Play interactive tour

Edit tour

Analysis Report smartandfinalTicket#51347303511505986.htm

Overview

General Information

Sample Name:	smartandfinalTicket#51347303511505986.htm
Analysis ID:	356325
MD5:	5f42d465e7e680e051a74bb797bc6535
SHA1:	843faae5f7d10488aed129367e8ea7ada3396942
SHA256:	e4b97c79b4c90cb26a1c518bc1a6d821444436d4420d1e579b781b1c3704bb57
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

JA3 SSL client fingerprint seen in connection with other malware

Classification

Startup

System is w10x64

iexplore.exe (PID: 6832 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6924 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6832 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg?data=dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Show sources

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 820094.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm, type: DROPPED

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49752 version: TLS 1.2

Networking:

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6aad3e8e,0x01d70964</date><accdate>0x6aad3e8e,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6aad3e8e,0x01d70964</date><accdate>0x6aad3e8e,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: saisas.com.co

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN_r8OUuhs.ttf)
Source: {920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://saisas.com.co//Desktop/smartandfinalTicket#51347303511505986.htmexrobotosv4/?vishal.kumar
Source: ~DF0C840B5320C13C8C.TMP.1.dr, exrobotosv4[1].htm.3.dr	String found in binary or memory: https://saisas.com.co/exrobotosv4/?vishal.kumar
Source: smartandfinalTicket#51347303511505986.htm	String found in binary or memory: https://saisas.com.co/exrobotosv4?vishal.kumar
Source: OfficeV4[1].htm.3.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4/?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t
Source: ~DF0C840B5320C13C8C.TMP.1.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17r
Source: imagestore.dat.3.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4/images/favicon.ico~
Source: exrobotosv4[1].htm0.3.dr	String found in binary or memory: https://sydneybuildingengineers.com.au/OfficeV4?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t
Source: {920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://sydneybuildingexrobotosv4/?vishal.kumar

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 208.91.198.178:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.169.157.161:443 -> 192.168.2.4:49752 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal64.phis.winHTM@3/31@3/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{920BAF35-7557-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF837C423F64999335.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6832 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6832 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
smartandfinalTicket#51347303511505986.htm	0%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
saisas.com.co	0%	Virustotal		Browse
sydneybuildingengineers.com.au	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg?data=dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://sydneybuildingengineers.com.au/OfficeV4/?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	0%	Avira URL Cloud	safe
https://sydneybuildingexrobotosv4/?vishal.kumar	0%	Avira URL Cloud	safe
https://saisas.com.co//Desktop/smartandfinalTicket#51347303511505986.htmexrobotosv4/?vishal.kumar	0%	Avira URL Cloud	safe
https://saisas.com.co/exrobotosv4/?vishal.kumar	0%	Avira URL Cloud	safe
https://saisas.com.co/exrobotosv4?vishal.kumar	0%	Avira URL Cloud	safe
https://sydneybuildingengineers.com.au/OfficeV4?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	0%	Avira URL Cloud	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17r	0%	Avira URL Cloud	safe
https://sydneybuildingengineers.com.au/OfficeV4/images/favicon.ico~	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
saisas.com.co	208.91.198.178	true	false	0%, Virustotal, Browse	unknown
sydneybuildingengineers.com.au	192.169.157.161	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg?data=dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://sydneybuildingengineers.com.au/OfficeV4/?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	OfficeV4[1].htm.3.dr	false	Avira URL Cloud: safe	unknown
https://sydneybuildingexrobotosv4/?vishal.kumar	{920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	low
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
https://saisas.com.co//Desktop/smartandfinalTicket#51347303511505986.htmexrobotosv4/?vishal.kumar	{920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://saisas.com.co/exrobotosv4/?vishal.kumar	~DF0C840B5320C13C8C.TMP.1.dr, exrobotosv4[1].htm.3.dr	false	Avira URL Cloud: safe	unknown
https://saisas.com.co/exrobotosv4?vishal.kumar	smartandfinalTicket#51347303511505986.htm	false	Avira URL Cloud: safe	unknown
https://sydneybuildingengineers.com.au/OfficeV4?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t	exrobotosv4[1].htm0.3.dr	false	Avira URL Cloud: safe	unknown
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
https://sydneybuildingengineers.com.au/OfficeV4/authorize_client_id:5g1afb80-7jfq-ask4-t1bx-5zw0d17r	~DF0C840B5320C13C8C.TMP.1.dr	false	Avira URL Cloud: safe	unknown
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
https://sydneybuildingengineers.com.au/OfficeV4/images/favicon.ico~	imagestore.dat.3.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.91.198.178	unknown	United States		394695	PUBLIC-DOMAIN-REGISTRYUS	false
192.169.157.161	unknown	United States		398101	GO-DADDY-COM-LLCUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	356325
Start date:	22.02.2021
Start time:	22:46:52
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	smartandfinalTicket#51347303511505986.htm
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.winHTM@3/31@3/3
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .htm
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 52.255.188.83, 13.88.21.125, 13.64.90.137, 88.221.62.148, 104.43.139.144, 51.104.139.180, 152.199.19.161, 52.155.217.156, 20.54.26.129, 93.184.221.240, 92.122.213.194, 92.122.213.247 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
PUBLIC-DOMAIN-REGISTRYUS	f4b1bde3-706a-40d2-8ace-693803810b6f.exe	Get hash	malicious	Browse	103.53.43.36
	LIQUIDACION INTERBANCARIA 02_22_2021.xls	Get hash	malicious	Browse	208.91.199.223
	document-550193913.xls	Get hash	malicious	Browse	208.91.199.118
	document-550193913.xls	Get hash	malicious	Browse	208.91.199.118
	SecuriteInfo.com.Trojan.Packed2.42850.3598.exe	Get hash	malicious	Browse	208.91.199.225
	SecuriteInfo.com.Trojan.Inject4.6572.1879.exe	Get hash	malicious	Browse	208.91.199.224
	ffkjg5CVrO.exe	Get hash	malicious	Browse	208.91.199.223
	7Lf8J7h7os.exe	Get hash	malicious	Browse	208.91.199.223
	Shipping Details_PDF.exe	Get hash	malicious	Browse	208.91.198.143
	YKRAB010B_KHE_Preminary Packing List.xlsx.exe	Get hash	malicious	Browse	208.91.199.225
	RTM DIAS - CTM.exe	Get hash	malicious	Browse	208.91.198.143
	AWB & Shipping Doc.exe	Get hash	malicious	Browse	208.91.199.223
	AWB & Shipping Doc.exe	Get hash	malicious	Browse	208.91.199.223
	PAYMENT INVOICE-9876543456789.exe	Get hash	malicious	Browse	208.91.199.224
	SecuriteInfo.com.Artemis249E62CF9BAE.exe	Get hash	malicious	Browse	208.91.198.143
	SecuriteInfo.com.Exploit.Siggen3.10204.3307.xls	Get hash	malicious	Browse	103.50.162.157
	document-573042818.xls	Get hash	malicious	Browse	103.50.162.157
	document-573042818.xls	Get hash	malicious	Browse	103.50.162.157
	document-573042818.xls	Get hash	malicious	Browse	103.50.162.157
	document-750895311.xls	Get hash	malicious	Browse	103.50.162.157
GO-DADDY-COM-LLCUS	IMG_01670_Scanned.doc	Get hash	malicious	Browse	184.168.131.241
	IMG_7742_Scanned.doc	Get hash	malicious	Browse	184.168.131.241
	PDF.exe	Get hash	malicious	Browse	184.168.131.241
	Statement-ID28865611496334.vbs	Get hash	malicious	Browse	107.180.91.179
	Statement-ID21488878391791.vbs	Get hash	malicious	Browse	107.180.91.179
	Statement-ID72347595684775.vbs	Get hash	malicious	Browse	107.180.91.179
	SOA.exe	Get hash	malicious	Browse	184.168.131.241
	YSZiV5Oh2E.exe	Get hash	malicious	Browse	184.168.131.241
	Confirmation.exe	Get hash	malicious	Browse	184.168.131.241
	Purchase order.exe	Get hash	malicious	Browse	184.168.131.241
	Request For Quotation.PDF.exe	Get hash	malicious	Browse	184.168.131.241
	IMG_7189012.exe	Get hash	malicious	Browse	184.168.131.241
	DHL Shipment Notification 7465649870,pdf.exe	Get hash	malicious	Browse	184.168.131.241
	urgent specification request.exe	Get hash	malicious	Browse	184.168.131.241
	P.O-48452689535945.exe	Get hash	malicious	Browse	107.180.48.248
	Shinshin Machinery.exe	Get hash	malicious	Browse	184.168.131.241
	CMahQwuvAE.exe	Get hash	malicious	Browse	184.168.131.241
	ForeignRemittance_20210219_USD.xlsx	Get hash	malicious	Browse	184.168.131.241
	SHED.EXE	Get hash	malicious	Browse	184.168.131.241
	c4p1vG05Z8.exe	Get hash	malicious	Browse	184.168.131.241

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	rieuro.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	receipt145.htm	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	One Note shergott@vivaldicap.com.html	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	FAX-MESSAGE201636576736375362.hTMl	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	message_zdm (2).html	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	Small Charities.xlsx	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	leaseplan-invoice-831008_xls2.HtMl	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	7lM8HxwfAm.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	LcA7GaqAXC.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	4FHOFKHnX8.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	5N5yxttthP.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	vBKmtJ58Eo.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	5293ea9467ea45e928620a5ed74440f5.exe	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	f1a14e6352036833f1c109e1bb2934f2.exe	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	Njs4kjnD5X.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	Uiha1GUS7S.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	SecuriteInfo.com.Mal.EncPk-APW.20360.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	10.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	iopjvdf.dll	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
	d88e07467ddcf9e3b19fa972b9f000d1.exe	Get hash	malicious	Browse	208.91.198.178 192.169.157.161
37f463bf4616ecd445d4a1937da06e19	f4b1bde3-706a-40d2-8ace-693803810b6f.exe	Get hash	malicious	Browse	192.169.157.161
	LIQUIDACION INTERBANCARIA 02_22_2021.xls	Get hash	malicious	Browse	192.169.157.161
	document-550193913.xls	Get hash	malicious	Browse	192.169.157.161
	GUEROLA INDUSTRIES N#U00ba de cuenta.exe	Get hash	malicious	Browse	192.169.157.161
	receipt145.htm	Get hash	malicious	Browse	192.169.157.161
	xerox for hycite.htm	Get hash	malicious	Browse	192.169.157.161
	SecuriteInfo.com.Heur.15528.xls	Get hash	malicious	Browse	192.169.157.161
	Muligheds.exe	Get hash	malicious	Browse	192.169.157.161
	DHL_6368638172 documento de recibo,pdf.exe	Get hash	malicious	Browse	192.169.157.161
	PDF.exe	Get hash	malicious	Browse	192.169.157.161
	pagamento.exe	Get hash	malicious	Browse	192.169.157.161
	message_zdm (2).html	Get hash	malicious	Browse	192.169.157.161
	Statement-ID28865611496334.vbs	Get hash	malicious	Browse	192.169.157.161
	Statement-ID21488878391791.vbs	Get hash	malicious	Browse	192.169.157.161
	frank_2021-02-22_02-03.exe	Get hash	malicious	Browse	192.169.157.161
	Statement-ID72347595684775.vbs	Get hash	malicious	Browse	192.169.157.161
	MR52.vbs	Get hash	malicious	Browse	192.169.157.161
	Scan_medcal equipment sample_pdf.exe	Get hash	malicious	Browse	192.169.157.161
	rfq02212021.exe	Get hash	malicious	Browse	192.169.157.161
	RE ICA 40 Sdn Bhd- Purchase Order#6769704.exe	Get hash	malicious	Browse	192.169.157.161

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{920BAF35-7557-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.84856656463155
Encrypted:	false
SSDEEP:	192:r3ZoZ12xWKtDifNRfzMe3BydD8sf4RujX:rposACkg2mrh
MD5:	CC0839461BF3524F53495B614F900C1E
SHA1:	ED510A27010418870F36443495B871535085B250
SHA-256:	F7B62B91A8DB59B574E9EFAAE8320B7CCEDC3EF8320784A6A9B7957FF29C4667
SHA-512:	630FBE4E7310E89F37E38E4FD37834DB7C79F287A415188EC398EA0270FF4FDE76FD1DB6410906054E763F91D4A6D204FF6D7C532C989FC422B54BF6194DF10B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{920BAF37-7557-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	29444
Entropy (8bit):	1.794725427239966
Encrypted:	false
SSDEEP:	96:r3ZsQE6CBSyjF25WbMDbMQa1pzX2BlO70EH5h:r3ZsQE6CkyjF25WbMDbMQqpSBlOZH5h
MD5:	05C7154E35AB6A2A8F7DC63F4E289274
SHA1:	3DF842FAE87B7D0333779E67DD02206A10CAE68D
SHA-256:	AA2BE18E8E34CA217B8F5F1925C4AD974F7B58F34030B479C9757202CE2408C8
SHA-512:	D1405AC093DB21232B979D0D451FF5F8C63F5B3079F2AB5551948A00C69247C20D0455BB7112CD5F318DA806A3589A6E30C020D7F9BE94D74C0D362D67472AEC
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99B83FD3-7557-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5628787296546043
Encrypted:	false
SSDEEP:	48:IwiGcprbGwpaDG4pQDGrapbSQGQpKCG7HpRVTGIpG:rWZ1Q16nBSYAtTDA
MD5:	E67013FA0FABB1BEAD4BED5951E7B836
SHA1:	830F3173699D9ECFA9EBE7264C154CB8CE63E4FE
SHA-256:	27633182774D0D0714849DAE741BB2AE60DF5DD3D627C1B70AB9EA2F361BB161
SHA-512:	6DC9F0B4B2B5A04876F14BCA253733CAA8B0BCCC29D4AC9639CC380126C65B0EA93BD4C6D26760B498B96849927D501EDB6EDF8511ACC2DC34CB8004E9CC43BA
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.114417751291332
Encrypted:	false
SSDEEP:	12:TMHdNMNxOE0kCekC1nWimI002EtM3MHdNMNxOE0kCekC1nWimI00OYGVbkEtMb:2d6NxOB6RSZHKd6NxOB6RSZ7YLb
MD5:	0D082AF07F390BE14E01DF31C5E60DA9
SHA1:	39045AA5551DA28B35CCE55585A59903CEB60E00
SHA-256:	D66311C9E09CBFACCF84EAA121DEA78045825185D4FBCE3F7546F3EDC60C8347
SHA-512:	012057A16663C80295DF66FB414BE51CD51DC3D664B428DF2A0FFBFA48F9E50CE791CD1D7ABD0A0226208F1C3968E064DF3B20CCED79C34086EAF4A58D6E0846
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.093375475748663
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kiSCcSC1nWimI002EtM3MHdNMNxe2kiSCcSC1nWimI00OYGkak6Ety:2d6NxrISZHKd6NxrISZ7Yza7b
MD5:	E01331A6EB1343F508DA169504CEB422
SHA1:	E39AA20353A9B5F5399B488610494C8B8AA00F1F
SHA-256:	60E926C69C992C0A1B23D09118021D3CDF4EE4959BA5357E07C60FC56C2A2366
SHA-512:	F1ACE378536E174F7D3FF0802618367D0340619D8BDEE87DCAADCD3EFC10894CEAFA2F6B4FA90191B6AA36A8E09CADA8D9AD91F78D0C1BBB47304AE0D57D1E87
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x6aaadc5c,0x01d70964</date><accdate>0x6aaadc5c,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x6aaadc5c,0x01d70964</date><accdate>0x6aaadc5c,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.133664965116651
Encrypted:	false
SSDEEP:	12:TMHdNMNxvL0kCekC1nWimI002EtM3MHdNMNxvL0kCekC1nWimI00OYGmZEtMb:2d6Nxvg6RSZHKd6Nxvg6RSZ7Yjb
MD5:	90C17E549181CFDF88BC408E181AD19C
SHA1:	39470F72E77D650AD6009BCC5803FEDCC50F2663
SHA-256:	6BCF727C5C6A044FD1D7C2ECAD7FEC76A3D4E41BBEA889B7A17FF5752A18E0A3
SHA-512:	B18E180E23F391A2EF84B88A83A5DC22D6135FA645E20420200D5E7FDBCAE2D9638CB58C645AE676E898BC5DD7F1D6A51EC90A232F15487A17C8A28CB37EB526
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.081922262182561
Encrypted:	false
SSDEEP:	12:TMHdNMNxioCaC1nWimI002EtM3MHdNMNxioCaC1nWimI00OYGd5EtMb:2d6NxESZHKd6NxESZ7YEjb
MD5:	29BE80C87E97121C213CB3D34327E385
SHA1:	80AA8DA5E6751E11848E3244620E117C790D3542
SHA-256:	24691562C62340B2BA95A94742E3F6B545B32ADABC46F500360648DEC10D8425
SHA-512:	9155DA36DC69BEE74FF7E87DEA4B79692CE7786EF13B442E615C49AE83FCE5B64D0E11983CC11EA79DA1BD1832150902D242DF7A2204265E26AEE4D9AA95F753
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.145057217640643
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGw0kCekC1nWimI002EtM3MHdNMNxhGw0kCekC1nWimI00OYG8K075Es:2d6NxQl6RSZHKd6NxQl6RSZ7YrKajb
MD5:	2C9F501DA18158DCA76A8FF7DA4F29CE
SHA1:	6B97A5EAD015D84EA709C81C4C90E862156D6DD5
SHA-256:	8266CEE2AC9ABC4A35E58DE8A7AF318D2222F35A3FA927998CD6B73B8E71F35E
SHA-512:	E05D76187B42335C1104334DA09BD347D9D205D0431D1839A20F529E64ECE2940C2FE83A903E038E860E6DD58889421DD62DED3310907913F3E9BF453AA81F44
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6ab20340,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.088468942202851
Encrypted:	false
SSDEEP:	12:TMHdNMNx0noCaC1nWimI002EtM3MHdNMNx0noCekC1nWimI00OYGxEtMb:2d6Nx0/SZHKd6Nx0eRSZ7Ygb
MD5:	6FD9BBD0AE034CE87D8A53D91420C3CE
SHA1:	E92964FE90C2B07EC8216A6688EAE1F236D4516C
SHA-256:	A198B08AD5A452352E7DC23989B3DD8093ABBD30DC95E0A3A145D481F01C00A0
SHA-512:	185A14DBAE8CD44D3DE5D5E67D3AE7EF148FF19D6BC3036D9D388E62CCAA606BCAD7737D9C69454E5469D8556D72A178E66BB61A04C95A45CC8611212768A803
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6ab20340,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.106472382964582
Encrypted:	false
SSDEEP:	12:TMHdNMNxxoCaC1nWimI002EtM3MHdNMNxxoCaC1nWimI00OYG6Kq5EtMb:2d6NxxSZHKd6NxxSZ7Yhb
MD5:	52D0BECF21B145CD666A40B605025EE9
SHA1:	C3C3CFADDE941BF6D3190549487AC88E2933C48C
SHA-256:	12368EAE89D2A863C281446F62EEB1F741CEE6DE04EF8EFD7C9CF2CC8F9B6A9C
SHA-512:	449D441E553A6890C98CB91F052A5F17CB5517E5859E3CE9E01A3F94DB00BE33A5BA12839B2F53DB61A5F74D521BAF195DB7EDFEEE2725108FE90D64ABBF8034
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.098527241326319
Encrypted:	false
SSDEEP:	12:TMHdNMNxcQtCetC1nWimI002EtM3MHdNMNxcQtCetC1nWimI00OYGVEtMb:2d6NxSSZHKd6NxSSZ7Ykb
MD5:	399EF1928730BF78593B16DEAC7D6E5B
SHA1:	12DEEE1FC18CEB67EA7A6A1AD4523F23D3A74C22
SHA-256:	8DA5512F1CE5B50803EF119E838D0D4B1F5BBABAD70CF4F5C53DA64B7045E4A3
SHA-512:	1521E47BBB5E1536603EA836DF525B8DA8B3D9D991291AC54280DFC81B3589AD8131D8905314C763A8EAFE1970794C7A4499851E8E48967485B1808F8F14DCF6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6aad3e8e,0x01d70964</date><accdate>0x6aad3e8e,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6aad3e8e,0x01d70964</date><accdate>0x6aad3e8e,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.067517880816491
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnoCaC1nWimI002EtM3MHdNMNxfnoCaC1nWimI00OYGe5EtMb:2d6NxHSZHKd6NxHSZ7YLjb
MD5:	6357EE3D77268A8D600CEB67605E98D5
SHA1:	E3DB30439696F58DF0F42585975851511D364702
SHA-256:	E4B037D9150B24D7D217D77488AEBBB157D62A36951A1C853059811F7F495D95
SHA-512:	18B1B1638F641DA5053B173D893F098896446B4B83EE430A6F941D2671077349553B19928E1C3A810478EDFE0D701BB74393FD526AA4992C7EC9523D1B6F9B8D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x6aafa0e9,0x01d70964</date><accdate>0x6aafa0e9,0x01d70964</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.976173540641026
Encrypted:	false
SSDEEP:	24:RsWfImyQOyrQZ9FjFjFjFAZ4qCYORlzi+fzi+fzi+fziAVR9u:RsWQm5OyoBBB6ZvORlzi0zi0zi0ziGRI
MD5:	E6E35AB1BEEB430776892C9C1CECB5E6
SHA1:	AD73F61752F8757E5B5A1B7F908C550455232763
SHA-256:	A491F1D67AE301A620C6943F2CB1DCE28159E9C131AF286030026DB49A51A929
SHA-512:	C4999D28AFA37188FA6BBA9F3AE5E1D5399E53383688A30AD53DA62C4FA104123005B5576A0A52A609319C30DCAF475058D72D6C2E7A4898341EE570F8E97F37
Malicious:	false
Reputation:	low
Preview:	B.h.t.t.p.s.:././.s.y.d.n.e.y.b.u.i.l.d.i.n.g.e.n.g.i.n.e.e.r.s...c.o.m...a.u./.O.f.f.i.c.e.V.4./.i.m.a.g.e.s./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ...........................P..$..%..%..%..%.."...}.....9e..<h..<h..<h..<h..;f..c....2.....................f.w....K...N...N...N...N...L..Iq...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...2.....................f.u....I...L...L...L...L...K..Gp.......g...i...i...i...i...f........................................f...g...g...g...g...e...........g..i..i..i..i..h....../...........................j...d....{...}...}...}...}...\|.6..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8..0...........................k...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\enterpass[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	1446
Entropy (8bit):	7.796535000569005
Encrypted:	false
SSDEEP:	24:5CytrnsaVZjZ6+qQALzcF6zSyf/UTR8F2DFHTT6bFol73+M2XdU4:5HQaVZ/qQ7Quyf/UVIb+J3+MqU4
MD5:	BD6E291A9A3CC17ED37605E4FF0010CC
SHA1:	6C1EFD74231E3D253E0F51E4656ECED2F3335D71
SHA-256:	706DE242E7C3CFC4B16BA8174723F26FB80566C3171E9E795F057476011A5DE1
SHA-512:	D940D950167404FE53BD6A7AABAAA8C57AC58878AAD045B9F09B1FA331743A8DB5ECA2568F7E1C3D92EDA4C3AC8F1BE11240917102862F65BB0372EE1D82B333
Malicious:	false
Reputation:	moderate, very likely benign file
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/enterpass.png
Preview:	.PNG........IHDR...............`.....sRGB.........gAMA......a.....pHYs..........o.d...;IDAThC.Y/..<.~?..T..U..B..PU(T?...U.Z.BUUU..PU.I23.@`.z....n.f&.?....+..U.Ec...X._......E..... o...2.Y.Gw9.Y.....+.5....np..a...X._4~_~i...E....`..k...)....z>$..?....~. =.b.F......8.k..X......k.".#3.....8D5&N.V.....m.Q..7h.S.rhp...t.`.....0.L.q...9\|JO.pp.Nzl...X..i...C..L..R..D.....2.n..6......\.F.............o....9..8.ZJ...S...K..5...yz.6.FF.45q.X..?.......E/..Z...;......A.7.^/..Y...S....4......nE".B.........gA..(r..@N.6!>...).g..;mu....9..3.`....G. .i.ak.}`(D.!.4.g.OLb..{..#...e.....%.s....O......Y..<li.Dd.=...a..Y.5.x.;l..J.....[Pp...:.Yhc?..U...9.aD./:.\@w.x..4=....8.}s0L\|"..O.UB....ls3E.fT3.. X0+..7.....[.@.....\|i..:.yF....E..O-...Z.....:>..s.VO.83.t+.(!..b<.qB1I...p...\mo.......)..)O~..?..U.E..`o...lvE}..tU",...V.v).....K..S.x.......tL.3..k!..u+.....k.C....S{.N`._.%./..r#.}._.N.N.]`.\|..j..O.qV.a........V.....03......k..T:a...;...&. =G..qkr.<..&..`.c'.Pk.."o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\exrobotosv4[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	273
Entropy (8bit):	5.179917685373619
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPHTLiRAdIEB+s7U+KqD:J0+ox0RJWWPzQAfIsfT
MD5:	2B9C6FB3BF190B5120DB7A101A6423A1
SHA1:	036A29B9FD863690D0E9B587F23AC8AD7FF43318
SHA-256:	A8B64AD32CC041DBA431BDB513F7B32D9A0136B946098C41316DA8FE6910AABA
SHA-512:	8CB66B78068E3A70ED0AA09A1D7D1B7267FC5ACFCB9C4245FE9A732C6EA44929F561ED3E6C1767D3203FE6ACF9C7C2B235461FCC21187A6E4E7A138FCCC0BE79
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://saisas.com.co/exrobotosv4/?vishal.kumar@smartandfinal.com">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\forgpass[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	713
Entropy (8bit):	7.532865305314849
Encrypted:	false
SSDEEP:	12:6v/7WGu/MYrBNPY+iJy9aiXYgAITAmdQWjCxKy8wQg+dBH6m67tjtbYjGNgUFu56:3TrBNP7iJy9adGrQWjoDZOSUGNB4vOOm
MD5:	B19CAC60E41C79BD974C1080088C6FEF
SHA1:	FFE553D8CA430DD309494E910A989271648A4DDD
SHA-256:	E29DB32031DC537AEE9CB557B408395F3324F1E0F744349C0CDF943A3AF39296
SHA-512:	04169E96DD18AA3BB6A56D60388D05CEF24418CB109A7613E2378F275E65BE57A1D4057E12BB90126A07CAC89578830A66E2036835CE0817CB6E22BC11BA0A19
Malicious:	false
Reputation:	moderate, very likely benign file
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/forgpass.png
Preview:	.PNG........IHDR...y.........&.......sRGB.........gAMA......a.....pHYs..........o.d...^IDATXG.V...0..C..H..-..."U....Q...]...xn......yz+.8.;.B.z?t..C............=.7.t9....hj...B..Q..y?.N?^^.\..}<.3%t<...R,2..D...&..s.:XAkr5,..D .J.....u.a...nl%.c.&4...k.,_..+7.B.Y.1GEyA-.......#p..b....r.nSb.....tu.F.q.^...b.B..?/.6....s4`.C.. ..5f...:.._p...._.+.w...[O.S...@.I.d0..."i..hcLA^.......<F.t...VnIEQ.7.C..2.P.^Ekhg.Hx.$...%F..%@....K..l[.Z#.cN.jZY:hg.Z.E.aYk..RvZ.....{....LH.[..bK.\|... ..}..Z..G.*.\|j.t.k.....ON..a.1..D.......$..pT.v..8.J....F.....1..!....D\y......g..n......#<..d.q.i!0...H>z..ZA\.-.].4.......G.....8..e..f..%Z....z.7....E...}....~.Z..^x....Q,.........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sigin[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	736
Entropy (8bit):	7.584671380578728
Encrypted:	false
SSDEEP:	12:6v/7KF/hTNSsk9V/G4ifz5SwtGfgzKf8v2zbuht0NNCXxT52FBrORsnwClc:N09NG4iL4WGfgqo23v6XRW1CI7lc
MD5:	681B83E88BA6AACCC72705FBF9F2257B
SHA1:	D69957C47026108511225160BE9BD15788D26E14
SHA-256:	F32A760F15530284447282AF5C7D0825BABF8BC4739E073928F6128830819F7A
SHA-512:	393795EAC16AFBEFA38034360C7C886FEA65016A5CEB55E1A91718474B0AE8F3AE7DFC0EA7F6C1C97334C1C6269B702A1C85236A398B78E16D19E696F2135216
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/sigin.png
Preview:	.PNG........IHDR...l... .............sRGB.........gAMA......a.....pHYs..........+.....uIDAThC.AK.A...)Th...!...^....x.......S{K.'.O...[.'...K".I.K...Pj.B(T.$...tf..M"....}?.2ofv..?...!.z...;.+0A.c.......".3D0f.`....1....Z..M..!g_U.p........X..aX...Y.+../K.91l9{.....h..>...;...".P..V..*.">Cv....8.$.V.8.%.v..bJ...Sw:c..]D:.LcT.6...[.}N.wi....1.t.#....O.a..E.....\|...n.p..i....v.3..$.^...\|.;-e;s.g..Y.F...c......u. .L..........1jd.h.w&v6.T.>..A...nXVk\|i..{Wx..1.i}a...n.5]ok....<...z..+h..3U=n..OqX.j.....j.......m.x.E..\|T.U..LFK0.......:`...of....c....._.Kgb.Z.l.C...wu.\.>u.]..z00+....4......7.!.0.2K.XY...O:.Rw...M..7...y...3.FtBb.....3...7....D..e.\|....!1x.`....!.1C.c.......".+...\|..z......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\OfficeV4[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.424574859702785
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPL0ebWBK2fECtgUF6vAr+KqD:J0+ox0RJWWPLFb32fEWFiXT
MD5:	1F050ABD9871AB7BC253372B20676707
SHA1:	FAF361AABE24FB11BF6E138AAE938309D2C8846B
SHA-256:	390FB9037C5F93F9C6FBEDA176512667FBF586A11C1A61677C9A94F2A1A03639
SHA-512:	474CA538FC0843A1BA5207F57300F927DAB546F300ECC456510A743420C4EAA388A03D4533496E4EDA94901D5844E02359F137364A506B8B0AC4DC2220723600
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://sydneybuildingengineers.com.au/OfficeV4/?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	4.895279695172972
Encrypted:	false
SSDEEP:	24:NrQZ9FjFjFjFAZ4qCYORlzi+fzi+fzi+fziAVR9:NoBBB6ZvORlzi0zi0zi0ziGR9
MD5:	7CDD5A7E87E82D145E7F82358F9EBD04
SHA1:	265104CAD00300E4094F8CE6A9EDC86E54812EAD
SHA-256:	5D91563B6ACD54468AE282083CF9EE3D2C9B2DAA45A8DE9CB661C2195B9F6CBF
SHA-512:	407919CB23D24FD8EA7646C941F4DCEE922B9B4021B6975DD30C738E61E1A147E10A473956A8FBB2DDF7559695E540F2CDF8535DB2C66FA6C7DECDA38BB1B112
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/favicon.ico
Preview:	............ .h.......(....... ..... ...........................P..$..%..%..%..%.."...}.....9e..<h..<h..<h..<h..;f..c....2.....................f.w....K...N...N...N...N...L..Iq...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...2.....................f.u....I...L...L...L...L...K..Gp.......g...i...i...i...i...f........................................f...g...g...g...g...e...........g..i..i..i..i..h....../...........................j...d....{...}...}...}...}...\|.6..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8../...........................j...e....\|...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\firstmsg1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3372
Entropy (8bit):	7.90561780402093
Encrypted:	false
SSDEEP:	48:akK0iImj1oaWNTm9Nu4Und08QwVu4IrwfrRUN1t4VQ5sjSPJEGNjqLNecGyuSWn9:LRbSVWN6GCwVwikjsa1MctS41FXi4
MD5:	B7EA3983E3C2D7E5F61B8D1B42758189
SHA1:	FE0817947CA4BC53152ED9378470675D9AF189FD
SHA-256:	7B6CF23AC2454B039DDF4F51B7074636ED5B08B6A1D254A47430C4ACE2A3569D
SHA-512:	6B8CD1CD56B4FF84FCAC4F605558AE32B5EF713CFA42EEDE35B7EA0E0737C53B084FB308185422D3515C4C1BD6B5A6426A65BB0D66DEC54B4AB3F018DDBB7FB7
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/firstmsg1.png
Preview:	.PNG........IHDR...a...)......b....sRGB.........gAMA......a.....pHYs..........+......IDATx^.=R#=..{.;.m..K............p..~....3..-.09.M.h..!x.[.L.F......Ty.{F?.......a.......7..0...a.0.-bF.0.c......N..`O..+......{S...9.~s.7k....6N......N.o..x..1...../.m.5.s.t...........>._...n.?](=......O....}}..N......s}.............,o..Ml...g........Ox......4.....-I.{...j.>.S~Nsr..=./?..%V.........u^..,.T...l..?.._G.m..R.....@Z..%.V.H.Z.=u:Yf...a.. .Z.O..^.....j..}.._^.W..J...d...$...a..!...d.[dZO...NB..d.u]2rp.j..]....;)..#..s.].<.>Y......R.&..l].W..d.0?...6...n..X..#..^r.T]N.yj~\|..n..Q.....E>.8.....,....k.wMb............(-Q\.h..c.........:R.A?.k....z...B...u.*M......b^.:.t......C.........oA......>V..Bu....g..}].r....nD....~.#!.........mC.<.t..E........T.7.ma&<..`.......4.G......a...sx...-,...;%..g.x...7.s....FKx...wb....T...t9..B.y6^..T....Q.........q...../@....`6..H..c8....Q...Og#U/....G.0Z>.S_I.k....Z..0.X.........2......0Y.u }.7.Fb.=8<t+...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/arrow_left.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	12530
Entropy (8bit):	5.61435194414764
Encrypted:	false
SSDEEP:	384:Qx4dYLrFhld6UTyv6R0+nQKrlibQmYMH/pMa1E:Kb/yvCndhi8yfpH1E
MD5:	09C38B34378DC77C039A763ABDC79BFC
SHA1:	FC8E6EAC6934571B6770EF0385EE0F90090E9E4D
SHA-256:	7DD245A1505B111C1DF02CB04687FE51FCE3ABDD8F1E39A8B9C26997FD5C7791
SHA-512:	7770006632B1C5106FB31FFAED8F6A4F6A445267DA4462D25B7F8522F4FE45CFDD7AE3D83359A7592A251CA8DB25C3D8F2387089A600B67EE0B802E54522F603
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\authorize_client_id_5g1afb80-7jfq-ask4-t1bx-5zw0d17rfy48_qa32ux85vsrdgt9ncpmw7ebyo4kz10fjilh6hskufelop5ya3m1i0942tcrv8znqxbwj7gd692ez0tj4dmhkufaqbo7pnvyrxl3568cs1iwg[1].htm, Author: Joe Security
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.<html dir="ltr" class="" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <title>confirm your email</title>. . <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">. <meta http-equiv="Pragma" content="no-cache">. <meta http-equiv="Expires" content="-1">. <meta name="referrer" content="no-referrer"/>. <meta name="robots" content="none">. <noscript>. <meta http-equiv="Refresh" content="0; URL=./" />. </noscript>. <link rel="icon" href="images/favicon.ico" type="image/x-icon">. <link href="css/style.css" rel="stylesheet" >.</head>..<body id="t7m8xsn" class="nd s8lqyrcv" style="display: block;">. ..<div id="5ocsvu"> <div><div class="background wuh2p" role="presentation"> <div style="background-image: url("images/inv-small-background.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\inv-big-background[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	174883
Entropy (8bit):	7.933595362471097
Encrypted:	false
SSDEEP:	3072:NCe5AF33GgclaMBMtNxgFlxIUtjFJIj6lTmE/ORHhAFPy+huXdVnwNAH:NTOFeKtN6DIUtjdl3TgoyH
MD5:	62DDD263C8A6A4C9074E205B91182D04
SHA1:	1B56D11B012DD79DD99212EBB54ADCFB60920A9D
SHA-256:	A59EA699D353D00FF2999111F9FA11FB73A47EDA7800642609CA230560EA3703
SHA-512:	0BDAE93DDE9753BB7FB2B80B63226F3AC04F9CF58D3F954F0E9B8900F4AE5971D3B1270D4E5101E9A346B218689F7A40D70823683FBB719248A53648C02648F2
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/inv-big-background.png
Preview:	.PNG........IHDR.......8.......1q...bPLTEqart]c)L.qpwC..ykfX...pC.xHw`..m.JQ.7M.lYK..th.r..?...j<hW}e...lKit...^T....S..r@M.gUouZ.XR.?..m.!J.h;.k..i.+K.@..m..ZQ._U.WQ.K...mB._..g..l.\|\.._Vog.M..JQ..k..h..cL8M.c..Z..~^..c.RP.._.fX..nJ.xS>L.dn.gV...j.`..c._~.ZU..e.eU..i.{\|r5N.Zu.0J..ye.b..g..b@S~..e.{.{.\IqZ..a.lTcNN.?L..`..d.v[.xXVHM..g..uX.e:.d.aQp.{^.d..g..zg.e.XO}k...f..d.<...c.u.tvVV.c7.......vtRNS/.-.-/.-0/&.-/-,/)/./-1.20--0/.-&"))/-.++11,+-)+.&-(.,/-././'000-,-)/0/-+/-,**/.+++000+,-,$-/)0,*,'0&(,)!.Y]$....IDATx..A..0.Eg.;..U.d....9......._..%..(.p.$.....}.......yg.vV...V.A<.WW..V...yP.5....5...F}Y.\|..\|...?.`...M...6'.....<w..x.a;'..=.5....l...\....].On.I[gdg....\|^.YO....x.LE..p...._........0.$..Ky..L...]m]...v..!.IL.[..#x.uz..^M(...A.RE..';..e..\|.#.<b}..J..GC...0i.[.[-ZW/._P8....M.,.....q........dg...B.Q...M.\|.j...XwD....d.bJ..../......_.....z5.P...}.....^...K..=rH..k.p%g...+:..-}_..6...^%0.z.V.n..C#.a....y....`...h...{.%.{..05.1ry..p..'.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\passwrd[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	902
Entropy (8bit):	7.5760721199160015
Encrypted:	false
SSDEEP:	24:D8kvmvmvmvmvmvmvmvp/Hsj2IruKpPUjMFp5z/xkvAVtaWpX9gCEQ:D8mYYYYYYYRMquHnn5OvIaK8Q
MD5:	4F2A1D382216546E2C3BC620497FD4E3
SHA1:	F785EC5967B5666387304F779306F9C3E3359FF4
SHA-256:	105C03D3360CDB953585482374B2CC953D090741037502B0609629F5BB0135B7
SHA-512:	6307ADD035382E50C1B8751E567810AF9C258D8A126C536A9582D2B80C6BEDB87308E991519C7BA07041B9F108C058FF80D90BCC3E36E1FA965C287097522473
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/passwrd.png
Preview:	.PNG........IHDR...E..."......\|......sRGB.........gAMA......a.....pHYs..........+......IDAThC.r.0...n............e1..#..E.....a....aX..o.-.r..c.~3......3....L.-... .. .. .. .. .. .. .. .. .. ...OcH.4.[.TNo..H....X.Q..v.X.e{..T..i.n.e{..w..u(.w.0\|6.2s.K#.?.'r....".X.S...J:...v..A.P.c;>...1..;.lLc.d.m....d.H....2.M..x.7\|..C.{.<.e8a{.n...P.+.ZJ....zi.......z/...C..?...-..3..cw=a.?......YJ}>..XFpQ...n.i..ZJ.Un....D...kZ+C.>6........gCY.....(....32...I.g.^.MJ0{.L.#...s.F:.;.p]..(.`........F1%..w...."#.Y].. ..}..T..X.n0..=8.e0N..{0.v_!.#n>.....n.x..u......R.L..=...y..n.e...\|&.Y....g..7...<gN.1Z..:.C..k...".W\|)Z...[u.*.Qf.JHq.V.J...GxnA...0..'.v..'....e....c. ...M.`SR.qn.k.....n.Wm.p..&nJb.{....UE.....^.m..?..w..T..#._....g..p.L.......V.H....a..6[.c...8.....x.....6..=.....J.c..R.7W.......O.........x..x..x..x..x..x..x..x..\|......Z=..z....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	96336
Entropy (8bit):	5.237139828082104
Encrypted:	false
SSDEEP:	1536:qUBpw+kGaazA/PWrF7qvEAFiQcpm7tEGyf5c:qiS7yfC
MD5:	9F94F80A5DC09BB962778175292195BC
SHA1:	A7F2E32B422AC9654F39EA870E403599791FCE1C
SHA-256:	1CF4B3AD7ABF3189E78C1B3BD07308C92A03FA795FDBC5821FCDE24030CFEAD0
SHA-512:	85BADDE06E879CBF558163B123BD6A35D58498F15013B981EDB849699C31FC1915B2494595C6FF0E146365413E007C2D3AB32BC83AC70632E64EE08B2B040E44
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/css/style.css
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}but

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_grey[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/ellipsis_grey.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_white[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.877322891561989
Encrypted:	false
SSDEEP:	24:t4CvnAVRf83f1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0W:fnL1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	5AC590EE72BFE06A7CECFD75B588AD73
SHA1:	DDA2CB89A241BC424746D8CF2A22A35535094611
SHA-256:	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
SHA-512:	B9135D934B9EA50B51BB0316E383B114C8F24DFE75FEF11DCBD1C96170EA59202F6BAFE11AAF534CC2F4ED334A8EA4DBE96AF2504130896D6203BFD2DA69138F
Malicious:	false
IE Cache URL:	https://sydneybuildingengineers.com.au/OfficeV4/images/ellipsis_white.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\exrobotosv4[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	230
Entropy (8bit):	5.389463555930212
Encrypted:	false
SSDEEP:	6:hjQL/sGcQ2WF4ZXR0AqJm7+mmHr0ebWB4ECtgUF6vApOL:hjxbjPqJm7+xHrFbcWFioOL
MD5:	8811C2BED058D34E67AAB7C4E57B0223
SHA1:	004F00A5154F6D0A3D14F2CAA409DA9521CDB550
SHA-256:	B231234616F9B76794F2AEDC3038DFBEB5DFA37E2D924D1A55DDC679608AE288
SHA-512:	4F50687D279B138FC7A77375F455A442333A01A14C25F562712305FDE34C8227A15F4E383358CB88F9E7F1B361DA300B1494AC4D7B226C86C8D4B3260DF45E8C
Malicious:	false
IE Cache URL:	https://saisas.com.co/exrobotosv4/?vishal.kumar@smartandfinal.com
Preview:	<!DOCTYPE html">.<html>. <head>. <title>Review: 0ffice365</title>. <script type="text/javascript">window.location.href = "https://sydneybuildingengineers.com.au/OfficeV4?/dmlzaGFsLmt1bWFyQHNtYXJ0YW5kZmluYWwuY29t"</script>.

C:\Users\user\AppData\Local\Temp\~DF0C840B5320C13C8C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	43373
Entropy (8bit):	0.46171655188967237
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+V75or8r414UzWBlO70EHL:kBqoxKAuqR+V75or8rKPiBlOZHL
MD5:	39EBA000C28E4BAE67BDFED43BAA54A2
SHA1:	4FEBC8D5E77845E177C0B53D3C56D48FD552F203
SHA-256:	7B73DF045AB6A2F7B0BCA3C8EBB202096A9157D511567BEAAED5C3927E10D3B3
SHA-512:	C7EFEEE50A0E7E697DADCD736DC9AB2CD1390274C9BFF0EA727B013173B66C50DA86D4AEA82C0B2ED9F61B0F0A5BB15388A51A41A5E7A984EEB2A98B97606A2F
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF837C423F64999335.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47599519052501754
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lokA9lokQ9lWkO2xdeh2xt5dxtEzhzB:kBqoI8CsFfG
MD5:	9794E786A7D9719EDA29406BBCDDFB7C
SHA1:	F0136E6D96B2141675DA4664450320759C1A9C41
SHA-256:	499C84543D837C8D76E7DE67A525B29DD83AE227ADFBE5ABF290ED429645B73D
SHA-512:	49C11DC8F5F83A3BA937D21185CF7BB84F9FDBF2B0DCE3BC51A702094A1D749DA50F59F439280AF10CF4AF8D670185B9D67786F8D152D6B8AB46D00E322B574A
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC6F44CA59B7DB5F9.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	1.0267500105381397
Encrypted:	false
SSDEEP:	96:kBqoxDhHWSVSE+M+Q5CK7VC2s7iDFgQ9ki3D1:kBqoxDhHjgE+M+Q5CK1QiR3D1
MD5:	A55B6CDE2DA92BC4E46420F0691E946B
SHA1:	B35878C65074EC1D692D6486FCCFC1ED77B38321
SHA-256:	C530022B78638EC2CF3695EC132B28855CC2DCCC07D57754AD065D8A8ECA3F05
SHA-512:	1AFB5E7062AAB661C2097BCE17A4ACDB7B5EAFD113F3458962FF2E0F386E73FA7F2D3558F20BC060B2036DCE2B90F727CAB62132BAEAE2AB1A343BF41A016C56
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	HTML document, ASCII text, with no line terminators
Entropy (8bit):	4.692825608716909
TrID:	HyperText Markup Language (31031/1) 100.00%
File name:	smartandfinalTicket#51347303511505986.htm
File size:	128
MD5:	5f42d465e7e680e051a74bb797bc6535
SHA1:	843faae5f7d10488aed129367e8ea7ada3396942
SHA256:	e4b97c79b4c90cb26a1c518bc1a6d821444436d4420d1e579b781b1c3704bb57
SHA512:	bbae0a97261cfc12cc203e7cf038a3f453da86388e1b76cface56dc4a6c0e1fdefb5a5d603f65c6acf641108da6c15d440fa180b6c7f3655e95bc640aff1a467
SSDEEP:	3:gnkAqRAdu6/GY7voOkADYnWPyTLiBXkAaWIEBi1J2+x7b:7AqJm7+mYnHTLi9kAdIEB+sgb
File Content Preview:	<script type="text/javascript">window.location.href="https://saisas.com.co/exrobotosv4?vishal.kumar@smartandfinal.com";</script>

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 22, 2021 22:47:36.740900993 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:36.741144896 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:36.917944908 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:36.918159008 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:36.918370008 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:36.918577909 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:36.927895069 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:36.928350925 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.105814934 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.105865955 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107625008 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107676983 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107716084 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107738018 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.107788086 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.107798100 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.107846022 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107898951 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107917070 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.107953072 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.107959032 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.108021021 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.142250061 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.142251015 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.147919893 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.148458958 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.148679972 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.319236040 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.319295883 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.319405079 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.319461107 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.320167065 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.320219040 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.320305109 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.320354939 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.321033955 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.322359085 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.325217962 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.325340033 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.326481104 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.326643944 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.366476059 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.497961044 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.537406921 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.608355999 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.608467102 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.612776041 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:37.779253960 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.983474970 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:37.983551025 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:38.822577953 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:38.823863983 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.006057978 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.006191015 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.006827116 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.007209063 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.007353067 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.007885933 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.190157890 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.190320015 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.190347910 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.190365076 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.190376043 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.190521002 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.190577984 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.190897942 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.191116095 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.191198111 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.191200972 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.191224098 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.191236973 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.191258907 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.191294909 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.191466093 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.191545010 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.192704916 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.192770958 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.235647917 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.236179113 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.236318111 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.419302940 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.419471025 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.419964075 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.420145035 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.459527016 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.610702038 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.610910892 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.615317106 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.798717976 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990684986 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990736961 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990761995 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990784883 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990813971 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990842104 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990870953 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990891933 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.990900040 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990931034 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990959883 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:39.990989923 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:39.991045952 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.174290895 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.174581051 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.179604053 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.364377022 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543467045 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543519974 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543540001 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.543541908 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543560028 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543577909 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543595076 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543610096 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.543617964 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543623924 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.543632984 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.543637991 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543654919 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543667078 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.543670893 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543684959 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.543694973 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.543729067 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.546128988 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.546184063 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.562058926 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.562738895 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.565561056 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.565798998 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.566416025 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.567766905 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.746661901 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747318983 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747349977 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747375965 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747399092 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747401953 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747421026 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747441053 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747446060 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747447014 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747469902 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747479916 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747493029 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747504950 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747518063 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747523069 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747540951 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747555017 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747565985 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747584105 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747589111 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747600079 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747608900 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747629881 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747634888 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747653961 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.747670889 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747695923 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.747713089 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.750518084 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.750616074 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.751456022 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.751543045 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.751626968 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.751684904 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.752621889 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.752706051 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.753423929 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.753679991 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.753726006 CET	443	49741	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.753798962 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.754446983 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.754524946 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.755444050 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931334019 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931437969 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931478977 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931529999 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931543112 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931579113 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931579113 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931622982 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931623936 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931663036 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931675911 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931701899 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931719065 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931742907 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931746960 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931780100 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931786060 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931821108 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931860924 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931878090 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931884050 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931902885 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931909084 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931952953 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931956053 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.931991100 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.931993961 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932032108 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932033062 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932071924 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932076931 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932111025 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932111979 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932151079 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932157040 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932188988 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932189941 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932238102 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932255030 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932305098 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932308912 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932357073 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932358980 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932410955 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932414055 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932459116 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932461023 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932504892 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.932512045 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.932559013 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.937248945 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.937377930 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.937472105 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.937540054 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.937566996 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.937633991 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.937661886 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.937927008 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.937988997 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.938215971 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.938270092 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.938276052 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.938291073 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.938327074 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.939656019 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.940088034 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.941801071 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.942095041 CET	443	49741	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.942198992 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.942337990 CET	443	49741	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:40.942415953 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.943689108 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.946121931 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:40.946527958 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.116641045 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.116673946 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.116770029 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.116806030 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.117151976 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117175102 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117192984 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117209911 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117227077 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117244005 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117261887 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117274046 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117290974 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117305994 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.117311001 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117324114 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117341042 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117352962 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117414951 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117424965 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.117448092 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.117501974 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.117712975 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117731094 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117825031 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.117938995 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117955923 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117971897 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.117988110 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118005037 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118024111 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118041992 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118057966 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118073940 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118089914 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118089914 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.118105888 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118124962 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118139029 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118146896 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.118156910 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118172884 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.118175983 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.118249893 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.125236988 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.126957893 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.128618956 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.131249905 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.131442070 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.131550074 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.131659031 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.141201019 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.141237974 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.141268015 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.141298056 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.141338110 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.174484968 CET	443	49741	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.310550928 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:41.310635090 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.847585917 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:41.847903013 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.032893896 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.423948050 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.424032927 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.426333904 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.426399946 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.535737038 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.592792988 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.594511032 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.595660925 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.721683025 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.721716881 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.721791983 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.721812963 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.777801037 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777836084 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777859926 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777888060 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777924061 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777945995 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777952909 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.777966976 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.777981043 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.777990103 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.778012037 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.778026104 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.778037071 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.778064013 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.778096914 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.779350042 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.779503107 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.780949116 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.781048059 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963665962 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963699102 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963716030 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963732004 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963737011 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963752985 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963758945 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963772058 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963788033 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963804960 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963807106 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963823080 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963831902 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963840008 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963855982 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963862896 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963872910 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:42.963896990 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:42.963922024 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.147836924 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.147871017 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.147903919 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.147933006 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.147958994 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.147985935 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.147994041 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148013115 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148040056 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148045063 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148066044 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148077965 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148092985 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148111105 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148125887 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148139954 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148154974 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148169994 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148180962 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148201942 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148209095 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148217916 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148236036 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148262024 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148288012 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148293018 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148296118 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148313999 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148327112 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148334026 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148348093 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.148372889 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.148390055 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332232952 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332257032 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332335949 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332354069 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332355976 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332366943 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332380056 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332392931 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332464933 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332464933 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332484007 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332500935 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332509995 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332518101 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332535982 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332545996 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332551956 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332567930 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332575083 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332585096 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332602024 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332604885 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332623005 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332629919 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332638979 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332657099 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332669973 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332674026 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332686901 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332700014 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332701921 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332716942 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332726955 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332732916 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332748890 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332750082 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332767010 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332782030 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332783937 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332799911 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332813025 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332818985 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332834959 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332837105 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332858086 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332858086 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332876921 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332885027 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332895994 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.332905054 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332923889 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.332942009 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.517668962 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.517729998 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.517832041 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518002987 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518032074 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518059015 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518065929 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518085957 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518104076 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518110991 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518136978 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518143892 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518167973 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518194914 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518212080 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518220901 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518246889 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518258095 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518273115 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518281937 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518299103 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518322945 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518328905 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518347025 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518374920 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518383026 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518403053 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518409967 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518431902 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518441916 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518456936 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518474102 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518482924 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518507004 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518517017 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518529892 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518553972 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518563986 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518579006 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518604040 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518609047 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518627882 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518644094 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518651962 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518676043 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518677950 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518698931 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518717051 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518723965 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518748045 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518762112 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518775940 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518798113 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518800020 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518822908 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518837929 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518846035 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518867016 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518877029 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518891096 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518914938 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518918037 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518937111 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518960953 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.518964052 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518990040 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.518990993 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519013882 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519032001 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519037962 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519061089 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519077063 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519083023 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519107103 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519114017 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519129038 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519155025 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519157887 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519179106 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519196987 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519202948 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519227028 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.519228935 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.519268036 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.701802015 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.701863050 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.701890945 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.701941013 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.703159094 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.703238964 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.703282118 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.703301907 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.703319073 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.703356028 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:43.703391075 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.703448057 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:43.985110998 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:43.985151052 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:43.985177994 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:43.985431910 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:43.988250971 CET	49734	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:47:44.154381990 CET	443	49734	208.91.198.178	192.168.2.4
Feb 22, 2021 22:47:46.123239040 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:46.123287916 CET	443	49736	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:46.123351097 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:46.123492002 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:47.725898981 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:47.725925922 CET	443	49742	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:47.726109982 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:47.784585953 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:47.784609079 CET	443	49743	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:47.784876108 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:47.784924030 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:47.785063982 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:47.785131931 CET	443	49737	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:47.785221100 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:47.785273075 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:48.523428917 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:48.523463011 CET	443	49740	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:48.523499012 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:48.523540020 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.116961956 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.301671982 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.301748037 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.304521084 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.487997055 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.488051891 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.488096952 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.488138914 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.488168001 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.488214970 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.488615036 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.489181042 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.489262104 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.499186993 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.682950020 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.683237076 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.687748909 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:54.888994932 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:54.889241934 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:59.894386053 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:59.894449949 CET	443	49752	192.169.157.161	192.168.2.4
Feb 22, 2021 22:47:59.894467115 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:47:59.894511938 CET	49752	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.944197893 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.944247961 CET	49740	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.944909096 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.944946051 CET	49737	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.945565939 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.945646048 CET	49743	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.946280956 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.946357965 CET	49742	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.948374033 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.948407888 CET	49736	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.949054003 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:25.949399948 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:49:26.115320921 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:49:26.115374088 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:49:26.115403891 CET	443	49733	208.91.198.178	192.168.2.4
Feb 22, 2021 22:49:26.115545034 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:49:26.115581989 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:49:26.115629911 CET	49733	443	192.168.2.4	208.91.198.178
Feb 22, 2021 22:49:26.135703087 CET	443	49741	192.169.157.161	192.168.2.4
Feb 22, 2021 22:49:26.135731936 CET	443	49741	192.169.157.161	192.168.2.4
Feb 22, 2021 22:49:26.135982037 CET	49741	443	192.168.2.4	192.169.157.161
Feb 22, 2021 22:49:26.136034966 CET	49741	443	192.168.2.4	192.169.157.161

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 22, 2021 22:47:27.693114996 CET	59123	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:27.741898060 CET	53	59123	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:28.030894995 CET	54531	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:28.082415104 CET	53	54531	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:29.031456947 CET	49714	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:29.093513966 CET	53	49714	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:30.250067949 CET	58028	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:30.298794985 CET	53	58028	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:31.075625896 CET	53097	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:31.127257109 CET	53	53097	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:32.313855886 CET	49257	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:32.364195108 CET	53	49257	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:33.579905987 CET	62389	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:33.641076088 CET	53	62389	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:34.854129076 CET	49910	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:34.905623913 CET	53	49910	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:35.352196932 CET	55854	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:35.414113045 CET	53	55854	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:35.926305056 CET	64549	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:35.977979898 CET	53	64549	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:36.539923906 CET	63153	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:36.726438046 CET	53	63153	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:37.086323977 CET	52991	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:37.135219097 CET	53	52991	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:38.067205906 CET	53700	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:38.488632917 CET	53	53700	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:39.044003963 CET	51726	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:39.095865965 CET	53	51726	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:40.298794985 CET	56794	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:40.347461939 CET	53	56794	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:41.640904903 CET	56534	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:41.689574957 CET	53	56534	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:43.571768045 CET	56627	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:43.625044107 CET	53	56627	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:44.360001087 CET	56621	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:44.408653021 CET	53	56621	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:45.165456057 CET	63116	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:45.214236975 CET	53	63116	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:45.929384947 CET	64078	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:45.981482983 CET	53	64078	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:46.783931017 CET	64801	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:46.832925081 CET	53	64801	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:48.006782055 CET	61721	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:48.057023048 CET	53	61721	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:49.283747911 CET	51255	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:49.335289955 CET	53	51255	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:53.675256968 CET	61522	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:54.114592075 CET	53	61522	8.8.8.8	192.168.2.4
Feb 22, 2021 22:47:58.213332891 CET	52337	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:47:58.265522957 CET	53	52337	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:05.324827909 CET	55046	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:05.374264002 CET	53	55046	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:05.941843987 CET	49612	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:05.999068022 CET	53	49612	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:06.328391075 CET	55046	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:06.385709047 CET	53	55046	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:06.952367067 CET	49612	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:07.011730909 CET	53	49612	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:07.327270031 CET	55046	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:07.377815962 CET	53	55046	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:07.968146086 CET	49612	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:08.017272949 CET	53	49612	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:09.623935938 CET	55046	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:09.674022913 CET	53	55046	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:10.046485901 CET	49612	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:10.097933054 CET	53	49612	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:13.624566078 CET	55046	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:13.673329115 CET	53	55046	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:14.063208103 CET	49612	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:14.113125086 CET	53	49612	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:16.314790010 CET	49285	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:16.364679098 CET	53	49285	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:17.085474968 CET	50601	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:17.147320986 CET	53	50601	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:17.744492054 CET	60875	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:17.801759958 CET	53	60875	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:18.235559940 CET	56448	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:18.288713932 CET	59172	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:18.311781883 CET	53	56448	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:18.377490044 CET	53	59172	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:18.859749079 CET	62420	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:18.922635078 CET	53	62420	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:19.454322100 CET	60579	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:19.511662006 CET	53	60579	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:20.294550896 CET	50183	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:20.351878881 CET	53	50183	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:21.223568916 CET	61531	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:21.272449017 CET	53	61531	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:22.460555077 CET	49228	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:22.517735958 CET	53	49228	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:23.128050089 CET	59794	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:23.184580088 CET	55916	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:23.185147047 CET	53	59794	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:23.243113995 CET	53	55916	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:33.051295042 CET	52752	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:33.102930069 CET	53	52752	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:33.415774107 CET	60542	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:33.489891052 CET	53	60542	8.8.8.8	192.168.2.4
Feb 22, 2021 22:48:38.097318888 CET	60689	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:48:38.157083988 CET	53	60689	8.8.8.8	192.168.2.4
Feb 22, 2021 22:49:11.027713060 CET	64206	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:49:11.080614090 CET	53	64206	8.8.8.8	192.168.2.4
Feb 22, 2021 22:49:12.815059900 CET	50904	53	192.168.2.4	8.8.8.8
Feb 22, 2021 22:49:12.872108936 CET	53	50904	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 22, 2021 22:47:36.539923906 CET	192.168.2.4	8.8.8.8	0x773c	Standard query (0)	saisas.com.co	A (IP address)	IN (0x0001)
Feb 22, 2021 22:47:38.067205906 CET	192.168.2.4	8.8.8.8	0xc44c	Standard query (0)	sydneybuildingengineers.com.au	A (IP address)	IN (0x0001)
Feb 22, 2021 22:47:53.675256968 CET	192.168.2.4	8.8.8.8	0xe8be	Standard query (0)	sydneybuildingengineers.com.au	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Feb 22, 2021 22:47:36.726438046 CET	8.8.8.8	192.168.2.4	0x773c	No error (0)	saisas.com.co	208.91.198.178	A (IP address)	IN (0x0001)
Feb 22, 2021 22:47:38.488632917 CET	8.8.8.8	192.168.2.4	0xc44c	No error (0)	sydneybuildingengineers.com.au	192.169.157.161	A (IP address)	IN (0x0001)
Feb 22, 2021 22:47:54.114592075 CET	8.8.8.8	192.168.2.4	0xe8be	No error (0)	sydneybuildingengineers.com.au	192.169.157.161	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 22, 2021 22:47:37.107716084 CET	208.91.198.178	443	192.168.2.4	49734	CN=cpcalendars.saisas.com.co CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Dec 28 15:44:54 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Sun Mar 28 16:44:54 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 22:47:37.107716084 CET	208.91.198.178	443	192.168.2.4	49734	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 22:47:37.107953072 CET	208.91.198.178	443	192.168.2.4	49733	CN=cpcalendars.saisas.com.co CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Dec 28 15:44:54 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Sun Mar 28 16:44:54 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 22:47:37.107953072 CET	208.91.198.178	443	192.168.2.4	49733	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 22:47:39.191466093 CET	192.169.157.161	443	192.168.2.4	49736	CN=sydneybuildingengineers.com.au CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Dec 31 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Thu Apr 01 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Feb 22, 2021 22:47:39.192704916 CET	192.169.157.161	443	192.168.2.4	49737	CN=sydneybuildingengineers.com.au CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Dec 31 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Thu Apr 01 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Feb 22, 2021 22:47:54.489181042 CET	192.169.157.161	443	192.168.2.4	49752	CN=sydneybuildingengineers.com.au CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Dec 31 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Thu Apr 01 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 6832 Parent PID: 800

General

Start time:	22:47:34
Start date:	22/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7f01a0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 6924 Parent PID: 6832

General

Start time:	22:47:35
Start date:	22/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6832 CREDAT:17410 /prefetch:2
Imagebase:	0x1240000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report smartandfinalTicket#51347303511505986.htm

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 6832 Parent PID: 800

General

Chronological Activities

Analysis Process: iexplore.exe PID: 6924 Parent PID: 6832

General

Chronological Activities

Disassembly