Play interactive tour

Edit tour

Analysis Report http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com

Overview

General Information

Sample URL:	http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com
Analysis ID:	345132
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish_10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Invalid T&C link found

Suspicious form URL found

URL contains potential PII (phishing indication)

Classification

Startup

System is w10x64

iexplore.exe (PID: 6904 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6956 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6904 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterpassword[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 562258.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterpassword[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: https://805dentist.com/P2/images/0.jpg

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Show sources

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=

Matcher: Template: microsoft matched

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Number of links: 0
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Number of links: 0

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Invalid link: Forgot my password
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Invalid link: Forgot my password

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Invalid link: Privacy & cookies
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Invalid link: Terms of use
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Invalid link: Privacy & cookies
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Invalid link: Terms of use

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Form action: submit.php
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: Form action: submit.php

Source: http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com	Sample URL: PII: @20@40@
Source: http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com	Sample URL: PII: apeterson@ariasolutions.com

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: No <meta name="author".. found
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: No <meta name="author".. found

Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: No <meta name="copyright".. found
Source: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 144.91.114.96:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.91.114.96:443 -> 192.168.2.4:49760 version: TLS 1.2

Networking:

Source: global traffic

HTTP traffic detected: GET /@20@40@ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: mcftbkd.deliberh.storeConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: mcftbkd.deliberh.store

Source: {61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat.1.dr, P1[1].htm.2.dr	String found in binary or memory: https://805dentist.com/P1/
Source: {61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF31A818EA6B2EEE11.TMP.1.dr	String found in binary or memory: https://805dentist.com/P1/#apeterson
Source: P1[1].htm0.2.dr	String found in binary or memory: https://805dentist.com/P2/?email=
Source: {61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF31A818EA6B2EEE11.TMP.1.dr	String found in binary or memory: https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10e
Source: imagestore.dat.2.dr	String found in binary or memory: https://805dentist.com/P2/images/favicon.png%

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768

Source: unknown	HTTPS traffic detected: 144.91.114.96:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.91.114.96:443 -> 192.168.2.4:49760 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal56.phis.win@3/16@3/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61EF5F7A-60C6-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5E77D43CAB806751.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6904 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6904 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
805dentist.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://805dentist.com/P1/#apeterson	0%	Avira URL Cloud	safe
https://805dentist.com/P2/?email=	0%	Avira URL Cloud	safe
http://mcftbkd.deliberh.store/@20@40@	0%	Avira URL Cloud	safe
https://805dentist.com/P1/	0%	Avira URL Cloud	safe
https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10e	0%	Avira URL Cloud	safe
https://805dentist.com/P2/images/favicon.png%	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
805dentist.com	144.91.114.96	true	false	0%, Virustotal, Browse	unknown
mcftbkd.deliberh.store	199.188.200.234	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://mcftbkd.deliberh.store/@20@40@	false	Avira URL Cloud: safe	unknown
https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://805dentist.com/P1/#apeterson	{61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF31A818EA6B2EEE11.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://805dentist.com/P2/?email=	P1[1].htm0.2.dr	false	Avira URL Cloud: safe	unknown
https://805dentist.com/P1/	{61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat.1.dr, P1[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10e	{61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DF31A818EA6B2EEE11.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://805dentist.com/P2/images/favicon.png%	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
199.188.200.234	unknown	United States		22612	NAMECHEAP-NETUS	false
144.91.114.96	unknown	Germany		51167	CONTABODE	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	345132
Start date:	27.01.2021
Start time:	18:37:06
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/16@3/2
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 104.108.39.131, 51.11.168.160, 95.101.22.216, 95.101.22.224, 152.199.19.161, 52.155.217.156 Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, arc.msn.com.nsatc.net, ie9comview.vo.msecnd.net, displaycatalog.md.mp.microsoft.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus17.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, cs9.wpc.v0cdn.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61EF5F7A-60C6-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.85387924625156
Encrypted:	false
SSDEEP:	192:r9Z+ZX2H9WQtzifG8uzM/2B6wDksf78PjX:rTqGHU0U/2Bz0
MD5:	09865E1CE569B5E77B2004A1F2CBB587
SHA1:	7CCBDE1D6E6274F231A0BD0E08E4512FBF68782C
SHA-256:	003C7E1D0BB3BA481AB3261C7C62C7695B64E6F23A86ED868B409D87D7303B1E
SHA-512:	B034C25ABDEC2C29962D971D3C8F9142A338B0F8844BBF807602F1C792F5B0F923D6B97317248FF416CF060A2AFF00CBACA2212C5807859CFFF4A431D2A42006
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61EF5F7C-60C6-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	32818
Entropy (8bit):	2.123578254057809
Encrypted:	false
SSDEEP:	768:XQiRRRR0RRMRRRR9RRRRqRRRRMRRRRlRRRRO:X9RRRR0RRMRRRR9RRRRqRRRRMRRRRlRk
MD5:	7F51E0E9E28401AAA4DEE3BF781CBA10
SHA1:	A8551795ED1E81C714B786645FC1020B90892F2E
SHA-256:	FD3579137A7600C3B3E1ADF08ADF9ADBE424ACE4B4D0AF11D09E51B768C300F3
SHA-512:	501504A366E3F26227B8702E2B3E11AB037EAE4D3621CF31522F2E7559D12DB0837C4AE733FE994E3CDC94D5584D4880E4F7DEF487724EDDB49D35CF51AD8D55
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C1FA9EE-60C6-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5654465043801657
Encrypted:	false
SSDEEP:	48:Iw4GcprYGwpaZG4pQlGrapbSkrGQpKgG7HpRKsTGIpG:rMZAQ76VBSkFA7TK4A
MD5:	F46BD328788BCEA074C08C74CE42DF30
SHA1:	CA17B2EB2EDA253F68C9D420159A36CDD4090C19
SHA-256:	74043507A8CD52FE20D12475512398363D4E6B79C7F07DAFA740756F1ED42FE1
SHA-512:	0B73BD05AA958995D2EC8F4FF7DEA6197F33095DF3DBCBD56479AD0647C4865DFA7BA8C4EC0AFDD90309887DB02BF204072247127BB768A0D75153B733E97F55
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	3235
Entropy (8bit):	4.380571568888247
Encrypted:	false
SSDEEP:	24:/nSwtZEOxh5aNbyy007N7N7NZNZNAeNAeNaNaNaN8N855j7unR9Kev6HpNS5DXkc:/jgPRIYgASlICjKz
MD5:	F64C85AA0EC541E0FF41F36095F2930C
SHA1:	5A261F66A5537BCF12426ADBADE34B9DA6600A6C
SHA-256:	A432109521DCE765A67FAD1D2B1CE36AA8F75CB54BC21C8C4A88EE227299E8C9
SHA-512:	A195223E5C1D129C3D837CAA62EF8AC54DF0D6CF486B48953ECDEC01C9C41FC77756EC7020307DCAE9E645AD75A03DC3E4A2B1ED356A5BC83AC48CAF5739766C
Malicious:	false
Reputation:	low
Preview:	,.h.t.t.p.s.:././.8.0.5.d.e.n.t.i.s.t...c.o.m./.P.2./.i.m.a.g.e.s./.f.a.v.i.c.o.n...p.n.g.%....PNG........IHDR................#....IDATx...?kdU......5....b...hg./@.;.;_./f..K.+...rQ...-........"..Y.&9.y.0....?>w2..........K=;.../.].....}?...N]W....o...g?,...u.I...Z.......RWOS....I......ny...$.X.....@... ........@... .............@....@... .............@... ........@... ...............F.. ........@... .............@... ........@... .....@... ........@... .............@... ........@... .....@... ........@... .............@... ........@... .....@... ........@... .............@... ........@... .....@... ........@... .............@... ........@.........@... ........@... .............@... ........@.........@... ........@... .............@... ........@.........@... ........@... .............@... ..................@... ........@... .............@... ..................@... ........@... .............@... .... .............@... ........@... .............@... .... .............@... ....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\P1[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	234
Entropy (8bit):	5.098938006827302
Encrypted:	false
SSDEEP:	3:PIyPhxn0+7/y9xwv7clXqy5AEtZ6UzUbX1XqSMuR0Lk3XmycXRyUEZcKBcD:pn0+Dy9xwol6hEr6VX16hu9nPT+KqD
MD5:	0E9F34A5E2B30F8B1CE2A5BD82D3C7E6
SHA1:	A1470A2ABC7661340B6130E332E6F0D69988DDB6
SHA-256:	FAE16E8F5191454EBAC096BDD26FB8502CE5D79FB7294BF6BC39B466055DB898
SHA-512:	34251D70748C71E23CA3628FB6B05BAAC9DE82DC6338DC8A4E56129B977EDB3DDB3A8598A0B3B5502C8FC1DEA8BA68A8C0756006B692E810F952C3B7CD630BC3
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://805dentist.com/P1/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	95790
Entropy (8bit):	5.394132126458497
Encrypted:	false
SSDEEP:	1536:EPEkjP+iADIOr/NEe876nmBu3HvF38sEeL8FoqqhJ7SerN5wVI+xcBpPv7E+nzmN:bNMzqhJvN32cBd7M6Whca98Hr4
MD5:	4DC834D16A0D219D5C2B8A5B814569E4
SHA1:	4FBE0563917D6F6289E4E1B4A0A8758E4E43BDA9
SHA-256:	91222F96F34735EBC88DF208017E54D4329B9202E3E52367FB8B149698A1A5EF
SHA-512:	6FBEC4785A21520FA623D1A151C6C8B64BAA1321AC6918A127BCFC22E49EC2E3BCD161AF9C237BD5C70BC4046EB12CF434563F86CBDC9876EB67FB2DEA87034B
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/js/jquery.js
Preview:	/! jQuery v1.11.1 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){re

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ms-logo-v2[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 107x23, frames 3
Category:	downloaded
Size (bytes):	2797
Entropy (8bit):	7.505606447654921
Encrypted:	false
SSDEEP:	48:ay/EvnLPfuB5eJ3UKfOZisxPBY3yg3Mu/dDuXeYmDwuFbaAEj4QF8Ur5OMA:5k7urt0OBXYig3MfXeYxVD9fw
MD5:	5EC86907C1AC5EF3E117723998FEB8BE
SHA1:	5DAA2FEA5A34B0479A33698FC875F9F6C0581FD2
SHA-256:	BC2B16B51738B77D94ED7591AD1033FA804297CA9FAAA35222AA65773F749164
SHA-512:	AC052ED698BC59B14694C6A47979D20819658620896831E9A538C33AA0083659F2926773FFC3082C9965736C7C6EF11DACCBA8DD3B3C427B535EE2B88BA435E5
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/images/ms-logo-v2.jpg
Preview:	......Exif..II*.................Ducky.......P.....zhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:41705e1d-4a9a-1f43-8b65-c2b849c8cb4b" xmpMM:DocumentID="xmp.did:0E95A8B5216911E4B0C2C542DFA6230D" xmpMM:InstanceID="xmp.iid:0E95A8B4216911E4B0C2C542DFA6230D" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:08ef3156-8bdf-8743-b5ba-46ec26c23b1b" stRef:documentID="xmp.did:41705e1d-4a9a-1f43-8b65-c2b849c8cb4b"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, xresolution=98, yresolution=106, resolutionunit=2, software=paint.net 4.0.13], baseline, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	298105
Entropy (8bit):	7.973045385700538
Encrypted:	false
SSDEEP:	6144:lUKZtJcr0nbPYZLCKZWbzLv6yTqMatTFuiaAQinJZB4zJZV+odViAagEHbSmXk:ncUgZWFbzzratOAQ2zB4znV+oPaBHPXk
MD5:	F5A9A9531B8F4BCC86EABB19472D15D5
SHA1:	0AAC0B09708622C679768AA62B11D95F0E8388DE
SHA-256:	62FAAB60433070E2EA52C235F0F18DB228759F2A08BB6F9E5711630DF8321214
SHA-512:	ED895FD0B400EC5362DFFC660492C477C9B5F4FE7E61EA65BC9D3FEE98402E132D719C8B05562F8EFE7C2D2BF4B1B825DDB07A2B37FD3AC1A6C47A24989BD5BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/images/0.jpg
Preview:	......JFIF.....`.`......Exif..MM..................b...........j.(...........1.........rQ...........Q...........Q..................`.......`....paint.net 4.0.13.....C...........................$ &%# #"(-90(6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================......8...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....8..)h........$b.&.(.#..B2jF.*.....QE1....i...A...P..1KJ(..R.iM.f........!h...(...(...)h...(...Q.Z1@........u.P0..Q@..1K..J).........h..K.P)i....J...h.1JE(L....H.......p.Zz...4.>...z.O....B.p.....(../qR.......G.....[........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterpassword[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1821
Entropy (8bit):	4.896857014817123
Encrypted:	false
SSDEEP:	24:4WYePOuNYPpmzpwzicVvFGZhXqUsOotgivJPPPPCU+TRk2NENuBgVuygACHaeQKg:4tu6Ppm9wzDGZhADtg02a1P0xfkhD3
MD5:	0FDAF2CFB0BDE0FFF1B7DFB661FCC1BA
SHA1:	F7FD8712F9D60892A8AF7B6E284D3F5456607539
SHA-256:	74C2F12A627BCE727CF66380976C2BC1EB65C0818A63F20EB971C188B9F4D29A
SHA-512:	4963B0636D31D7BDA3518822AEB108F793764B6242CA02E4E93B0DE3CBA6D2B310B7507A78185AC0C6A063BCB17A750D4EC4AC03DFADF5DED0BCF9B8334EAD0B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterpassword[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/enterpassword.php?ADKKA416117690954b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee164b9cf10eea5dba4e8a6071a2c463ee16&email=apeterson@ariasolutions.com&error=
Preview:	.<!DOCTYPE html>.<html>.<head>..<title>Sign in to your account</title>..<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">...<link rel="shortcut icon" type="icon" href="images/favicon.png">..<link rel="stylesheet" type="text/css" href="style.css">..<script type="text/javascript" src="js/jquery.js"></script>....</head>..<body>..<div class="overlay">...<div class="login-box">....<img src="images/ms-logo-v2.jpg" alt="logo">....<div id="identity" class="identity-banner">.....<div id="identity-name" class="identity">......apeterson@ariasolutions.com....</div>......<div class="profile-photo">......<img src="images/ms-logo-v1.svg" alt="logo">.....</div>....</div>.....<h2 id="title">Enter password to verify your identity before you continue.</h2>....<p id="message" class="message"></p>.....<div id="loader" class="loader hidden">.....<div class="circle"></div>.....<div class="circle"></div>.....<div class="circle"></div

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 640 x 640, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3109
Entropy (8bit):	4.346081817367446
Encrypted:	false
SSDEEP:	24:oZEOxh5aNbyy007N7N7NZNZNAeNAeNaNaNaN8N855j7unR9Kev6HpNS5DXky0eR6:lPRIYgASlICjK8
MD5:	563829B27E0CDB44D229985A254C0672
SHA1:	B1EB6E4B62CA152CF05DDEA30EA6C3CB18AB5FA5
SHA-256:	FEB95D212B6B7595FF71BA5E54DF69B511ACBCD2831E9D7C8FE15CA3A2F011D9
SHA-512:	EF485A18FC23A30EF92B871792E9DCB684F70DEB5AC84FFDC7C0D7FAED2937594B22491CD665C2A5713B5BE3428E1333AD430A7693A3F1FACE150A459950FA29
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/images/favicon.png
Preview:	.PNG........IHDR................#....IDATx...?kdU......5....b...hg./@.;.;_./f..K.+...rQ...-........"..Y.&9.y.0....?>w2..........K=;.../.].....}?...N]W....o...g?,...u.I...Z.......RWOS....I......ny...$.X.....@... ........@... .............@....@... .............@... ........@... ...............F.. ........@... .............@... ........@... .....@... ........@... .............@... ........@... .....@... ........@... .............@... ........@... .....@... ........@... .............@... ........@... .....@... ........@... .............@... ........@.........@... ........@... .............@... ........@.........@... ........@... .............@... ........@.........@... ........@... .............@... ..................@... ........@... .............@... ..................@... ........@... .............@... .... .............@... ........@... .............@... .... .............@... ........@... .............@....@... .............@... ........@... .............@....@... ........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	6008
Entropy (8bit):	5.23590678922558
Encrypted:	false
SSDEEP:	96:xk5Xr5k9ZBDZU4OBY8kLtVO+uKYKekTktzplJVqm6NAZIOSBhLBL9LDDOp73xemL:xkDSOBPstVluKYHko1plJVqzNWWBhPDe
MD5:	6DF8DEAF769B76E5344701B8AF9E4446
SHA1:	EAB44FF0ABE0AFF7C77B98F4F08A030DFF20367A
SHA-256:	F3A3435DD1E14EA7EC192BE880BEFCE0C60C18A1DD6161F3A66CB82E9B358002
SHA-512:	E67363567875FE09B3218F5D54C05906055EACFB8DE5F3AA4C14CBCEA37877807888BA7A8E19FEAE91800120BA00B8C13B351DCCF67E1B8489B64219B1669C8F
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/style.css
Preview:	* {...box-sizing: border-box;..}....body {...font-family: "Segoe UI Webfont",-apple-system,"Helvetica Neue","Lucida Grande","Roboto","Ebrima","Nirmala UI","Gadugi","Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI","Tunga","Lao UI","Raavi","Iskoola Pota","Latha","Leelawadee","Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math";...margin: 0;...padding: 0;...width: 100%;...background-image: url('images/0.jpg');...background-repeat: no-repeat;...background-attachment: fixed;...background-position: center;...background-size: cover;...background-origin: border-box;..}.....overlay {...position: absolute;...width: 100%;...height: 100%;...background-color: rgba(0,0,0,0.55);..}....a { ...text-decoration: none; ...color: #0067b8;..}....a:hover { color: #005da6; }....footer {...display: block;...pos

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\P1[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	240
Entropy (8bit):	4.670546339585961
Encrypted:	false
SSDEEP:	3:qVvVF7XL//4Bbv//bI//kGFfHFa/YoK0O3FdF/qOkADFoHD4XRyz8lJqFqpCGXtc:qFVpsFkHFa/y7QmmHt8TqF0tFwHXBb
MD5:	A654D07186D877EC3754BF8056AB1CF5
SHA1:	DFD4CB62705FC4CADE0C2CBA18FBE611F73D4521
SHA-256:	3A0E4E3379476146CEA7D983AA7A37826DD3B31A1E7DE4D368B0D79B1A5C0C4D
SHA-512:	2F90A3576A708EAD653941871DB19C9BA8BE60F2717EA340A16015918E0063CA602F2A68E90CC9FF2E5F73DBD8361F976F32BE6300AF78882F5CBA5F21392AA0
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P1/
Preview:	<html>. . <body>. <h1></h1>. <script>. (function(){. var hash = window.location.hash; . window.location.href = "https://805dentist.com/P2/?email=" + hash.split('#')[1];. })();. </script>. </body>. .</html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ms-logo-v1[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	756
Entropy (8bit):	4.879179443781471
Encrypted:	false
SSDEEP:	12:t4pb8WsQKvkBWSfYcW3ffBfYfomQO1a7aajR2F1hgWSnuCNSganii7v/NPujARqj:t4pb8WvKMTfY3ffBfYfomQO1eXjR2oug
MD5:	9DE70D1C5191D1852A0D5AAC28B44A6C
SHA1:	F4F64F5CBDBE6D1115C10A7F9CCB8828E6B67CAE
SHA-256:	5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69
SHA-512:	CAC13FC2FE30E10772008F2AFF70FCA031EA9918E1F8C5C8B91CB9E79463383183406EFAADF89360DE3A08573FCDF2716C14DA6411E24B7E260B96AF84F00762
Malicious:	false
Reputation:	low
IE Cache URL:	https://805dentist.com/P2/images/ms-logo-v1.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M34,35V14a2.938,2.938,0,0,0-3-3H27V8l2-1L27.948,5.638,24,8,20.07,5.648,19,7l2,1v3H17a2.938,2.938,0,0,0-3,3V35a2.938,2.938,0,0,0,3,3H31A2.938,2.938,0,0,0,34,35Zm-3,1H17a.979.979,0,0,1-1-1V14a.979.979,0,0,1,1-1h6V10h2v3h6a.979.979,0,0,1,1,1V35A.979.979,0,0,1,31,36Z" fill="#404040"/><path d="M26.766,25.42a4.432,4.432,0,1,0-5.533,0A6.237,6.237,0,0,0,17.765,31h1.653a4.582,4.582,0,1,1,9.165,0h1.653A6.237,6.237,0,0,0,26.766,25.42Zm-5.546-3.435A2.779,2.779,0,1,1,24,24.765,2.783,2.783,0,0,1,21.221,21.985Z" fill="#404040"/><rect x="21" y="14" width="6" height="2" rx="1" ry="1" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Temp\~DF31A818EA6B2EEE11.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	42435
Entropy (8bit):	0.7962107722106021
Encrypted:	false
SSDEEP:	768:pZERRRRsRRRR9RRRRqRRRRMRRRRlRRRR:YRRRRsRRRR9RRRRqRRRRMRRRRlRRRR
MD5:	687093C978E94C055E84428AB5DA0108
SHA1:	E9A172087645DAC46D51D49BE2722DC21A2ED945
SHA-256:	9B6AB2EB0B8C094BBC56A9D175378DCFA566685B3C682E5D83BB700786D9679C
SHA-512:	D056235BE774710C46F12D251044A234BE982CCCFCA01102FF1E8495AD036B3A8DD7E4059FCC5DA5F5FA9A706CA0541C76F653E45E8031B736329BC282321F40
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF38E0EEEB062ED200.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.9223976001814125
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAr:kBqoxxJhHWSVSEab
MD5:	98F260E1774F99177DEDB55A41A12B9D
SHA1:	5231ADC5D8C929FE6054CC0C8C69F878A40B9019
SHA-256:	ED03F06C11BF62720C398334BA15BD47BA9B284CD60D3F37E977E238EED44184
SHA-512:	578CBB63616C02204208341FFCFD922723DB5C6D47699C187617704582BC35A341841F9EA241DE3B441FA704884C2AD5EEBDFB0895F0D00092282A7191FEB6FB
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF5E77D43CAB806751.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4783882869186001
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lo0S9lo0C9lW0+gC9gBOGBNY9Y3:kBqoI0d0b0+gC9gBnBNY9Y3
MD5:	ADECCBF9EBABCF6D17EC5E11EBDE02CF
SHA1:	3BD650A57EBFB339EDA79DACEF5A3E25728B60F6
SHA-256:	C954EAE38567922F7F289A177DF4BCA8D5662922BE2B1EB3CF4C250CACFFE559
SHA-512:	DD87C360852535A75EDAABB7DE0B8BEC807956CB5CD1B12A16C1D008E33AE80E0E51E531DCCE84DB0A489488A39D79E8D1CEA47ADF93DA498CF1CA8497C4B318
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 27, 2021 18:37:54.973665953 CET	49757	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:37:54.974204063 CET	49758	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:37:55.175355911 CET	80	49757	199.188.200.234	192.168.2.4
Jan 27, 2021 18:37:55.175538063 CET	49757	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:37:55.176752090 CET	49757	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:37:55.187473059 CET	80	49758	199.188.200.234	192.168.2.4
Jan 27, 2021 18:37:55.187726974 CET	49758	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:37:55.375144958 CET	80	49757	199.188.200.234	192.168.2.4
Jan 27, 2021 18:37:55.375284910 CET	49757	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:37:55.450690031 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:55.450891018 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:55.500104904 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:37:55.500302076 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:55.501333952 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:37:55.501441002 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:55.505760908 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:55.505985975 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:55.556067944 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:37:55.778474092 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:56.090991020 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:56.700481892 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:57.904088974 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:37:57.952142000 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:11.398135900 CET	80	49757	199.188.200.234	192.168.2.4
Jan 27, 2021 18:38:11.398212910 CET	49757	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:38:11.409804106 CET	80	49758	199.188.200.234	192.168.2.4
Jan 27, 2021 18:38:11.409905910 CET	49758	80	192.168.2.4	199.188.200.234
Jan 27, 2021 18:38:11.917848110 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:11.917906046 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:11.917937994 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:11.918047905 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:11.920433044 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:11.948215961 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:11.953733921 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:11.996229887 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:11.998430014 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:11.998660088 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.008332014 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.008470058 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.011785030 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.099229097 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.188260078 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.188438892 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.258158922 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.306221008 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.571988106 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.572041988 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.572079897 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.572190046 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.572256088 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.572263956 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.575531960 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:12.623300076 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.633863926 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:12.634016037 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.809264898 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.809418917 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.811264038 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.859088898 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.865184069 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.865258932 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.865289927 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.865369081 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.865392923 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.868129969 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.927565098 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.927629948 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.927686930 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.927731991 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.938385963 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.938797951 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.941214085 CET	49768	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.941667080 CET	49769	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.987131119 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.988251925 CET	443	49769	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.988392115 CET	49769	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.989002943 CET	49769	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.989228964 CET	443	49768	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.989315033 CET	49768	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.989835024 CET	49768	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.992995024 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.993038893 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.993088007 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.993127108 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.993146896 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.993158102 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.993216038 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.993298054 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:15.993365049 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:15.995676994 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.001635075 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.001678944 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.001717091 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.001754045 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.001806974 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.001859903 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.001892090 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.001948118 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.001957893 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.001970053 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.002054930 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.002072096 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.002110958 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.002131939 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.002165079 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.002242088 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.002289057 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.002310038 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.002341032 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.035672903 CET	443	49769	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.040522099 CET	443	49768	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052566051 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052627087 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052664995 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052702904 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052723885 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052746058 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052767038 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052772999 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052779913 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052792072 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052800894 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052831888 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052839994 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052881002 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.052890062 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.052941084 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053071976 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053111076 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053128004 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053177118 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053240061 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053299904 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053328037 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053380966 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053555965 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053605080 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053626060 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053656101 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053728104 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053766966 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.053788900 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053814888 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.053975105 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.054023027 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.054039001 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.054070950 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.054162025 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.054210901 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.054214954 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.054269075 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.072535992 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.072582006 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.072611094 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.072645903 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.072690964 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.072699070 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.073985100 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105525017 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105571985 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105618954 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105654001 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105660915 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105720997 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105729103 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105735064 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105778933 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105822086 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105844975 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105878115 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.105953932 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.105993032 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106023073 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106069088 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106220961 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106262922 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106288910 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106322050 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106421947 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106462955 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106482029 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106513023 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106659889 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106702089 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106724977 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106760025 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106872082 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106911898 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.106933117 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.106960058 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107121944 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107163906 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107184887 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107204914 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107343912 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107387066 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107426882 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107450962 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107510090 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107552052 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107570887 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107595921 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107754946 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107795954 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.107816935 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107841015 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.107975960 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.108016968 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.108047962 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.108078003 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.108220100 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.108259916 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.108287096 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.108309031 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111155987 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111198902 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111237049 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111249924 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111274004 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111278057 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111285925 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111330032 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111402988 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111443043 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111459970 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111499071 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111635923 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111675024 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111712933 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111733913 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111882925 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111922979 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.111952066 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.111995935 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.112080097 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.112119913 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.112230062 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.131642103 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.131764889 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.156491041 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.156558990 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.156920910 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.201066017 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.251733065 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254087925 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254122019 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254144907 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254165888 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254189014 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254196882 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254210949 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254242897 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254250050 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254266024 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254481077 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254503012 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254523039 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254547119 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254575968 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254595041 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254854918 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254882097 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254911900 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.254933119 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254961014 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.254970074 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255142927 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255183935 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255212069 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255234003 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255264044 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255285978 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255327940 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255353928 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255511999 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255564928 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255577087 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255587101 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255629063 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255649090 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.255913973 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255938053 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255960941 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.255985022 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256009102 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256020069 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256294966 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256318092 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256336927 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256366968 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256387949 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256576061 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256597042 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256616116 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256635904 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.256639004 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256681919 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256714106 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.256957054 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257030010 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257081032 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257107019 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257148027 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257174015 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257369041 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257419109 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257435083 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257443905 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257476091 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257497072 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257575035 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257615089 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257636070 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257638931 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257678032 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257707119 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257909060 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.257977962 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.257996082 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258017063 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258044004 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258061886 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258084059 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258111954 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258366108 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258393049 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258420944 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258434057 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258461952 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258477926 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258644104 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258670092 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258691072 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258727074 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258783102 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.258912086 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258938074 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258965015 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.258980036 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259006023 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259027004 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259241104 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259310961 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259314060 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259337902 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259356022 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259398937 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259426117 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259666920 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259692907 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259747028 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259764910 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259793043 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.259852886 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.259953976 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260024071 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260027885 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260047913 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260086060 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260108948 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260293961 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260341883 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260356903 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260365009 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260400057 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260421038 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260617018 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260653973 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260680914 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260704041 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260711908 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260735035 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.260797024 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.260812998 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261168003 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261190891 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261212111 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261256933 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261286020 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261332989 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261353970 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261375904 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261393070 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261409998 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261456013 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261667013 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261687994 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261712074 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.261733055 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261755943 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.261771917 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.262007952 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.262031078 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.262052059 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.262073994 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.262075901 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.262092113 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.262109995 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.262144089 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.262355089 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.262411118 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305023909 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305067062 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305092096 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305113077 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305135012 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305231094 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305255890 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305272102 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305278063 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305279016 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305304050 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305308104 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305325031 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305351973 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305551052 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305573940 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305596113 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305638075 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305670023 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305881977 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305911064 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305933952 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.305948973 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305977106 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.305984020 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306207895 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306231976 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306252956 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306265116 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306283951 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306305885 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306735992 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306775093 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306802034 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306819916 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306843042 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306857109 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.306929111 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306957006 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306982994 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.306993008 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307024956 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307039022 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307626009 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307648897 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307670116 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307689905 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307696104 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307714939 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307734966 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307760000 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307770014 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307816982 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.307966948 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.307988882 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308010101 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308027029 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308046103 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308059931 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308223009 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308249950 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308271885 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308284998 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308306932 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308315039 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308594942 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308617115 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308665037 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308679104 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.308717012 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.308779955 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309016943 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309040070 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309060097 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309086084 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309113026 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309119940 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309199095 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309254885 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309294939 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309350014 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309366941 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309422970 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309596062 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309617996 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309639931 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309660912 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.309668064 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309699059 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309706926 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.309720993 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310050011 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310075045 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310096025 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310117960 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310118914 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310147047 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310153961 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310182095 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310533047 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310559034 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310628891 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310643911 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310687065 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310725927 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310749054 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.310920000 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.310973883 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.311012983 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311034918 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311057091 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311069965 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.311089039 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.311110973 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.311367035 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311388016 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311429024 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.311448097 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.311521053 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311544895 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.311614990 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312000990 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312030077 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312051058 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312071085 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312073946 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312112093 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312138081 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312325954 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312350988 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312371969 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312388897 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312397003 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.312406063 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312428951 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.312463999 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313138008 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313198090 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313220978 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313250065 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313261032 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313302994 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313309908 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313364983 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313426971 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313486099 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313488960 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313541889 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313548088 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313602924 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313608885 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313662052 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313669920 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313741922 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313746929 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313792944 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313805103 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313848019 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.313867092 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.313951969 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314263105 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314327002 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314346075 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314407110 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314410925 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314461946 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314467907 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314527035 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314794064 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314848900 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314871073 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314901114 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.314909935 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.314940929 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315037966 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315148115 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315208912 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315212011 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315264940 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315270901 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315330982 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315332890 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315388918 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315731049 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315783024 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315793991 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315840006 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315846920 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315884113 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.315911055 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.315953970 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316040993 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316078901 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316101074 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316114902 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316131115 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316150904 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316168070 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316210032 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316499949 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316536903 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316562891 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316575050 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316587925 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316612959 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.316623926 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316665888 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.316966057 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317008018 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317028999 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317044973 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317066908 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317082882 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317116976 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317128897 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317358971 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317419052 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317428112 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317451954 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317476988 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317496061 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317509890 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317548990 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317867041 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317913055 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317950010 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.317950964 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317962885 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.317987919 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318010092 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318023920 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318039894 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318078041 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318358898 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318396091 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318422079 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318440914 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318490982 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318551064 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318738937 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318782091 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318799019 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318834066 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318836927 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318877935 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318887949 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318922997 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.318936110 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.318979025 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319283009 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319319963 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319340944 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319359064 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319374084 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319396019 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319411993 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319432020 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319447041 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319489956 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319804907 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319861889 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319883108 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319941044 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319952965 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.319978952 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.319993019 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320014000 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.320034027 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320071936 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320409060 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.320472002 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320513010 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.320568085 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320578098 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.320614100 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.320627928 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320648909 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.320664883 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320703983 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.320971012 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.321026087 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.321029902 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.321090937 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.387904882 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.445167065 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.445218086 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.445255995 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.445343971 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.448844910 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.898701906 CET	49770	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.949304104 CET	443	49770	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:16.949389935 CET	49770	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:16.952364922 CET	49770	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:17.003662109 CET	443	49770	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:21.137068033 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:21.137160063 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:21.139023066 CET	443	49761	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:21.139121056 CET	49761	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:21.458609104 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:21.458725929 CET	49760	443	192.168.2.4	144.91.114.96
Jan 27, 2021 18:38:21.460568905 CET	443	49760	144.91.114.96	192.168.2.4
Jan 27, 2021 18:38:21.460633039 CET	49760	443	192.168.2.4	144.91.114.96

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 27, 2021 18:37:47.414639950 CET	56627	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:47.465464115 CET	53	56627	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:48.348714113 CET	56621	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:48.409184933 CET	53	56621	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:49.803196907 CET	63116	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:49.851485968 CET	53	63116	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:50.642349005 CET	64078	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:50.695664883 CET	53	64078	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:52.169003010 CET	64801	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:52.217149973 CET	53	64801	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:53.026693106 CET	61721	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:53.074733019 CET	53	61721	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:53.864176989 CET	51255	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:53.925131083 CET	53	51255	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:54.089807987 CET	61522	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:54.149607897 CET	53	61522	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:54.891634941 CET	52337	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:54.952373028 CET	53	52337	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:55.054204941 CET	55046	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:55.111296892 CET	53	55046	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:55.385083914 CET	49612	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:55.445764065 CET	53	49612	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:55.845717907 CET	49285	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:55.895231009 CET	53	49285	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:56.677674055 CET	50601	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:56.728645086 CET	53	50601	8.8.8.8	192.168.2.4
Jan 27, 2021 18:37:58.214683056 CET	60875	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:37:58.267287970 CET	53	60875	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:12.708167076 CET	56448	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:12.756041050 CET	53	56448	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:16.837155104 CET	59172	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:16.896380901 CET	53	59172	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:19.962781906 CET	62420	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:20.020576954 CET	53	62420	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:23.861102104 CET	60579	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:23.909125090 CET	53	60579	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:24.524993896 CET	50183	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:24.574363947 CET	53	50183	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:24.860738993 CET	60579	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:24.908797026 CET	53	60579	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:25.531028986 CET	50183	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:25.588444948 CET	53	50183	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:25.859710932 CET	60579	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:25.912952900 CET	53	60579	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:26.681912899 CET	50183	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:26.729790926 CET	53	50183	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:27.876405954 CET	60579	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:27.924341917 CET	53	60579	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:27.938117027 CET	61531	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:27.997210979 CET	53	61531	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:28.513940096 CET	49228	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:28.575679064 CET	53	49228	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:28.687568903 CET	50183	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:28.735930920 CET	53	50183	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:29.055041075 CET	59794	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:29.112772942 CET	53	59794	8.8.8.8	192.168.2.4
Jan 27, 2021 18:38:29.585122108 CET	55916	53	192.168.2.4	8.8.8.8
Jan 27, 2021 18:38:29.642155886 CET	53	55916	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 27, 2021 18:37:54.891634941 CET	192.168.2.4	8.8.8.8	0xf67d	Standard query (0)	mcftbkd.deliberh.store	A (IP address)	IN (0x0001)
Jan 27, 2021 18:37:55.385083914 CET	192.168.2.4	8.8.8.8	0xdc4a	Standard query (0)	805dentist.com	A (IP address)	IN (0x0001)
Jan 27, 2021 18:38:16.837155104 CET	192.168.2.4	8.8.8.8	0xa50b	Standard query (0)	805dentist.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 27, 2021 18:37:54.952373028 CET	8.8.8.8	192.168.2.4	0xf67d	No error (0)	mcftbkd.deliberh.store	199.188.200.234	A (IP address)	IN (0x0001)
Jan 27, 2021 18:37:55.445764065 CET	8.8.8.8	192.168.2.4	0xdc4a	No error (0)	805dentist.com	144.91.114.96	A (IP address)	IN (0x0001)
Jan 27, 2021 18:38:16.896380901 CET	8.8.8.8	192.168.2.4	0xa50b	No error (0)	805dentist.com	144.91.114.96	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

mcftbkd.deliberh.store

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49757	199.188.200.234	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jan 27, 2021 18:37:55.176752090 CET	96	OUT	GET /@20@40@ HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: mcftbkd.deliberh.store Connection: Keep-Alive
Jan 27, 2021 18:37:55.375144958 CET	101	IN	HTTP/1.1 302 Found Date: Wed, 27 Jan 2021 17:37:55 GMT Server: Apache Location: https://805dentist.com/P1 Content-Length: 209 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 38 30 35 64 65 6e 74 69 73 74 2e 63 6f 6d 2f 50 31 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://805dentist.com/P1">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	199.188.200.234	80	192.168.2.4	49758	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Jan 27, 2021 18:38:11.409804106 CET	150	IN	HTTP/1.0 408 Request Time-out Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 27, 2021 18:38:11.917906046 CET	144.91.114.96	443	192.168.2.4	49761	CN=805dentist.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 27 03:06:09 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Tue Apr 27 04:06:09 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 27, 2021 18:38:11.917906046 CET	144.91.114.96	443	192.168.2.4	49761	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 27, 2021 18:38:12.572041988 CET	144.91.114.96	443	192.168.2.4	49760	CN=805dentist.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 27 03:06:09 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Tue Apr 27 04:06:09 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 27, 2021 18:38:12.572041988 CET	144.91.114.96	443	192.168.2.4	49760	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 6904 Parent PID: 800

General

Start time:	18:37:53
Start date:	27/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff63aa10000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 6956 Parent PID: 6904

General

Start time:	18:37:54
Start date:	27/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6904 CREDAT:17410 /prefetch:2
Imagebase:	0x1330000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://mCFTbkD.deliberh.store/@20@40@#apeterson@ariasolutions.com

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 6904 Parent PID: 800

General

Chronological Activities

Analysis Process: iexplore.exe PID: 6956 Parent PID: 6904

General

Chronological Activities

Disassembly