2021 19:24:40.073023081 CET	104.24.104.39	443	192.168.2.3	49734	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		37f463bf4616ecd445d4a1937da06e19
Jan 13, 2021 19:24:42.656095982 CET	195.181.244.134	443	192.168.2.3	49735	CN=lacecompound.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Jan 09 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Apr 10 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Jan 13, 2021 19:24:42.656172991 CET	195.181.244.134	443	192.168.2.3	49736	CN=lacecompound.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Jan 09 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Apr 10 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5936 Parent PID: 792

General

Start time:	19:24:21
Start date:	13/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff717c30000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4744 Parent PID: 5936

General

Start time:	19:24:22
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5936 CREDAT:17410 /prefetch:2
Imagebase:	0x120000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://217023.8b.io/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5936 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4744 Parent PID: 5936

General

Chronological Activities

Disassembly