Play interactive tour

Edit tour

Analysis Report http://www.tfaforms.com/responses/processor

Overview

General Information

Sample URL:	http://www.tfaforms.com/responses/processor
Analysis ID:	358587
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

No high impact signatures.

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Startup

System is w10x64

iexplore.exe (PID: 4616 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4588 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: GET /responses/processor HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, /Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /js/iframe_message_helper_internal.js?v=2 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Source: global traffic	HTTP traffic detected: GET /dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1Accept: text/css, /Referer: http://www.tfaforms.com/responses/processorAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; AWSALBCORS=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ
Source: global traffic	HTTP traffic detected: GET /responses/favicon.ico HTTP/1.1User-Agent: AutoItHost: www.tfaforms.comCookie: AWSALB=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; AWSALBCORS=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ
Source: global traffic	HTTP traffic detected: GET /support/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D
Source: global traffic	HTTP traffic detected: GET /pages/support HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.tfaforms.comConnection: Keep-AliveCookie: AWSALB=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; AWSALBCORS=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh

Source: unknown

DNS traffic detected: queries for: www.tfaforms.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Feb 2021 20:54:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveSet-Cookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/Set-Cookie: AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/; SameSite=NoneServer: nginxP3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"Set-Cookie: CAKEPHP=08f519fdfa456469e460b5af44981a9f; HttpOnly=1; Path=/; SameSite=None; SecureData Raw: 36 63 62 30 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 69 6e 69 74 3d 7b 70 72 69 76 61 63 79 3a 7b 63 6f 6f 6b 69 65 73 5f 65 6e 61 62 6c 65 64 3a 66 61 6c 73 65 7d 7d 3b 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 3d 7b 78 70 69 64 3a 22 56 51 41 4f 55 56 42 54 43 78 41 4a 56 46 46 55 44 67 63 46 56 41 3d 3d 22 2c 6c 69 63 65 6e 73 65 4b 65 79 3a 22 63 33 33 32 39 34 66 35 64 66 22 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 22 39 30 30 36 39 36 32 32 22 7d 3b 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 2c 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 69 66 28 21 65 5b 6e 5d 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 74 5b 6e 5d 5b 30 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 69 3d 74 5b 6e 5d 5b 31 5d 5b 65 5d 3b 72 65 74 75 72 6e 20 72 28 69 7c 7c 65 29 7d 2c 69 2c 69 2e 65 78 70 6f 72 74 73 29 7d 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 65 78 70 6f 72 74 73 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 29 72 65 74 75 72 6e 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 6e 2e 6c 65 6e 67 74 68 3b Data Ascii: 6cb0<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><script type="text/javascript">(window.NREUM||(NREUM={})).init={privacy:{cookies_enabled:false}};(window.NREUM||(NREUM={})).loader_config={xpid:"VQAOUVBTCxAJVFFUDgcFVA==",licenseKey:"c33294f5df",applicationID:"90069622"};window.NREUM||(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var i=e[n]

Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://creativecommons.org/licenses/by-nc-nd/3.0/Version
Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://designmodo.com/flatSergey
Source: flat-ui-icons-regular[1].eot.2.dr	String found in binary or memory: http://designmodo.comAttribution-NonCommercial-NoDerivs
Source: g=koCss[1].css.2.dr	String found in binary or memory: http://designmodo.github.io/Flat-UI/)
Source: g=koFontawesome[1].css.2.dr, fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io
Source: g=koFontawesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: g=koCss[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: wforms-layout[1].css.2.dr	String found in binary or memory: http://stackoverflow.com/questions/1716183/html-fieldset-allows-children-to-expand-indefinitely
Source: wforms-layout[1].css.2.dr	String found in binary or memory: http://stackoverflow.com/questions/20524815/ie-11-bug-image-inside-label-inside-form
Source: g=publicJsFooter[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2FRoot
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2Fbly.com/helpocessorRoot
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processor2FormAssembly.com
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: http://www.tfaforms.com/responses/processorRoot
Source: help[1].htm.2.dr	String found in binary or memory: http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play.png);
Source: help[1].htm.2.dr	String found in binary or memory: http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play_orange.png);
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: help[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato
Source: help[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff)
Source: help[1].htm.2.dr	String found in binary or memory: https://formassembly.workable.com
Source: iframe_message_helper_internal[1].js.2.dr	String found in binary or memory: https://github.com/andris9/simpleStorage
Source: g=koCss[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassem
Source: help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/app/image/id/5eac6dd7ad121cde5ddf2202/n/avenir-heavy.woff2
Source: ~DF48068F2185627C41.TMP.1.dr, help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/help
Source: help[1].htm.2.dr	String found in binary or memory: https://help.formassembly.com/help/form-tags-and-descriptions
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpVFormAssembly
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessor
Source: ~DF48068F2185627C41.TMP.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessorf
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassembly.com/helpocessorx
Source: iframe_message_helper_internal[1].js.2.dr	String found in binary or memory: https://help.formassembly.com/knowledgebase/articles/340359-publish-with-an-iframe
Source: {FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://help.formassemm/responses/processorbly.com/helpocessorRoot
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.formassembly.com/content/uploads/2017/05/Favicon.png
Source: help[1].htm.2.dr	String found in binary or memory: https://www.formassembly.com/privacy-policy.php
Source: help[1].htm.2.dr	String found in binary or memory: https://www.formassembly.com/terms-of-service.php
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: help[1].htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: recaptcha__en[1].js.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.142:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.152.202.195:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.174.150.168:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.196.12.68:443 -> 192.168.2.5:49755 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@3/41@9/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD194315-77F6-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF049D6DF724C2332B.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer3	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.tfaforms.com/responses/processor	0%	Virustotal		Browse
http://www.tfaforms.com/responses/processor	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bam-cell.nr-data.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe
https://help.formassemm/responses/processorbly.com/helpocessorRoot	0%	Avira URL Cloud	safe
http://designmodo.comAttribution-NonCommercial-NoDerivs	0%	Avira URL Cloud	safe
http://designmodo.github.io/Flat-UI/)	0%	Avira URL Cloud	safe
https://help.formassem	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
formassembly.knowledgeowl.com	54.152.202.195	true	false		high
app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com	3.226.66.230	true	false		high
app.knowledgeowl.com	54.152.202.195	true	false		high
dyzz9obi78pm5.cloudfront.net	13.224.89.142	true	false		high
pi-ue1-lba3.pardot.com	35.174.150.168	true	false		high
formassembly.com	104.196.12.68	true	false		high
www.tfaforms.com	unknown	unknown	false		high
js-agent.newrelic.com	unknown	unknown	false		high
help.formassembly.com	unknown	unknown	false		high
bam-cell.nr-data.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.formassembly.com	unknown	unknown	false		high
pi.pardot.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
http://www.tfaforms.com/responses/processor	false	high
http://www.tfaforms.com/wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f	false	high
http://www.tfaforms.com/js/iframe_message_helper_internal.js?v=2	false	high
http://www.tfaforms.com/support/	false	high
https://help.formassembly.com/help	false	high
http://www.tfaforms.com/responses/favicon.ico	false	high
http://www.tfaforms.com/dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f	false	high
http://www.tfaforms.com/pages/support	false	high
http://www.tfaforms.com/dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f	false	high
http://www.tfaforms.com/responses/processor	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.tfaforms.com/responses/processorRoot	{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false		high
https://github.com/andris9/simpleStorage	iframe_message_helper_internal[1].js.2.dr	false		high
https://help.formassembly.com/app/image/id/5eac6dd7ad121cde5ddf2202/n/avenir-heavy.woff2	help[1].htm.2.dr	false		high
http://fontawesome.io	g=koFontawesome[1].css.2.dr, fontawesome-webfont[1].eot.2.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	g=publicJsFooter[1].js.2.dr	false		high
https://help.formassembly.com/help/form-tags-and-descriptions	help[1].htm.2.dr	false		high
http://stackoverflow.com/questions/20524815/ie-11-bug-image-inside-label-inside-form	wforms-layout[1].css.2.dr	false		high
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	fontawesome-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play.png);	help[1].htm.2.dr	false		high
http://www.tfaforms.com/responses/processor2FormAssembly.com	~DF48068F2185627C41.TMP.1.dr	false		high
https://help.formassemm/responses/processorbly.com/helpocessorRoot	{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://help.formassembly.com/knowledgebase/articles/340359-publish-with-an-iframe	iframe_message_helper_internal[1].js.2.dr	false		high
http://www3.formassembly.com/blog/wp-content/uploads/2014/03/play_orange.png);	help[1].htm.2.dr	false		high
http://designmodo.comAttribution-NonCommercial-NoDerivs	flat-ui-icons-regular[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
http://www.tfaforms.com/responses/processor2Fbly.com/helpocessorRoot	{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false		high
http://designmodo.github.io/Flat-UI/)	g=koCss[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://help.formassem	{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://creativecommons.org/licenses/by-nc-nd/3.0/Version	flat-ui-icons-regular[1].eot.2.dr	false		high
http://www.tfaforms.com/responses/processor2FRoot	{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false		high
https://formassembly.workable.com	help[1].htm.2.dr	false		high
http://fontawesome.io/license	g=koFontawesome[1].css.2.dr	false		high
http://designmodo.com/flatSergey	flat-ui-icons-regular[1].eot.2.dr	false		high
http://fontawesome.io/license/	fontawesome-webfont[1].eot.2.dr	false		high
https://www.formassembly.com/content/uploads/2017/05/Favicon.png	imagestore.dat.2.dr	false		high
https://www.google.%/ads/ga-audiences	analytics[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://help.formassembly.com/helpocessorx	{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false		high
http://getbootstrap.com)	g=koCss[1].css.2.dr	false	Avira URL Cloud: safe	low
https://github.com/twbs/bootstrap/blob/master/LICENSE)	g=koCss[1].css.2.dr	false		high
https://help.formassembly.com/helpocessor	~DF48068F2185627C41.TMP.1.dr	false		high
https://stats.g.doubleclick.net/j/collect	analytics[1].js.2.dr	false		high
https://help.formassembly.com/helpocessorf	~DF48068F2185627C41.TMP.1.dr	false		high
https://help.formassembly.com/help	~DF48068F2185627C41.TMP.1.dr, help[1].htm.2.dr	false		high
https://www.formassembly.com/terms-of-service.php	help[1].htm.2.dr	false		high
https://help.formassembly.com/helpVFormAssembly	~DF48068F2185627C41.TMP.1.dr	false		high
https://www.formassembly.com/privacy-policy.php	help[1].htm.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
13.224.89.142	unknown	United States	16509	AMAZON-02US	false
35.174.150.168	unknown	United States	14618	AMAZON-AESUS	false
104.196.12.68	unknown	United States	15169	GOOGLEUS	false
3.226.66.230	unknown	United States	14618	AMAZON-AESUS	false
54.152.202.195	unknown	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	358587
Start date:	25.02.2021
Start time:	21:53:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.tfaforms.com/responses/processor
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/41@9/5
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: http://www.tfaforms.com/support/
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, HxTsr.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 204.79.197.200, 13.107.21.200, 51.104.139.180, 93.184.220.29, 13.88.21.125, 52.147.198.201, 23.54.113.53, 104.43.139.144, 88.221.62.148, 151.101.2.110, 151.101.66.110, 151.101.130.110, 151.101.194.110, 162.247.243.146, 162.247.243.147, 184.30.20.56, 216.58.208.170, 216.58.206.36, 142.250.184.110, 172.217.18.99, 216.58.208.163, 152.199.19.161, 51.104.144.132 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, cs9.wac.phicdn.net, tls12.newrelic.com.cdn.cloudflare.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, www.bing.com, fonts.googleapis.com, fs.microsoft.com, www-google-analytics.l.google.com, dual-a-0001.a-msedge.net, fonts.gstatic.com, ie9comview.vo.msecnd.net, f4.shared.global.fastly.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.tfaforms[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aK1r0aKb:JFK1rFKb
MD5:	132294CA22370B52822C17DCB5BE3AF6
SHA1:	DD26B82638AD38AD471F7621A9EB79FED448A71C
SHA-256:	451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77
SHA-512:	6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD194315-77F6-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8572343199844275
Encrypted:	false
SSDEEP:	96:r7ZcTZj2JWgtWbfUUzKMvrq+RQAxfVUi6X:r7ZcTZj2JWgtWfURMWlOfVsX
MD5:	B8D5EF430AD0B9D97F8BAE1E542BB308
SHA1:	3DF93C92E05464EDB0262CD61974A73D4EDD83E2
SHA-256:	7ACB3E5EBC810FA75570D1602EFB1B83875371AB712439273F2827B34AB54C1C
SHA-512:	6BD4EE7995C189E8C81374BCD2AA9647DDF879A08ADC334ED7EC74FAF978AAD09EE20AA6A149DB5E9BCCB894B25306DFBA54D3EA5DF386E3CCF81F2A86151F68
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FD194317-77F6-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	38376
Entropy (8bit):	1.9503309874860666
Encrypted:	false
SSDEEP:	192:r/Z4TQl6bkij12dWmM+Y0Y7Vjbn49OSc3CoaVSXlxDiqWx3ms:rhdQgcs0PD0CV3n49OSc3XaIX3iqgt
MD5:	BD959427FE90F6C2B29CE1C96155D59C
SHA1:	0515D0EBEAEF4EBEA8C1A3AD70DDC67ED933BB93
SHA-256:	D002A0654B0543EC8F1AA735EF8E55C79893409652AD1102F09CA5DF2FDE7F3F
SHA-512:	8F9840A4B25335096642313277A26F797297017AD10A9396C98FC0496B48EFC216776C5243B156267AFC057F8C3ADCAE41BDFD3B1EAD18AB9409B5E98E17A386
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FD194318-77F6-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5635650915055552
Encrypted:	false
SSDEEP:	48:IwJGcpreZGwpaDG4pQrGrapbSQGQpKjG7HpRcTGIpG:rPZeTQ16fBSYAyTIA
MD5:	A9960B910D188984CE9830D587FCF3E8
SHA1:	0897D1B55DE3B26045BBB7987A063A28A35FB504
SHA-256:	A8E23AD72DA2DAB97C61F7C0397F77D4F17DCA1F191FCE9EB4A8DC4828FC356F
SHA-512:	66EE4CEE60EA69B4C4A4061E437CF90313ADA35D7113CC12A250FA20E5C379215BB2B36C4CABCE36B3D57200D6D486106F03A87AF32502E3E10FC3BE4D9623D9
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	1028
Entropy (8bit):	7.356921251969959
Encrypted:	false
SSDEEP:	24:D9BAGj1l8DLudUSQrYw+6yi8PXJcsNKJwq4:D9BAGj1CDLud5Qx3yi+XJTPT
MD5:	A7ABA22AB5FE3A8403F0052EAF1FA3F7
SHA1:	C14ADDC997BC88B346D6505BBD341800F59ECB43
SHA-256:	306D7634E159C01D65DF65B57EC8E3EE9E56869792C8B210A42553CC506EF764
SHA-512:	31292B55D2AC3C6C059E92F960EB1CFDD7D60435C25FD05AB76B97630287114DC50AD11CF5FDB5AB2F774EDD4E717B76D02E148EE6244F7F7E0012834B54ACF2
Malicious:	false
Reputation:	low
Preview:	@.h.t.t.p.s.:././.w.w.w...f.o.r.m.a.s.s.e.m.b.l.y...c.o.m./.c.o.n.t.e.n.t./.u.p.l.o.a.d.s./.2.0.1.7./.0.5./.F.a.v.i.c.o.n...p.n.g.^....PNG........IHDR...(...(........m...%IDATx..9h.Q...l$.W..&."..bk%bc....AH.dsy..`."..S..2K..@E..hvM..n6q..`5....>?.......w....{3.[.y^U%..G....T.q...*0......q5V`mA.W.......+Ep.g.....r..Wr.'.T..F0E.0.....r..30.R..g..=%....4...=.s.F."H.......1...\m.......3........D.r..n.r...Ho.m...h..uy.....k..4.'.\|$WA'..(7,{...v.......x.y. ..f+. r.5.E\|.c/....e!7.....(..o.v.......}.L..PA.1...RdT.d%pS.^.......T......H9.....o..=.i.y.Ij.:N.}.\0.BP....Q....X"...r'....7. 8.....j...../..q.nLr.v....<.....`6d..j........1...ZS...?nM.M.%.)u.kF....~./..}cM..$R2......#.-"......>.Q..#pN-...W....K!r_Y...A.(.X...5.....r..5..W....2...rk..Ip. .@......[..J.,..rk. ..#.U.lu1!7.........o&@...{p.[.....35..1_.AG..H9%rP....K.?...\A..d.<.=RN.WI.r......j5..!..V...XlA.?dx...%....5.r(. o.....4j6......z..$..YWVAG'.)..@..U....b.A+cy.V.W.a........(:....IEND.B`.(...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\Favicon[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.43530643106624
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
MD5:	4F8E702CC244EC5D4DE32740C0ECBD97
SHA1:	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
SHA-256:	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
SHA-512:	21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
Malicious:	false
Reputation:	low
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47332
Entropy (8bit):	5.518633523108405
Encrypted:	false
SSDEEP:	768:UyC36rcBLbfsl5XqYoyPndHTkoWY3SoavVVy2WiCgYUD0FEw0stZb:UyDAZfY5hVdHTwY3SoIjw0sD
MD5:	6A10EB2BB5C90414980729F4F96FFBDA
SHA1:	8BBBD5948255549E4B691B614AA3177DEA9AF1B7
SHA-256:	0F3BE44690AE9914AE3E47B7752E1BDEA316F09938E9094F99E0DE19CCD8987A
SHA-512:	5A505CBAAEEAB8961AA0DE94767F76A09B6F03E60EB0C72954B85EC0392EE1CE383D2088939A314D3175AB24B7A69390C841CFE0237C1D1C40966B43F22AE929
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var v=window,x=document,y=function(a,b){x.addEventListener?x.addEventListener(a,b,!1):x.attachEvent&&x.attachEvent("on"+a,b)};var z={},A=function(){z.TAGGING=z.TAGGING\|\|[];z.TAGGING[1]=!0};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\flat-ui-icons-regular[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), flat-ui-pro-icons family
Category:	downloaded
Size (bytes):	25912
Entropy (8bit):	6.106742023542436
Encrypted:	false
SSDEEP:	384:MoJYNb9fSYaiaAwjHg8dX0JQpop4BuEPgCW+b/pcNCi1TgmLj+veAsbLgmKR:BYNZ+Hg8dX0Jui4fPb3/Cn1LCvdK9
MD5:	F1D025E1D5DC1B25678397FCF6AE70D7
SHA1:	ACA0199880BA1945FEB4AE85DFDF7436D4AFFEC2
SHA-256:	DD97A7F8D8B4B790804C55C6C7FE10CBF0D6DC7CA4782201774A4DE1196E290F
SHA-512:	3C1FB7BA70650CBC9D584507B382BF9A7140125AB50C6E58D1952090A1A956AB058DB86B5748DFBCAD920E8AB095559A3ED7AA2DB5250578DEB88F785301C8C5
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/glyphicons/flat-ui-icons-regular.eot?
Preview:	8e..ld............................LP..........................u...................".f.l.a.t.-.u.i.-.p.r.o.-.i.c.o.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...1...".f.l.a.t.-.u.i.-.p.r.o.-.i.c.o.n.s................0OS/2...........`cmap.U........Lgasp.......h....glyf...N...p..\.head..P..^,...6hhea... ..^d...$hmtx......^.....loca./...`.....maxp.o....`.... name;.....a....Cpost......dL... ...........................3...................................@...`.........@............... .........................8............. .`......... ................................................79..................79..................79..................%..!...............................!.............................!................................!.............................%...........................................@.@.......... ....................A..A................... .......'..7...a..A......A...A.>..A.=... .......4...!....+."..5.!"..=.4>.3!.4>.;.2....!2.......#........@...............@....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fontawesome-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), FontAwesome family
Category:	downloaded
Size (bytes):	165742
Entropy (8bit):	6.705073372195656
Encrypted:	false
SSDEEP:	3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5:	674F50D287A8C48DC19BA404D20FE713
SHA1:	D980C2CE873DC43AF460D4D572D441304499F400
SHA-256:	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512:	C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious:	false
Reputation:	low
IE Cache URL:	https://dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot?
Preview:	n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\g=koCss[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	284796
Entropy (8bit):	5.101704501368992
Encrypted:	false
SSDEEP:	1536:VwldERdvGNIkabbRk3ch9OW5pK38FfFVyl2+285/sIjRV42:QhBshT5k285/so
MD5:	94A9B8F202B7E5F82FA1D9D1D3782DF1
SHA1:	AC5D534A5964FCB8DAF843168F19A6C559E316F8
SHA-256:	870425DFBB1EBF55058A7C67FF5C86A28B7900555D0D9BB54557CED4E498120E
SHA-512:	565B922BA712F2A9FB27DB81FFCDB9BCC18AE6774B68BBD5B6A642C5FFDB53294ADA89C49F2F110C8ED77688C74E95D06CCF245779AD59BFB21D7D706698028A
Malicious:	false
Reputation:	low
IE Cache URL:	https://dyzz9obi78pm5.cloudfront.net/2021022501/min/g=koCss
Preview:	/!. Bootstrap v3.2.0 (http://getbootstrap.com). * Copyright 2011-2014 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.1 \| MIT License \| git.io/normalize */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:0 0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:conten

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\help[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	116645
Entropy (8bit):	5.121804763790916
Encrypted:	false
SSDEEP:	1536:zco5S3dzGyKUVcRN+gOLmCvIUxumR5NHjkgx:0dmTRNxCvIw
MD5:	92742A0BE374285C597B3D43C7C19A2B
SHA1:	75CFCEEF32E42E124E6EDB7746646C5BD17A19E9
SHA-256:	AAE0D2C03A00C3C87C027DBDA79F55CCE98CFE4B1145CCE3B1114BB99396178E
SHA-512:	5F227F17FAF71850BEC043A97F8135561B01E6A6134160A437B606378E4CA25716DF87A366F37E26A13EA188E4448C73A53466FFFF8641B92F2BA27161A2B5AF
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>..<head>...<meta http-equiv="X-UA-Compatible" content="IE=edge" />...<title>FormAssembly \| FormAssembly Resource Center</title>...<meta charset="UTF-8" />...<meta name="viewport" content="width=device-width, initial-scale=1.0">...<meta name="description" content="FormAssembly Resource Center can help you find new ways to make your forms better!">...<link rel="stylesheet" href="//dyzz9obi78pm5.cloudfront.net/min/g=koFontawesome" type="text/css">....... [if IE 7]>........<link rel="stylesheet" type="text/css" href="2021022501/css/ie7.css">.......<![endif]-->.......<link rel="stylesheet" href="//dyzz9obi78pm5.cloudfront.net/2021022501/min/g=koCss" type="text/css">...<link href="https://help.formassembly.com/app/image/id/5eac6dd7ad121cde5ddf2202/n/avenir-heavy.woff2" rel="stylesheet" type="text/css"><link href="https://fonts.googleapis.com/css?family=Lato" rel="stylesheet" type="text/css">...<style type="text/css">.documentation-body{background-color:#ffffff}.hg-cl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\rainbow-custom.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	28512
Entropy (8bit):	5.329815063874166
Encrypted:	false
SSDEEP:	768:mSBHOmiydMJOicfY9tqz8vriHnd6L5Ggxt6x7mAjD:NHOmixsEtqz8jOd6V7i93
MD5:	83B8621ACC08A9921D10DAD68E6CB234
SHA1:	BFD1BAC2B6EA455B05076E3DA688B71BA4DC9C78
SHA-256:	7D396FB0806284C2D164F205B2D2251339F3A30E91D0935E1D3EB9B76112BA45
SHA-512:	CA99447639D4F83084982C7DA2D9D9352D7402D652E2B6638351ABBB942B39C3994EACF88D6819AE2D226E66DD407073284DBC730CF48116FA27528C16623A7D
Malicious:	false
Reputation:	low
IE Cache URL:	https://help.formassembly.com/js/rainbow/rainbow-custom.min.js
Preview:	/* Rainbow v1.2 rainbowco.de \| included languages: c, shell, java, d, coffeescript, generic, scheme, javascript, r, haskell, python, html, smalltalk, csharp, go, php, ruby, lua, css */.var k=!0;.window.Rainbow=function(){function B(a){var b=a.getAttribute("data-language")\|\|a.parentNode.getAttribute("data-language");if(!b){var c=/\blang(?:uage)?-(\w+)/;(a=a.className.match(c)\|\|a.parentNode.className.match(c))&&(b=a[1])}return b}function C(a,b){for(var c in f[d]){c=parseInt(c,10);if(a==c&&b==f[d][c]?0:a<=c&&b>=f[d][c])delete f[d][c],delete j[d][c];if(a>=c&&a<f[d][c]\|\|b>c&&b<f[d][c])return k}return!1}function r(a,b){return'<span class="'+a.replace(/\./g," ")+(m?" "+m:"")+'">'+b+"</span>"}function s(a,.b,c,i){if("undefined"===typeof a\|\|null===a)i();else{var e=a.exec(c);if(e){++t;!b.name&&"string"==typeof b.matches[0]&&(b.name=b.matches[0],delete b.matches[0]);var l=e[0],g=e.index,u=e[0].length+g,h=function(){function e(){s(a,b,c,i)}t%100>0?e():setTimeout(e,0)};if(C(g,u))h();else{var n=v(b.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\wforms-jsonly[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	755
Entropy (8bit):	4.764598419421799
Encrypted:	false
SSDEEP:	12:zSmmdOdWGQqfTTLxdXLXETvTTPdXCCni/rTvjCPdXMVjCRQW/TTHRA1W/jC3C+Tr:zSmASWYTHHjEbThpi/rbCsCjTTmcN+Tr
MD5:	7115B3A93075ECB5E36335002FCAFF7E
SHA1:	F655788CAA361AA3F2A6A3A1AAD1FCA871450743
SHA-256:	2C3626D21F1D22DC053238489A0AC7B58C451C95B516C1A13BD8BCF08E555C1A
SHA-512:	3CD1DCE5E5A4EADFCA07D48F60684916F028D15E8621B12DBC1011D6AA62B8F4672401B4BDDA75104264A1B58EBAAE58DB8FDD99522E84734BE9E27AA637310B
Malicious:	false
Reputation:	low
IE Cache URL:	http://www.tfaforms.com/dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f
Preview:	../* Accessiblity Related Rules /./ These are the rules that should not apply if javascript is disabled. /....offstate {. display: none !important;.}..html .wForm form .wfPage, html .wForm form .wfHideSubmit {. display: none !important;.}.html .wForm form .saveAndResume .actions .wfHideSubmit {. display: block !important;.}.html .wForm form .wfCurrentPage {. display: block !important;.}...offstate-resumelater {. display: none !important;.}..onstate-resumelater {. display: block !important;.}..#saveAndResumeFieldset {. display: none;.}../ Handle page visibility */.html .wForm form .wfPage, html .wForm form .wfHideSubmit {. display: none !important;.}.html .wForm form .wfCurrentPage {. display: block !important;.}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Favicon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	862
Entropy (8bit):	7.653640922797821
Encrypted:	false
SSDEEP:	12:6v/7Qh1QGw9Yj1l2ZgwLudBSSQGeYwPUiSw6nFV/n6y2FuFPPJfVnJhG28WNKJwg:xj1l8DLudUSQrYw+6yi8PXJcsNKJwqz
MD5:	9BC284924A839F4CCDEB5167E28804B7
SHA1:	6CC3350B72D727F596BE53C1891D101C844F7D66
SHA-256:	E7650F78F6405F203399B6A590BC2A884AF74616E89A63E0E0078CA94EC8165C
SHA-512:	D4552D94C7708A3A793E489B3EDB374A7126A5A2128F14C4FE22245099B45DECD8D8B37564604CA41C8FC0511566F36D3556F3B7D18BAB61B8BDF2F18D4A2B35
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.formassembly.com/wp-content/uploads/2017/05/Favicon.png
Preview:	.PNG........IHDR...(...(........m...%IDATx..9h.Q...l$.W..&."..bk%bc....AH.dsy..`."..S..2K..@E..hvM..n6q..`5....>?.......w....{3.[.y^U%..G....T.q...*0......q5V`mA.W.......+Ep.g.....r..Wr.'.T..F0E.0.....r..30.R..g..=%....4...=.s.F."H.......1...\m.......3........D.r..n.r...Ho.m...h..uy.....k..4.'.\|$WA'..(7,{...v.......x.y. ..f+. r.5.E\|.c/....e!7.....(..o.v.......}.L..PA.1...RdT.d%pS.^.......T......H9.....o..=.i.y.Ij.:N.}.\0.BP....Q....X"...r'....7. 8.....j...../..q.nLr.v....<.....`6d..j........1...ZS...?nM.M.%.)u.kF....~./..}cM..$R2......#.-"......>.Q..#pN-...W....K!r_Y...A.(.X...5.....r..5..W....2...rk..Ip. .@......[..J.,..rk. ..#.U.lu1!7.........o&@...{p.[.....35..1_.AG..H9%rP....K.?...\A..d.<.=RN.WI.r......j5..!..V...XlA.?dx...%....5.r(. o.....4j6......z..$..YWVAG'.)..@..U....b.A+cy.V.W.a........(:....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\api[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	850
Entropy (8bit):	5.527084929213002
Encrypted:	false
SSDEEP:	24:2jkm94/zKPccAv+KVCetQ1IeqsLqo40RWUnYN:VKEctKoe61IoLrwUnG
MD5:	F265186D221473A895D2373E5666BC80
SHA1:	1B167F3E67EA18FD54FA21AFB265156B4AEAF7E6
SHA-256:	7BE93782718B63BDF0478467DBAE39879064F603EB44D42A90A6C6FEE1EE81A3
SHA-512:	F677A3F22F324555AAAF6249EA0569F68F35BCB1B567956BF517026646E4B88275EBCCDFBFDB32B06FA067767AD0B966379C53BE4D19071408A99EAC867F1987
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-M9863pj8VTkCmdbfuuaGvQUaNXo72mc4KbfOtDfVBjv+zjrQy0vx5uzX9BsGSepE';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']\|\|e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s);})();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	169
Entropy (8bit):	5.07579670704692
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCZZ5RI5XwDKLRIHDfFRWdFTfqzrZqcdjK/mRtBsYARNin:0IFFN+56ZRWHTizlpdgmRtBaNin
MD5:	21293E4BE383F939F010DEEFB93A12DC
SHA1:	63B5D1E607AC77495ABCC9450717EFC4DD39B35B
SHA-256:	A026EF5D961447E008A0E17E2D1B5076A09D1AD83C1FE38C6954E66B420A8484
SHA-512:	EF6E376333D67B4354C185484F3DE1AC5E7C79B2B6A193FDCC0385CA0F62643A96C60DF8BB384BC5AC7B352993A14E7D4A2BBE201D6DE796513371D6D57C2F53
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Lato
Preview:	@font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\css[2].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1184
Entropy (8bit):	5.300645554985999
Encrypted:	false
SSDEEP:	24:5MOYNFMOYsiMOYN7q/EOYNNxlwTg/EOYsNxlwTN+/EOYN7NxlwTHa:SOWGOLpOCVOWNITHOLNITNZOCNIT6
MD5:	44CB14977FC77909F0C8EA26B9A22094
SHA1:	236BB248452AD13193C37AE0A040C8C68420C7DA
SHA-256:	4696FA8BF1CF824217DDF70DF758460696FFF45DE941540F52C5E17DB3D40800
SHA-512:	36C4AC520FB04F9554327044413DD9A07FA7A5DF61A0C2A1A3D814FD4D10E529366586358A81AC19BE025D2353D212BFBF80F505BB87D02C2BE4043EE5B30CEF
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Roboto Slab';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl.woff) format('woff');.}.@font-face {. font-family: 'Roboto Slab';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl.woff) format('woff');.}.@font-face {. font-fami

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\g=publicJsFooter[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	285373
Entropy (8bit):	5.235397507665197
Encrypted:	false
SSDEEP:	3072:l6LMBJUExACDqZbMNIeCN0HS/vq5vZBMIfESco7XEUXCEZnF0Mhev:l6LMiZbYHS/vq5ZEazZnF0MUv
MD5:	7BF4A2C91F6A22CA2A39FE11830F431B
SHA1:	3E2A5DE28278B18AF1A15089AA066A154BB6E50F
SHA-256:	2FD1FFA5DD8AED0B247F54A5FA28EF1EEDBECD3D7DF803D4B1664FB3FCD2147B
SHA-512:	CCE2C04A6CB8CF0B396F2D95E8572C36DAF214B4D69FAAED7CF13F59DDFB5CC6F00D0C0BD50306A951323FD7E7236E4D2DBCD708517627943EC279215E1159A4
Malicious:	false
Reputation:	low
IE Cache URL:	https://dyzz9obi78pm5.cloudfront.net/2021022501/min/g=publicJsFooter
Preview:	!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):a(jQuery)}(function(a){function b(b,d){var e,f,g,h=b.nodeName.toLowerCase();return"area"===h?(e=b.parentNode,f=e.name,!(!b.href\|\|!f\|\|"map"!==e.nodeName.toLowerCase())&&(g=a("img[usemap='#"+f+"']")[0],!!g&&c(g))):(/input\|select\|textarea\|button\|object/.test(h)?!b.disabled:"a"===h?b.href\|\|d:d)&&c(b)}function c(b){return a.expr.filters.visible(b)&&!a(b).parents().addBack().filter(function(){return"hidden"===a.css(this,"visibility")}).length}function y(a){for(var b,c;a.length&&a[0]!==document;){if(b=a.css("position"),("absolute"===b\|\|"relative"===b\|\|"fixed"===b)&&(c=parseInt(a.css("zIndex"),10),!isNaN(c)&&0!==c))return c;a=a.parent()}return 0}function z(){this._curInst=null,this._keyEvent=!1,this._disabledInputs=[],this._datepickerShowing=!1,this._inDialog=!1,this._mainDivId="ui-datepicker-div",this._inlineClass="ui-datepicker-inline",this._appendClass="ui-datepicker-append",this._triggerClass="ui-datepicker-trigger",th

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\pd[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	5186
Entropy (8bit):	5.177511759121435
Encrypted:	false
SSDEEP:	96:SZ6XcSJpDSMe+8gGVHRwE9gib6Ymv4/q1ykQ7KJcBWXDylZP25A/F4tT5yqUg8:SZMcSK/PgdQYBQ7KGBW2lZ25A9mT5f8
MD5:	4801DAC64526FE7AE9A2B34F19E7943F
SHA1:	4DF465117F396C248B6A3EFC4E897D496C1D2041
SHA-256:	925BE107869153B6120DE872C1AE333977BFAEE69A0F7C6271F32D4A8348BCA8
SHA-512:	4E911ABB2A57BE6491AD3AD0E7E82AF31674B83E20B3017D544015AC269BD9A84FC5D7ABF0BF055779EAED7D1084BDE5C6E7B4D8118BE8B6902733FF45A16AF8
Malicious:	false
Reputation:	low
IE Cache URL:	https://pi.pardot.com/pd.js
Preview:	/! 2020-03-12 10:41:10 /.function checkNamespace(e){for(var t=e.split("."),r=window,i=0;i<t.length;i++){var a=t[i];r[a]\|\|(r[a]={}),r=r[a]}}function getPardotUrl(){var e="pi.pardot.com";return"string"==typeof piHostname&&(e=piHostname),("https:"==document.location.protocol?"https://":"http://")+e}function piTracker(e){if(checkNamespace("pi.tracker"),pi.tracker.visitor_id=piGetCookie("visitor_id"+(piAId-1e3)),pi.tracker.visitor_id_sign=piGetCookie("visitor_id"+(piAId-1e3)+"-hash"),pi.tracker.pi_opt_in=piGetCookie("pi_opt_in"+(piAId-1e3)),"false"!=pi.tracker.pi_opt_in\|\|void 0!==pi.tracker.title&&pi.tracker.notify_pi){var t=piGetParameter(document.URL,"pi_campaign_id");null!=t?pi.tracker.campaign_id=t:"undefined"!=typeof piCId&&""!=piCId&&null!=piCId?pi.tracker.campaign_id=piCId:pi.tracker.campaign_id=null,pi.tracker.account_id=piAId,pi.tracker.title=document.title,"undefined"!=typeof piPoints&&(pi.tracker.pi_points=piPoints),pi.tracker.url=void 0!==e?e:document.URL,pi.tracker.referrer=d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\wforms-layout[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	30044
Entropy (8bit):	5.085412382641297
Encrypted:	false
SSDEEP:	384:v4oDbxnuXCx+xn3DxNSlbEfsnlDrpsJvLe40z3YzecUUlMDR7igWKVNyW+VHZxpf:goPaBxBwzYfw+xhCLUEEKW/K/vG
MD5:	468114E6FD705DA883A1EC1182EA0513
SHA1:	196C780923CCB37B90C395086F3274FDC19D90CC
SHA-256:	7DAD717CD3BBABC16A91B8404874EDA70C68F023A66DDEEA1D26579C0C774215
SHA-512:	CEA8AE0120FF73620152E0F2122FB19A8AF070C5154547DA5B68EBAC449DAC005E86C846F2E3A03F7905265FE39D1EA04391866E1128C676114D54051BAEF9F0
Malicious:	false
Reputation:	low
IE Cache URL:	http://www.tfaforms.com/dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f
Preview:	* {..-webkit-font-smoothing: antialiased;.}../* Reset CSS - scope limited to .wForm - based on YUI reset. * --------------------------------------------------------. */..wForm dl, .wForm dt, .wForm dd, .wForm ul, .wForm ol, .wForm li, .wForm div, .wForm th,..wForm h1, .wForm h2, .wForm h3, .wForm h4, .wForm h5, .wForm h6, .wForm pre, .wForm td,..wForm form, .wForm fieldset, .wForm input, .wForm textarea, .wForm p, .wForm blockquote {..margin:0; padding:0; }..wForm table { border-collapse:collapse; border-spacing:0; }..wForm fieldset, .wForm img { border:0; }..wForm address, .wForm caption, .wForm cite, .wForm code, .wForm dfn,.wForm em, .wForm strong, .wForm th, .wForm var {..font-style:normal; font-weight:normal; }..wForm ol, .wForm ul { list-style:none; }..wForm caption, .wForm th { text-align:left; }..wForm h1, .wForm h2, .wForm h3:not(.wFormTitle), .wForm h4, .wForm h5, .wForm h6 { font-size:100%; font-weight:normal; }..wForm q:before, .wForm q:after { content:''; }..wForm abbr, .w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\wforms[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	243215
Entropy (8bit):	5.430619101104077
Encrypted:	false
SSDEEP:	3072:gsEQV0+H4O8ebj1cHcmcrCWEPIc+7/dTXmPYlNCH:rsO8en6l+7/dTX2
MD5:	14E383468CFC2E8356E5007F5946F85E
SHA1:	97124AC35550A0FA6165EFD184E4D1D92E7F06D8
SHA-256:	900D2CBF35F85BDB03AFBD715CF013E206C87C932134D4D966399ABE5BFC1F39
SHA-512:	F8D272E7BF216A61128CEA3D2C9674CA34A7722221FB1D29EEFA87677521A8EA0532D98E54FEBE4A86B46E2F43FAA50DCEDB0D6232CAF999AD9907E4874C209E
Malicious:	false
Reputation:	low
IE Cache URL:	http://www.tfaforms.com/wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f
Preview:	var base2={name:"base2",version:"1.0",exports:"Base,Package,Abstract,Module,Enumerable,Map,Collection,RegGrp,Undefined,Null,This,True,False,assignID,detect,global",namespace:""};new function(_no_shrink_){var Undefined=K(),Null=K(null),True=K(true),False=K(false),This=function(){return this};var global=This();var base2=global.base2;var _FORMAT=/%([1-9])/g;var _LTRIM=/^\s\s/;var _RTRIM=/\s\s$/;var _RESCAPE=/([\/()[\]{}\|+-.,^$?\\])/g;var _BASE=/try/.test(detect)?/\bbase\b/:/./;var _HIDDEN=["constructor","toString","valueOf"];var _MSIE_NATIVE_FUNCTION=detect("(jscript)")?new RegExp("^"+rescape(isNaN).replace(/isNaN/,"\\w+")+"$"):{test:False};var _counter=1;var _slice=Array.prototype.slice;_Function_forEach();function assignID(object){if(!object.base2ID){object.base2ID="b2_"+_counter++}return object.base2ID}var _subclass=function(_instance,_static){base2.__prototyping=this.prototype;var _prototype=new this;if(_instance){extend(_prototype,_instance)}delete base2.__prototyping;var _constr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\c33294f5df[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:	3:CUXJ/lH:Dl
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Reputation:	low
Preview:	GIF89a.......,..........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\g=koFontawesome[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	31317
Entropy (8bit):	4.759435559291011
Encrypted:	false
SSDEEP:	384:u3Y5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaUX:umlr+Klk3Yi+fwYUf2l8yQ/e9vX
MD5:	4405176548FEF6B438C79BA353FDFFB5
SHA1:	E3679C8CD9EE81EB23D782A8B6FB996C9102ACD7
SHA-256:	A9F4746243E00C74C7CAE7F9BE3E0A6B588C8513711E80FD7D8B887251C2834E
SHA-512:	2B44F92DAB327E09899267DC719A568E7AAB00CC26AAFA55C9C5075E1036C58E2A81268BC597F706ABC1F69D2093E48440A12F1C3FC000F1B9423EE5CCFC9C63
Malicious:	false
Reputation:	low
IE Cache URL:	https://dyzz9obi78pm5.cloudfront.net/min/g=koFontawesome
Preview:	./!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */.@font-face{font-family:'FontAwesome';src:url('//dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot?v=4.7.0');src:url('//dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('//dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('//dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('//dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('//dyzz9obi78pm5.cloudfront.net/css/font-awesome-4.7.0/fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:no

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	92996
Entropy (8bit):	5.367795820022782
Encrypted:	false
SSDEEP:	1536:dT4r9sfd4PtunP/C1nGzg8d82pDos2JvrdXLvxj7z0tjNeGvHucaRsfcQaqOdVIS:1kGzg8ylGHkjr
MD5:	D72D040960D0CD6ABDF28AE022F1DE3D
SHA1:	D5339F5085091C053614137F81390BB5CBB3EB41
SHA-256:	54BC986C1297FEDA871DEFF1E37DBA0FD6545EA40491C1FAB05E28BBD7309322
SHA-512:	7D56B6064693853656EE5E5FF870F5907E6FDD3D9DCF26AB0FD42B4ED99588E96FCF6B360780E4A85E70BD17889C43A590E42C0CC1FEF98B21E32B12CCF6555F
Malicious:	false
Reputation:	low
IE Cache URL:	https://dyzz9obi78pm5.cloudfront.net/js/libraries/jquery.min.js
Preview:	!function(a,b){function h(a){var c,d,b=g[a]={};for(a=a.split(/\s+/),c=0,d=a.length;c<d;c++)b[a[c]]=!0;return b}function l(a,c,d){if(d===b&&1===a.nodeType){var e="data-"+c.replace(k,"-$1").toLowerCase();if(d=a.getAttribute(e),"string"==typeof d){try{d="true"===d\|\|"false"!==d&&("null"===d?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d)}catch(a){}f.data(a,c,d)}else d=b}return d}function m(a){for(var b in a)if(("data"!==b\|\|!f.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);!h\|\|"queue"!==c&&f._data(a,e)\|\|"mark"!==c&&f._data(a,g)\|\|setTimeout(function(){f._data(a,e)\|\|f._data(a,g)\|\|(f.removeData(a,d,!0),h.fire())},0)}function J(){return!1}function K(){return!0}function S(a){return!a\|\|!a.parentNode\|\|11===a.parentNode.nodeType}function T(a,b,c){if(b=b\|\|0,f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if("stri

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-black[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Lato Black family
Category:	downloaded
Size (bytes):	30838
Entropy (8bit):	7.975436222063131
Encrypted:	false
SSDEEP:	768:JI+ICM2LqTTGQfKnsgmz1DUh73Y/VgYQm3q/qjB:JGB2k49mz1DUh7OgYQmcQB
MD5:	5407DE996A439DD4470D0A1E98ECD396
SHA1:	4C4F74BFD9C499AE6FF7E5BA3CC13A9C3F2C22DD
SHA-256:	D572501EFAA6AFF46941C17D10C9A8B2F8A2ECA3E33E7EF0C4C49D73E41FD206
SHA-512:	1B9136638AE5A9236E6C807A81DB08B0B7ACC7D97A7FDAC5A67712D4AD4090BD47E07F4EF449922F974C9FBC31E2808C2D05DB8E31287E06F5901BF6C90CA8A2
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/lato/lato-black.eot?
Preview:	vx..hw............................LP....K`.P........... ....\.\.....................L.a.t.o. .B.l.a.c.k.....R.e.g.u.l.a.r...P.V.e.r.s.i.o.n. .1...1.0.4.;. .W.e.s.t.e.r.n.+.P.o.l.i.s.h. .o.p.e.n.s.o.u.r.c.e...$.L.a.t.o. .B.l.a.c.k. .R.e.g.u.l.a.r.....BSGP...................(.N..N..J.....xZg.icyR..&c..4o4F..w....[.yM...R.Y.._.Y.ulb.&...O.......%(...I.:[i.b/g...2.4....F3..q..T.\.......<g.!.\|....92C2$....`..tj...P......8:t.......X?<...t@d...`))....lT.Ct..dX.u-..$..C....NXj..Y..%Jk\l.. .....]...~B.`.......q6...5Qsr..^.:....~..Q...~3..5..3.0.$.th...hDI%vF.....'...;.0...H.9........Z+(.l.$X.q..~d$.(q:/u.....H.......&oA..Ef....u.."..c.a...9.....bi.O...KN.y.(.v.7b.)(.....M.Y(=_...V.P.....d.hP.SV@{x.....[......./.%.A..ry....I.<.a@....G9..=...p{P.....a...Vg.d.$N..!T..!..H.y..dI..W.oI....Q]3-..Y.{.bD4..X..A;.R..E.........31..$.5..4i.n...B.O.gO.....uE.=Rj.T..(.U..).8.-......kl.A.A..M..a..#....{...(..K.n.PE"..C..z .@.oc...4.u'i;..i.@W.........tzGi..+..+.3.....6.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-bold[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Lato family
Category:	downloaded
Size (bytes):	32056
Entropy (8bit):	7.970959360968234
Encrypted:	false
SSDEEP:	768:KRC8eq4QSKzT7UhLsdI/40JS+CB4m+Yonj1PZsamBZk:csq4yT7sLgM4cmbonYbBZk
MD5:	2D4919CE2E98D98674657605CEEF758B
SHA1:	3A74EA081B6A622B43164D4C43AF7D78FAA1C52B
SHA-256:	3A18A112543C04AD0AD5C0365F4B535A5D6CEAD1C720D88595729A33FAAA12C1
SHA-512:	197AB63EFB512161B915AAA0F703439F78082A6009C0BA7B509CAFAD8DAE29DC27B6501889385AD28C46A4CA6FA75690C2AE67F6D0B09DF1F667304F821264E2
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/lato/lato-bold.eot?
Preview:	8}..N\|............................LP....K`.P........... ...... .....................L.a.t.o.....B.o.l.d...P.V.e.r.s.i.o.n. .1...1.0.4.;. .W.e.s.t.e.r.n.+.P.o.l.i.s.h. .o.p.e.n.s.o.u.r.c.e.....L.a.t.o. .B.o.l.d.....BSGP...................d.Q..Q..L2....xZg.icyR..&c..4o4F..w....[.yM...R.Y.P..1.V.0...'..@..9j.J8..T.fN..y...q.3-.&.L...&3..q..F.Q.E...j...&.\.(-.;o...G..P.X..]Ow..!.....v..K.$"....@x.=.d.7..S..2D..M;..f.r..x..X.^../BP.c..L+.O-....T.x..:k...."t......8......W....NQ.E..K..V1...M...,?....14#.<y....x>0B>.....g^.....S....X[X6Y....N...oQ..'.. .......~.q..:3N.n[\|.#.3.. #.T......\|...-.in^..-T..a.....F.t..da.....d:...~...d.RT.d>7....\b.%.~.:.....2,c$.......L4w.;.....s...k.Nd.6..n-(....]...$..1./.F..>^....%a3`..F...Z........2.rm$..0...s..6.n.yP.Sh..<m.CQCmCQ@.%6Jl.. n@/@..ap..../.K........f.......v..K>..J\.....-~.O...s....W.........I._Sz..X....i..M._[z..=...v.L;b;.j...R6.e@3."v0.{.%..E..9L.g./..DN/z./`..."uSL.....:.+RH...*.WX...o.....o.}D..%.._.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-bolditalic[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Lato family
Category:	downloaded
Size (bytes):	30340
Entropy (8bit):	7.974632118478816
Encrypted:	false
SSDEEP:	768:GbJCUSQ4+z/6/H1wfjT/EjqlvMyuCKQauBYSzV:aJpzS/C/skACKQVBtzV
MD5:	8A6AF3182A48E9E713931C04E6C656E8
SHA1:	1D7EF4A285A6B3E4D942E25FB05718357D26B532
SHA-256:	F63842BB377D0345DA11E322928CB4D363F138AFAEF944BBCB31439A32E255EE
SHA-512:	64A0D9947E52ABF71AC71A092335370A533F6D180E524875EDFAAFDE64CE1D0639A8BB0BB7CE6B9DE2624F2A67D1BC142BC01FC5DDE69BAD46A93F897A8EC8B7
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/lato/lato-bolditalic.eot?
Preview:	.v..~u............................LP....K`.P........... .......W....................L.a.t.o.....B.o.l.d. .I.t.a.l.i.c...P.V.e.r.s.i.o.n. .1...1.0.4.;. .W.e.s.t.e.r.n.+.P.o.l.i.s.h. .o.p.e.n.s.o.u.r.c.e... .L.a.t.o. .B.o.l.d. .I.t.a.l.i.c.....BSGP.....................V..e..D.....xZg.icyR..&c..4o4F..w....[........H..Z...[.....V...,.....%(.6z.12t.T...o..j.o96.%.6..{n;>.o..z.I....nz..V..{.'U8e...7B..".{....Z.....f..J.$(g..v..kC..Bh...h[X....2w..'.3H....-y%.J..}.m9c..d.E.O.c.....).P.8.......Y..8J.It.."7...1.9D.).\..c..]...y.."..?.?t...g5.0..Y/..%......:=.N3N.p....]&t..Q...../.ja.p........1..!..0&]....N.{?...H...@......+..&N..&..;.....&.L.wc.FQ....cRm./+..9.fq9..... .?.(82s..h.....K...5.B..$....u7#\.R.I..=.A..~.Hu....S..y.......!...E.z...%...@...A.5.3.. ..?.o(.Sl..Ar......N...c...m.I.\|L_..0T.T?...:...\.?....f..\qy..\|g...Y.7..=....x.G..J..>....ST..e.K.mS.U;3..U..d..*..X<..)..A.4..IPi....Qh2%}+.YCI.-...[.D...t5.....%y....=.W..k.2fF9.f.....}6D=.l.e.5.^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-italic[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Lato family
Category:	downloaded
Size (bytes):	29887
Entropy (8bit):	7.9706763780696415
Encrypted:	false
SSDEEP:	768:XKpZhP5zYzEOjLJKDjpa7sz+s7dLViGWPDMKbvMr:aJhzhKL+a7ij1ViGWPDMKDMr
MD5:	CCE53FC2EB9E68832563771801E3B84B
SHA1:	68DA735AB36101777F8C0F03AB257A5AF4EB3A32
SHA-256:	642B31507C814CEC165C55FFC37F06AF12502BAB0BD4377EA1D8FA67CA6DAC7B
SHA-512:	D34B207EC5104EE0C8CA58A69DD4426AD0C42931CF7B4A0E0F4732A9DE1E80CEC20D60C164D474275612539C9B5A85B101978B15D4D77048010D5E6BE238E860
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/lato/lato-italic.eot?
Preview:	.t...s............................LP....K`.P........... ....q(.R....................L.a.t.o.....I.t.a.l.i.c...P.V.e.r.s.i.o.n. .1...1.0.4.;. .W.e.s.t.e.r.n.+.P.o.l.i.s.h. .o.p.e.n.s.o.u.r.c.e.....L.a.t.o. .I.t.a.l.i.c.....BSGP.....................V/.e..D.....xZg.icyR..&c..4o4F..w....[........H..Z...[.....V...,.....%(.6z.12t.T...o....o96.%.........'.9&.z..{9..Z....^!..T.......{....X1.1.`qy......;.v.N...\^yi`.....k....m......XL.".%....C...,....c..Y.C.....*.g?y%.?1b.hI..Y...`..<..1.9B....D....m.3.....6.ax=..K.t...6e`R.....1../V.r..........{.....4t .D...2ep..U......;.f.B].j@L...a.}..S^,..1..@....9..&.....Z.H.>.1.6=.J..@...........5&..y...8..3....j1j.R...@9.u....!.4i%;K...)..........cy...uc..].3.gd,.8r.....q.8.n.>.5.....7...............d..L.....7..3T.).PD.F..%_..%...x=...i..,s...G...3..3.bf....,.9....u.}..~..[..W....o......7-..Fj7Q.....HjGRZ...jWR.%..N..f"jW.=Xi=.Q.O.$..?.ZY[..,.f.\....e\|.l...zIN,..\|.......9.O!V$.......y....m....@gZ..}.......}.,.GM$.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-light[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Lato Light family
Category:	downloaded
Size (bytes):	30116
Entropy (8bit):	7.968862266911759
Encrypted:	false
SSDEEP:	768:vPnXD+nR1D2r6swU/U3poNB4ExlKBcF/UcEe/kxsV:HnXDYN2rq5W4vWVRd
MD5:	1B75C6E45BFC6D5659B119723A95FB0C
SHA1:	DE33FE3EDF02B9A283840D832DBD7CA6EC751746
SHA-256:	6EABBF263F4E5F08EC1046F174EA06598B573D807320C2B833987F84F3047518
SHA-512:	BA0FF395E982154CA3C477B2947AD4B018961E6EBE427C459C04058CBF636EBEC62FCB78216AAC59A2685F63B5215A299FC41AB491D42CEAFC504134FE459227
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/lato/lato-light.eot?
Preview:	.u...t......................,.....LP....K`.P........... ......R.....................L.a.t.o. .L.i.g.h.t.....R.e.g.u.l.a.r...P.V.e.r.s.i.o.n. .1...1.0.4.;. .W.e.s.t.e.r.n.+.P.o.l.i.s.h. .o.p.e.n.s.o.u.r.c.e...$.L.a.t.o. .L.i.g.h.t. .R.e.g.u.l.a.r.....BSGP.....................Mh.Mn.I.....xZg.icyR..&c..4o4F..w....[.yM...R.Y.._.Y.ulb.&...O.......%(...I.:[i.b/g..d.o.m.^........b.K.{...e.3.+..3$.H..l.[".8a..i....P.....8:.\|d...=...y.h+.)q.Ab.......+[$p..).........>...\|T..V.....G.......t........'.(A.!p.H.).1XG..(...v..v..y.Daxh......hn(........+R.R..A.[..dc.....D..+.8...^..\...e.......AC....../8..0T..,.Z?.P0.&R....k\|......;..fh3n...!E.....p.....x3....[..}.\..#..9t..M_..x..U I...69D..+...-I.p.")9..Y~l.......r2D......%.'....i.'.03.%1Zc.p.r.K6..=....f...`..0......<....9.6..#..."..M.X.0U..VW,.^.a.C...R..g]Il...X...I'......b..a..)..yV.....[....D...&_3y..2(...&..._..g_......}As@.C./Q.T...>.5S..Xc..5sv........./.K...q...G...,..ia.#..6=pU^.<Z.H..=aA......}[i.;.....Q...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\lato-regular[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Lato family
Category:	downloaded
Size (bytes):	30978
Entropy (8bit):	7.973346592876513
Encrypted:	false
SSDEEP:	768:9PzdPeTK3cKyn6o9nrnEN1Bobqk2tdxOxei8vug1:9bdPeTK3cvn99TE2ItdaeTv3
MD5:	77F286E48A458105B9DEB4433D0844D9
SHA1:	7CC6733853B2A7F917824B68FDDBED2A735E0828
SHA-256:	DFE79473D1A937DFDEE1EF16C453B7C52FDE7E35ECC37798EFE80710A091D6F0
SHA-512:	4D653943CA53D734BFD36B27CE5E3D6A75453D91DBB346711D30148D576A6FB850FAD11D87E9A3BC1FF23AD244E33E4CC68B1671AEDFA7F458B18AB7EBC1D649
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.knowledgeowl.com/flatui/fonts/lato/lato-regular.eot?
Preview:	.y...x............................LP....K`.P........... .....K.6....................L.a.t.o.....R.e.g.u.l.a.r...P.V.e.r.s.i.o.n. .1...1.0.4.;. .W.e.s.t.e.r.n.+.P.o.l.i.s.h. .o.p.e.n.s.o.u.r.c.e.....L.a.t.o. .R.e.g.u.l.a.r.....BSGP.....................N:.N@.I.....xZg.icyR..&c..4o4F..w....[.yM...R.Y.._.Y.ulb.&...O.......%(...I.:[i.b/g..O2.4...sF3..q..T........!.Pr7..wbG..3b=l..`..r...t..P......8.......{q:..M...>.Q.c.&..-[..bJ...Tx...R!R..%..=.z..r.P.2.\|..[.f.?......y..........91Bm...`$....;.P...d.Z...')C.`.YE.....U....7%p4{.3..h\Y%.../#..../.....1..&].A.....(.\.h........n..'.Y,.(D..yq&k.............`.VnH1)..a..2H.~H.....zKH......i./"E.......=".Z..g&$...;,.=BS8.2_......9.0.k..p.....l.&.T.$`H#.-..>.U..g...v.X;....7l]./.D.....s....4......z.9..e...X.e.KT.$SD..7.A$.HZ.q .A..$.V...g.mjax..WO..#.q.......q...:s...Z...,.4.q0\|.....Y....?..Zq..:i....O.Z...?.T:....5K.mS...]._+.u.........i>..K.. .s%.sd....)1.#..RU2s.+.F!...%...c.j...h9.f..K<...N....4....+.....($....+.8.4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nr-1198.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	28120
Entropy (8bit):	5.31469238173269
Encrypted:	false
SSDEEP:	384:yZevj5awnX8RfzD7WdPs8tzmwUyAH77jx+zJTREUi2bikgHIvYboLLAJ1fFKohtJ:yZUQKi8tzA76AFIAbo/M1jtnWE5
MD5:	59C98195BA35E0B45CBE2E5BEEBD1AC8
SHA1:	BB1DD82667456B0B608750BBF8D2871A018535B0
SHA-256:	39893061747F88B837A34D0395D05FCA83E7CD5BBF2D582D181A73C5C9A174C6
SHA-512:	9CCE07757B9475D6A3C20CAD19A4775422EED4AE018F27521D4EF29FB89C5B5CEFB3991A6CDD3E422B532C32D43699A5EE86F61FD7FEA9FCDB90F2670A40E762
Malicious:	false
Reputation:	low
IE Cache URL:	https://js-agent.newrelic.com/nr-1198.min.js
Preview:	!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '"+t+"'")}var u=e[t]={exports:{}};n[t][0].call(u.exports,function(e){var o=n[t][1][e];return r(o\|\|e)},u,u.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i++)r(t[i]);return r}({1:[function(n,e,t){e.exports=function(n,e){return"addEventListener"in window?window.addEventListener(n,e,!1):"attachEvent"in window?window.attachEvent("on"+n,e):void 0}},{}],2:[function(n,e,t){function r(n,e,t,r,i){l[n]\|\|(l[n]={});var a=l[n][e];return a\|\|(a=l[n][e]={params:t\|\|{}},i&&(a.custom=i)),a.metrics=o(r,a.metrics),a}function o(n,e){return e\|\|(e={count:0}),e.count+=1,f(n,function(n,t){e[n]=i(t,e[n])}),e}function i(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.te.t,c:1}),e.c+=1,e.t+=n,e.sos+=nn,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function a(n,e){return

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\S6uyw4BMUTPHjx4wWA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 28660, version 1.1
Category:	downloaded
Size (bytes):	28660
Entropy (8bit):	7.986798426962959
Encrypted:	false
SSDEEP:	768:Rr8uuUMtVCqVsUnrZAT9vaxw9pi95vSVc+Dfpy:R9uZV9VnndAJvaCGPvwDhy
MD5:	B8EE546ACD6CC0C49F42AD3D48EF244F
SHA1:	7D8BFF4143A36AA9CC1C2801F60FA0E99969E3F6
SHA-256:	04050BAE4CC3B9CCD20D3C7F57F5B1BA249D4A54D6EFF75A1E4DF504362E8C00
SHA-512:	700D04F4CAF24A20919C2136DD3700BBE07F509F5BD0045084063B78EA8B6FD72BFEA6BBF2A94A5865A75CD6C7197DAB500B809122AA5A3910F46E1D9816D00C
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff
Preview:	wOFF......o........l........................GPOS...l.......z....GSUB...<...S...p.:.\|OS/2.......Z...`y$aycmap...............cvt ...x...+........fpgm............rZr@gasp...$............glyf...0..YY...H@...head..h....6...6...#hhea..h........$...whmtx..h........v}.O7loca..j............9maxp..l.... ... ....name..l....8....:.TApost..n........EW..xprep..o....K...K....x.T..l Q.EO....m.m.m;X...Fl..?us..p.$z3......G.f.N...`Yv...p.a.N.."b.3...]p..`...l,.5...]=.%U..D...[)v?.xX.w...;.w>.....mt?....+......]..G.>]:(.JO.+.J.R.=.k.....@9.+........:(.UP.k.bZ...B..a....U....6\..Q.10....H'...../.....1.!.e....HF1..Lf...l.0.y,`.KY.rV....b7{....p...,.8...r.+..>.x.#....%.x.[...\|.....7.._.........$.H..&.X.'.D.I!.^xX...=..........{XC.hySQy....p...n)..h..M.(..f)"..)..j...L.qw..R`).E..8..1.X..7...\..9(q(..32.PJ)K).....#)I(.X...{.....7.g..\s.:..7dL...K.>..0H.!.Y.v.U.Xg...m.-..a.=.:...<!..c.9~....?B...w...-..l(.>..TQM...X..5...G.J..P.\..=4.H31Z....q.j.6........v.#..z.G..e.q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\analytics[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with no line terminators
Category:	downloaded
Size (bytes):	72
Entropy (8bit):	4.098434282903269
Encrypted:	false
SSDEEP:	3:hGQRALjCjETEIuJ9QREi2KNVKVMmRcn:hCvTGWl2KNVKHKn
MD5:	5090AC56E33ACAFB87EF9885B07AD758
SHA1:	3323A659231A1C5E6D0E2B7D94443C8393CC91D7
SHA-256:	D5ED0D3BB98AE16AD90BE29DB3BECF6153A1390B922506A19CCCF2400BBDB1C1
SHA-512:	9D2DB73DC3A5332832942FADB5F4B5BFEE57CB6BC9B62E9D2C177E2CB398C71D0F39A67DD869DF731B17E15D771AC0675F6C083DCDDE077B5E6BF1F893138BAA
Malicious:	false
Reputation:	low
IE Cache URL:	https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=39444&account_id=78672&title=FormAssembly%20%7C%20FormAssembly%20Resource%20Center&url=https%3A%2F%2Fhelp.formassembly.com%2Fhelp&referrer=
Preview:	This content isn.t available. Contact the owner of this site for help.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\c33294f5df[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:	3:CUXJ/lH:Dl
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Reputation:	low
Preview:	GIF89a.......,..........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\c33294f5df[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.340020120659463
Encrypted:	false
SSDEEP:	3:U3KTDW3MiqVkMWVrfUh:H6NukMWVr8h
MD5:	06DD80AEB628C60DC680BC7A4BEE6651
SHA1:	8C86EB7DDFF5E1E5D527BD7A41C9D3F6767E23E0
SHA-256:	5E864C2E3F674C60970513411EAEEEAFD2D615D842E65EC01D09CCFCB4A7B38D
SHA-512:	C6EE8252743A760AD7BEE017FF7A804B6E34236764BC5630289D5E4C7C15E38CB971F161821586F0235882FD581630F1531FD6396761BF1284581CD8C2CAC4C6
Malicious:	false
Reputation:	low
Preview:	NREUM.setToken({'stn':0,'err':1,'ins':1,'cap':0,'spa':1})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\iframe_message_helper_internal[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19914
Entropy (8bit):	4.836036794825976
Encrypted:	false
SSDEEP:	384:CsZ97WRJzbfbjm/7jSWlrfgNhjI5LD05fdpiOXfcvrnhAs:CsZ9IJPfbEro7IJgV/0vrnhAs
MD5:	2487F6102C216F30BAE1C6F30719AA4E
SHA1:	219F04E9D52126BAF4019155A37704A2506A106D
SHA-256:	3F43A10CC040E064D28E2200C192C162A48C22ECB10BA69EFAE5F628DD0EFDE4
SHA-512:	739327B161811EFD18ED0AA9A693770E0C788B8307F75BAD728BCE63D4FA43D7FE2614F893ED40EC196683AA63F2D3CEB7EB66AD646D95C76FBB57E788E63FCD
Malicious:	false
Reputation:	low
IE Cache URL:	http://www.tfaforms.com/js/iframe_message_helper_internal.js?v=2
Preview:	/*. This script must be included in a FormAssembly form.. * When loaded in an IFRAME, it will continuously send its updated. * height so that the container can adjust IFRAME height to match. * it content's height.. . The posting is done through a cross-domain message mechanism.. * simpleStorage js library is also used (included minified below) -. * it is needed to store data between page reloads in the IFRAME.. . The message sent in the following format:. * h,iframeID,targetUrl. . - h: either new height in pixels or a command like "submitted";. * the message receiver in the parent window will handle it accordingly.. * - iframeID: the unique iframe ID for which the message must be applied,. * in other words it is the IFRAME running this script;. * - targetURL: the fallback solution if no iframeID is available;. * indicates the value of IFRAME's "src" attribute to identify. * the IFRAME. Identifying IFRAME by targetURL will not work after. * form resubmission as the

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\recaptcha__en[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	339250
Entropy (8bit):	5.72235648390319
Encrypted:	false
SSDEEP:	6144:2LgyvcysILY+3SqzE30QvvbuzLRp/epQx2g9tIxGdPLy:2LQ6HWEAbyRopQx9IC+
MD5:	32C49DC5F9FA12F530A84CD51D5E274A
SHA1:	89C75509FB3E3807679E55B57A4C0569A4B8EDD8
SHA-256:	46C97699759B3239F2306F7D09DF96131FB1044315B07CFDD62B66C2E4C0125B
SHA-512:	7388DB3DF5DDC98C633E0037020672366D5DD0F078206EE9A2412A90C9EBC9806CB43131A0C947A71E97FAD1F3EF6460FD1AC28991797E1EA2665B5765001680
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var F=function(){return[function(B,G,Z,I,W,l,d,N){if(!(B+(N=[2,11,13],N)[0]&N[2]))a:{for(I=(Z=L[32](N[1],!1,G(),g[N[0]].bind(null,32)),0);I<Z.length;I++)if(Z[I].src&&M[16](N[0]).test(Z[I].src)){d=I;break a}d=-1}return(B^644)%((B<<1&((B-6)%5\|\|Z.Y\|\|(Z.Y=new IA,Z.Z=0,Z.S&&L[3](3,null,1,"&","=",function(S,x){Z.add(decodeURIComponent(S.replace(/\+/g,G)),x)},Z.S)),15))==N[0]&&(G.Y=I,d={value:Z}),9)\|\|(k.call(this),this.C=l8[Z]\|\|l8[1],this.o=l,this.S=I,this.W=G,this.Y=W),d},function(B,G,Z,I,W,l){return(B\|.((B-9)%2\|\|(l=dR(Z.W,function(d){return"function"===typeof d[G]})),8))&7\|\|(I==G?Z.I.call(Z.S,W):Z.Z&&Z.Z.call(Z.S,W)),l},function(B,G,Z,I,W,l,d,N,S){if(!((B^(N=[19,3,10],349))%N[0])){if(I==Z)throw Error("Unable to set parent component");if(l=Z&&I.I&&I.uZ)W=I.I,d=I.uZ,l=W.K&&d?w[47](N[1],d,W.K)\|\|G:null;if(l&&I.I!=Z)throw Error("Unable to set parent component");(I.I=Z,k.O).Hm.call(I,Z)}if(!((B>>2)%11)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\slideout.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7498
Entropy (8bit):	5.0622345652577
Encrypted:	false
SSDEEP:	192:d0Nfp4xKoXGJzb3mj3jWMxjcMjwx9nTZIdl3EOvY0zGr:mNfpIXGZ3S8x9TZI7Ex0K
MD5:	5EAA0D1BEFD974B5B2188B52A9E5318C
SHA1:	A89CB7085989D9D127F12748721E03D2C4CE5D56
SHA-256:	D42CCAA3D862E908AD8059D0504F077FB9313F3A7FDAAB6930EF382A71D73422
SHA-512:	2C8F2582FB51BE07E7B739BA8A0F86344F5525738F7EF523D853277AA44E6565B6FD453A1FDFF6B1261DA9A71E2A2BC475E054E280A3843EEA2BB5E79B711494
Malicious:	false
Reputation:	low
IE Cache URL:	https://dyzz9obi78pm5.cloudfront.net/js/slideout.min.js
Preview:	!function(t){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var e;"undefined"!=typeof window?e=window:"undefined"!=typeof global?e=global:"undefined"!=typeof self&&(e=self),e.Slideout=t()}}(function(){return function s(r,a,l){function u(n,t){if(!a[n]){if(!r[n]){var e="function"==typeof require&&require;if(!t&&e)return e(n,!0);if(h)return h(n,!0);var i=new Error("Cannot find module '"+n+"'");throw i.code="MODULE_NOT_FOUND",i}var o=a[n]={exports:{}};r[n][0].call(o.exports,function(t){var e=r[n][1][t];return u(e\|\|t)},o,o.exports,s,r,a,l)}return a[n].exports}for(var h="function"==typeof require&&require,t=0;t<l.length;t++)u(l[t]);return u}({1:[function(t,e,n){"use strict";var i,o,s,r=t("decouple"),a=t("emitter"),l=!1,u=window.document,h=u.documentElement,c=window.navigator.msPointerEnabled,p={start:c?"MSPointerDown":"touchstart",move:c?"MSPointerMove":"touchmove",end:c?"MSPointerUp":"touchend"},d=fu

C:\Users\user\AppData\Local\Temp\~DF049D6DF724C2332B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4805429850200503
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lol9loF9lWyl5DiO:kBqoIOwy3Dj
MD5:	BE9BAAB6F57ACB9443FF68E274A2CF0D
SHA1:	636915D391C71B692A1B9764D3BE0D0D30B925C0
SHA-256:	EA0AE2F045E532FF6970148AE95608F9A40E4A61E2082850C016C8EA3C085542
SHA-512:	0DB2B85DE2056ACECC0CF455C369B2AB2515F26B4ACA88DBD64058FC2D9B8B707CF5F554AC389399BF4E8FE271CD84E41D66464C73CE5661B6C7B7C511085E30
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF48068F2185627C41.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	44777
Entropy (8bit):	0.5727327886556867
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+V75or/0RD49OSc3jrRqj:kBqoxKAuqR+V75or/0RD49OSc3HRq
MD5:	C3BF47D12E2DC3DDBFA316093C3E426C
SHA1:	D86257D1D0B253C0D1369397378EAECDFB304E7A
SHA-256:	C53375DB680FD405C18F823C3411D47BC6BF24AE86B48ACB15B949C3AEEB4831
SHA-512:	D494C08532165CF96F9E5C492145A9FC8E13D7AC22F8E9300C76D0275DFF37E4B2209F7E41792659CABFF966E67387BCFA21E58460064C8574A4F148C03A19B7
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF6DEBFC0F3597EB51.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.4356386577583772
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAvj:kBqoxxJhHWSVSEabv
MD5:	5957EC2EA352A8C408047A47D41A938E
SHA1:	B77922F75DA7E383C3F74421B0A1073638505B24
SHA-256:	55D4A902DC89B0C8E380E57796B6D00103BF0419F0535CA894FDF087E27252AF
SHA-512:	50DE7D48EAF0F6A49303F75679B2E08B46F874D830FA6AB041A000D579D5441174C2322CF5F2A05DB35201CB0AD4FC5D79E764ABB4AF9968DC68FE49A93822B3
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2021 21:53:48.135471106 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.136902094 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.265638113 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.265775919 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.266498089 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.267066002 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.267165899 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.393596888 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552665949 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552726030 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552741051 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552773952 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552783966 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552808046 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552818060 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552846909 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552846909 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552861929 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552882910 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552908897 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552912951 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.552941084 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552967072 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.552974939 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.553011894 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.553014040 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.553047895 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.680006981 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680032969 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680049896 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680066109 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680082083 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680099964 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680118084 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680134058 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680150986 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680167913 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680170059 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.680183887 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680196047 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.680198908 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.680264950 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.697365046 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.698326111 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.698908091 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.825715065 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.826980114 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827569962 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827616930 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827656984 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827662945 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827693939 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827694893 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827699900 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827733040 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827743053 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827771902 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827785969 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827811956 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827821016 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827882051 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827893019 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827917099 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.827934027 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.827965975 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.828516960 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829545021 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829587936 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829634905 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829654932 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829678059 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829689026 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829694986 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829715967 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829732895 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829755068 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829794884 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829813004 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829819918 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829834938 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829874039 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829895973 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829901934 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829911947 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.829971075 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.829982996 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.846951008 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.955929995 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957109928 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957153082 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957200050 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957231045 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957242966 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957257032 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957262993 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957283020 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957315922 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957321882 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957331896 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957360983 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957369089 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957421064 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957428932 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957458973 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957498074 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957529068 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957536936 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957540989 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957565069 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957585096 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957590103 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957627058 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957664967 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957669973 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957680941 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957703114 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957740068 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957756996 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957767010 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957777977 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957782030 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957818985 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957856894 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957897902 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957904100 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957914114 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957921028 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957947969 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.957956076 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.957986116 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.958010912 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.958024979 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.958031893 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.958061934 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.958089113 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.958101034 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.958116055 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.958134890 CET	80	49717	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.958148956 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.958184958 CET	49717	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.975475073 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.975506067 CET	80	49715	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:48.975572109 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:48.975615978 CET	49715	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.085410118 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085439920 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085458040 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085470915 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085486889 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085505009 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085530043 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085547924 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085562944 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085575104 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085586071 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.085592985 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085611105 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085623980 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085637093 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085649014 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085670948 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.085699081 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085716009 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085731983 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085752964 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.085756063 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085757971 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.085772991 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085792065 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085805893 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085818052 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085829973 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085839987 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:53:49.085839987 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.085844040 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.086532116 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:53:49.086541891 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:04.640697002 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:04.767972946 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:04.768104076 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:04.768224001 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:04.895291090 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075164080 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075222015 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075264931 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075299025 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075301886 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075324059 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075341940 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075373888 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075393915 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075396061 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075439930 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075454950 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075479031 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075495005 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075516939 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075536013 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075567007 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.075570107 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.075627089 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.086410046 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.087219954 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.203764915 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.203813076 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.203859091 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.203898907 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.203936100 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.203941107 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.203972101 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.203979969 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.203988075 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204005003 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204010963 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.204026937 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204047918 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.204058886 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204096079 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.204114914 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204138994 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.204159021 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204176903 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.204196930 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204209089 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.204242945 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.204261065 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:05.213630915 CET	80	49724	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:05.213756084 CET	49724	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:07.655030966 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:07.824294090 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:08.008790970 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:08.008903027 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:08.014332056 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:08.144212961 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:08.260314941 CET	80	49714	3.226.66.230	192.168.2.5
Feb 25, 2021 21:54:08.260435104 CET	49714	80	192.168.2.5	3.226.66.230
Feb 25, 2021 21:54:08.351174116 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.351202011 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.480576992 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.480626106 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.480679989 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.480727911 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.481544018 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.481736898 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.611524105 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.611567020 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.611591101 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.611675024 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.611690998 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.614316940 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.614350080 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.614365101 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.614429951 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.614451885 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.621799946 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.621814013 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.622153044 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.749155998 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.749253988 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.749861956 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.749948978 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.768838882 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:08.768942118 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.771235943 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:08.937331915 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102561951 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102610111 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102648973 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102685928 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102734089 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.102768898 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102785110 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.102827072 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.102854013 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102890968 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.102910995 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.102946997 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.102978945 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.103020906 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.103058100 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.103079081 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.103117943 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.103128910 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.127279997 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.188611031 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.189066887 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.189196110 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.189241886 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.230099916 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230143070 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230201006 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.230232954 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.230351925 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230386019 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230405092 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.230431080 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.230463982 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230509043 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230520964 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.230556011 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.230587006 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.230642080 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.234539986 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.234646082 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.234972000 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.235054970 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.235110044 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.235138893 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.235172033 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.235244036 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.236659050 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.236922979 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.237095118 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.237101078 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.239141941 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.239306927 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.240072966 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.283230066 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.283554077 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.283653021 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.283680916 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.283730984 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.283742905 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.283786058 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284205914 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284245968 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284276009 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284511089 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284524918 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284576893 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284621954 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284648895 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284653902 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284658909 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284678936 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284698963 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284722090 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284737110 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284744024 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284775019 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.284781933 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284821987 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.284826040 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.285002947 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.285927057 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.286039114 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.286130905 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.286194086 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.286560059 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.286622047 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.286655903 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.286689043 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.286711931 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.286887884 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.286995888 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.287529945 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.287636042 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.293265104 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.298190117 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.298614025 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.298634052 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.298877954 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299184084 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299257040 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299293995 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299314022 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299357891 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299427986 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299535036 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299707890 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299951077 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.299997091 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.300363064 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.332571983 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.332988977 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.333044052 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.333079100 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.333086967 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.333125114 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.333134890 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.335412979 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.335503101 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.341248035 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.342430115 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.345184088 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.345501900 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.345540047 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.345787048 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.345851898 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.345874071 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.345904112 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.345946074 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346071959 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346146107 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346184015 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.346227884 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.346237898 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346291065 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346395969 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346530914 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346600056 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346646070 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346688986 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346739054 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.346741915 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.346769094 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346853018 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346932888 CET	49732	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.346967936 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.346993923 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347028971 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347039938 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347059011 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347083092 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347176075 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347238064 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347270012 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347309113 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347335100 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347341061 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347362041 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347366095 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347469091 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347558975 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.347580910 CET	49734	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.347611904 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.348031044 CET	49731	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.349229097 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.349442005 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.352070093 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.352144003 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.352164030 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.352195024 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.352225065 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.352272034 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.352283955 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.352319956 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.352386951 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.353164911 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.353513002 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.353607893 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.353693962 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.353769064 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.354093075 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.354135036 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.354155064 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.354177952 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.354759932 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.354837894 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.354888916 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.354943991 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.356048107 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.356139898 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.356193066 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.356246948 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.357358932 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.357445955 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.357498884 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.357549906 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.361934900 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.361985922 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.362039089 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.362041950 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.362075090 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.362088919 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.362118959 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.362368107 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.362406015 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.362442970 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.362471104 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.363418102 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.363456964 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.363517046 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.363825083 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.363888979 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.363954067 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.364022017 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.365187883 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.365226030 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.365279913 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.365325928 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.366425037 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.366516113 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.366914034 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370338917 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370374918 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370418072 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370428085 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370476961 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370484114 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370485067 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370518923 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370527029 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370579958 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370588064 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370614052 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370671034 CET	443	49727	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.370711088 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370764017 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.370785952 CET	49727	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.387149096 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.387978077 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.388082981 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.388201952 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.388242960 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.388267994 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.388386011 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.388442993 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.388887882 CET	49739	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.392879963 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.392915010 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.392937899 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.392959118 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.393271923 CET	443	49732	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.393465996 CET	443	49734	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.393517017 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.393556118 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.393573999 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.393599033 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.393820047 CET	443	49731	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.394849062 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398068905 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398097038 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398164988 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.398181915 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.398190022 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398606062 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398637056 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398685932 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398705006 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.398721933 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.398741961 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.398745060 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.398768902 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.399142981 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.399162054 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.399269104 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.399629116 CET	49740	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.400006056 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.400027037 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.400075912 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.400099993 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.401314974 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.401391983 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.401396036 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.401447058 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.402607918 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.402642965 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.402719021 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.402740955 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.403886080 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.403906107 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.403973103 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.404021025 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.405205011 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.405225992 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.405283928 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.405308962 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.406511068 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.406536102 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.406573057 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.406626940 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.407789946 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.407810926 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.407902956 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.407953024 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.409145117 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.409168005 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.409214020 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.409235001 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.410434008 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.410463095 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.410510063 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.410537004 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.411690950 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.411717892 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.411775112 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.411798954 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.412976980 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.413075924 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.413099051 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.413151979 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.414278984 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.414350033 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.414944887 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.414971113 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.415014029 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.415039062 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.416256905 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.416306019 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.416332006 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.416354895 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.417530060 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.417557001 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.417608023 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.417632103 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.418826103 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.418853045 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.418899059 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.418924093 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.420109034 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.420154095 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.420197010 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.420221090 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.421475887 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.421525002 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.421556950 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.421616077 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.422776937 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.422816992 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.422858953 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.422909021 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.424024105 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.424060106 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.424087048 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.424107075 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.425297022 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.425332069 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.425374031 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.425395012 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.426610947 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.426645994 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.426676989 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.426702023 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.436156988 CET	443	49739	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.439524889 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.439599991 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.439654112 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.440083027 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.440121889 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.440134048 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.440154076 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.440187931 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.441268921 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.441323996 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.441329956 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.441390038 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.442385912 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.442428112 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.442466021 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.442487955 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.445004940 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.445049047 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.445138931 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.445430040 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.445468903 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.445516109 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.445539951 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.446460962 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.446541071 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.446541071 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.446578026 CET	443	49740	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.446605921 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.447489977 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.447551966 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.447554111 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.447623968 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.448488951 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.448532104 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.448554039 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.448590994 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.449528933 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.449569941 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.449594021 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.449616909 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.450536013 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.450594902 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.450664043 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.451169014 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.451545000 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.451585054 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.451597929 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.451636076 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.452568054 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.452622890 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.452663898 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.452692032 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.453597069 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.453639984 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.453684092 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.453707933 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.454581976 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.454624891 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.454673052 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.454696894 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.455629110 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.455670118 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.455712080 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.455738068 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.456644058 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.456684113 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.456717968 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.456742048 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.457634926 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.457678080 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.457715034 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.457745075 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.458633900 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.458673954 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.458688021 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.458731890 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.459645033 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.459691048 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.459777117 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.459799051 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.461424112 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.461462975 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.461529016 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.461631060 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.461672068 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.461672068 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.461695910 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.461735964 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.462654114 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.462692022 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.462723017 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.462748051 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.463632107 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.463680029 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.463702917 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.463727951 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.464658976 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.464709044 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.464726925 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.464749098 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.465677023 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.465720892 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.465753078 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.465794086 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.466626883 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.466653109 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.466686964 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.466711998 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.467612982 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.467654943 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.467757940 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.467780113 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.468616009 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.468657017 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.468687057 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.468729973 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.469580889 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.469621897 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.469660997 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.469686031 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.470500946 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.470544100 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.470583916 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.470607996 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.471461058 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.471502066 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.471565008 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.471586943 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.472373962 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:09.472450972 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:09.773979902 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774027109 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774065971 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774102926 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774107933 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774138927 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774151087 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774152040 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774157047 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774198055 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774213076 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774236917 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774238110 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774275064 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774296045 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774313927 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774327040 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774350882 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.774365902 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.774399042 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.902741909 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902784109 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902810097 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902842999 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902874947 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902878046 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.902915955 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902919054 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.902941942 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.902954102 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902986050 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.902995110 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903013945 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903018951 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903044939 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903049946 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903075933 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903109074 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903109074 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903121948 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903131962 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903141022 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903156042 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903182983 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903192997 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903218985 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903237104 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903251886 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903269053 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903285027 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903306007 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903317928 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:09.903338909 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:09.903372049 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.030189991 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.030239105 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.030267954 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.030278921 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.030299902 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.030318975 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.030322075 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.030364990 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.030395985 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.030397892 CET	443	49728	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.030405045 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.030683994 CET	49728	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.162686110 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.162815094 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.162873983 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.162969112 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.163011074 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.163034916 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.166486979 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.213871002 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.230580091 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.230632067 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.230671883 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.230684042 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.230710030 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.230711937 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.230746031 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.230768919 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.231012106 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.231054068 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.231071949 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.231091976 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.231112003 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.231131077 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.231154919 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.231179953 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.231966972 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.232033014 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.232042074 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.232045889 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.232117891 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.232120037 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.232177973 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.232945919 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.232989073 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.233006001 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.233027935 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.233061075 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.233067036 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.233088017 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.233122110 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.233964920 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.234014988 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.234056950 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.234071016 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.234091043 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.234095097 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.234189987 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.234205008 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.234894037 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.234935045 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.234958887 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.234981060 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.235001087 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.235044003 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.235054016 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.235096931 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.235925913 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.235970974 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236008883 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236025095 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.236047983 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236063957 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.236116886 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.236844063 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236885071 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236922979 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236932993 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.236960888 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.236963987 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.237006903 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.237019062 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.237837076 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.237879992 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.237919092 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.237921000 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.237957954 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.237962008 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.238002062 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.238035917 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.238799095 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.238837957 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.238876104 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.238879919 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.238893032 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.238917112 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.238931894 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.238974094 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.239799023 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.239842892 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.239881992 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.239900112 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.239919901 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.239936113 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.239974022 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.240488052 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.240755081 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.240798950 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.240838051 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.240854025 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.240874052 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.240876913 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.240911007 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.240956068 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.241714954 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.241755009 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.241797924 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.241801977 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.241817951 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.241847992 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.241869926 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.241909027 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.242691994 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.242734909 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.242773056 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.242775917 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.242790937 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.242811918 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.242832899 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.242883921 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.243653059 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.243695974 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.243730068 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.243732929 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.243750095 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.243772984 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.243787050 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.243819952 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.244633913 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.244676113 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.244695902 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.244724989 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.244740009 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.244767904 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.244771004 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.244826078 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.245599985 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.245646954 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.245673895 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.245690107 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.245691061 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.245728970 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.245733023 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.245785952 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.246583939 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.246623993 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.246639967 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.246675014 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.246679068 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.246718884 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.246736050 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.246771097 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.247546911 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.247585058 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.247616053 CET	443	49733	13.224.89.142	192.168.2.5
Feb 25, 2021 21:54:10.247618914 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.247654915 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.247668982 CET	49733	443	192.168.2.5	13.224.89.142
Feb 25, 2021 21:54:10.291342020 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.291404963 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.291430950 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.291462898 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.291471004 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.291484118 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.291501999 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.291528940 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.291557074 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.291591883 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.291623116 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.291642904 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.295660019 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.295739889 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.296150923 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.299031019 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.319508076 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.325472116 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.427289009 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.427340031 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.427382946 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.427386999 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.427417040 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.427422047 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.427424908 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.427450895 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.427479982 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.427499056 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.430299997 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.430339098 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.430377960 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.430417061 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.430445910 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.430443048 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.430491924 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.430496931 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.430501938 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.430505037 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.433712959 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.433756113 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.433790922 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.433796883 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.433815002 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.433835030 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.433836937 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.433862925 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.433888912 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.433945894 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.436737061 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.436779976 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.436810017 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.436830044 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.436836958 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.436851025 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.436871052 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.436896086 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.436908007 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.437592983 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.452228069 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.452270031 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.452306986 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.452330112 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.452347994 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.452354908 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.452405930 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.452435970 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.452460051 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.452482939 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.457061052 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.457112074 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.457154036 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.457192898 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.457218885 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.457222939 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.457272053 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.457278967 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.457285881 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.457289934 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.466861963 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.466988087 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.467889071 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.467951059 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.469424009 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.469546080 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.470061064 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.470175028 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.470747948 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.470890045 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.471604109 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.471678019 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.594166040 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.594269037 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.594707966 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.594861031 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.595205069 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.595362902 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.595746994 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.595824957 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.596904993 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.596982002 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.597507000 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.597573042 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600126982 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600150108 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600231886 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600272894 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600373030 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600409985 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600455046 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600457907 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600469112 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600481033 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600506067 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600522041 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600531101 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600552082 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600558043 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600589037 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600589991 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600620031 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600624084 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600645065 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600663900 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600677013 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600681067 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600709915 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600720882 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600733042 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600734949 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600748062 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600760937 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600786924 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600792885 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600811958 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600816965 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600846052 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600853920 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600893021 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600935936 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600951910 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.600960016 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600991964 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.600997925 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601020098 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601026058 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601033926 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601046085 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601073027 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601073027 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601098061 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601123095 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601136923 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601150036 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601150036 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601156950 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601161957 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601175070 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601195097 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601206064 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601222992 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601233959 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601257086 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601258993 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601284981 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601286888 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601301908 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601310015 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601335049 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601336002 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601360083 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601365089 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601372957 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601412058 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601434946 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601506948 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601587057 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601635933 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601645947 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601681948 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601691961 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601727009 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601736069 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601773977 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601795912 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601824045 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601845026 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601860046 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601876974 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601902008 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.601933002 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.601973057 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602181911 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602251053 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602348089 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602389097 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602405071 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602416039 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602442980 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602463007 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602483988 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602488995 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602514029 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602529049 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602539062 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602541924 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602565050 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.602577925 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602595091 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.602634907 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.696542978 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.721088886 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.721136093 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.721187115 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.721214056 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.723145962 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.723196983 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.723241091 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.723242998 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.723268032 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.723278999 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.723304033 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.723722935 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.723756075 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.723766088 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.723812103 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.723855019 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.724667072 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.724708080 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.724735022 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.724783897 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.725517988 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.725560904 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.725608110 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.726377964 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728087902 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728128910 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728157043 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728161097 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728169918 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728203058 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728205919 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728234053 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728244066 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728267908 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728272915 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728293896 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728316069 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728327990 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728355885 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728358984 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728368998 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728393078 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728394032 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728425980 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728430986 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728466988 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728470087 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728503942 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728508949 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728537083 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728547096 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728571892 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728576899 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728605986 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728610039 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728638887 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728650093 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728672981 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728683949 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728708029 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728724957 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728748083 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728777885 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728784084 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728789091 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728816986 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728842020 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728849888 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728868961 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728883028 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728889942 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728914022 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728918076 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728946924 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728972912 CET	443	49749	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.728975058 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.728984118 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729013920 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729024887 CET	49749	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729053974 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729069948 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729088068 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729099989 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729123116 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729152918 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729156017 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729187965 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729188919 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729209900 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729222059 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729228020 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729254961 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729269981 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729286909 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729312897 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729326963 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729327917 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729362965 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729376078 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729408979 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729429960 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729465008 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729479074 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729499102 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729505062 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729535103 CET	443	49748	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.729552984 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.729590893 CET	49748	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730319023 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730353117 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730376005 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730385065 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730396032 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730417013 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730441093 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730449915 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730462074 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730492115 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730499983 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730528116 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730542898 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730560064 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.730564117 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730607033 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.730993986 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731034994 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731054068 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731070995 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731072903 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731106043 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731123924 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731132984 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731164932 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731167078 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731193066 CET	443	49747	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731200933 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731214046 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731225967 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731226921 CET	49747	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731257915 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731270075 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731297970 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731311083 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731333971 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731349945 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731367111 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731385946 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731400967 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731408119 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731435061 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731447935 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731466055 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731489897 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731498957 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731504917 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731532097 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731547117 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731571913 CET	443	49750	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731578112 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731606960 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731620073 CET	49750	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731638908 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731656075 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731682062 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731698036 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731731892 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731746912 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731785059 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731805086 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731838942 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.731853962 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731884003 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.731971979 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732004881 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732019901 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.732060909 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.732076883 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732110023 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732125044 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.732155085 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.732181072 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732215881 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732224941 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.732255936 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.732280970 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.732327938 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.823100090 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.823182106 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.824155092 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.849997997 CET	443	49744	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.850095987 CET	49744	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.852343082 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.852421045 CET	443	49746	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.852448940 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.852484941 CET	49746	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.951694965 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:10.951838970 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.968420029 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:10.970505953 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.098721027 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100594997 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100760937 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100805044 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100817919 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.100842953 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.100842953 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100858927 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.100884914 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100917101 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.100923061 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100974083 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.100980043 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.100985050 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.101038933 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.101053953 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.101097107 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.101135969 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.101172924 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.101272106 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.227976084 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228032112 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228070974 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228071928 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228101969 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228104115 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228112936 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228153944 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228185892 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228193045 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228193998 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228233099 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228234053 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228270054 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228301048 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228312016 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228322983 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228368998 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228399992 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228410006 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228440046 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228445053 CET	443	49753	54.152.202.195	192.168.2.5
Feb 25, 2021 21:54:11.228456974 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.228501081 CET	49753	443	192.168.2.5	54.152.202.195
Feb 25, 2021 21:54:11.378524065 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.379527092 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.380923033 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.381895065 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.507551908 CET	443	49756	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.507766008 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.508461952 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.508568048 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.508671999 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.509269953 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.514527082 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.514625072 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.515177965 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.515316010 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.515373945 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.516488075 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.636982918 CET	443	49756	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.637018919 CET	443	49756	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.637028933 CET	443	49756	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.637089014 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.637139082 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.637156963 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.637166023 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.637202024 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.637290955 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.637335062 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.648268938 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.648562908 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.648773909 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.651109934 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.652379990 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.652435064 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.652462006 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.652483940 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.652520895 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.652559996 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.652620077 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.654073000 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.654108047 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.654179096 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.654211044 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.655339003 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.655436993 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.662175894 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.662635088 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.663474083 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.666193962 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.666912079 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.775495052 CET	443	49756	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.775531054 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.775657892 CET	49756	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.775906086 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.776875019 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.776925087 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.777045965 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.777173042 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.784220934 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.798006058 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.798386097 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.798415899 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.798513889 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.799189091 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.801829100 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.802220106 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.802607059 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.802625895 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.923796892 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:11.924902916 CET	49757	443	192.168.2.5	35.174.150.168
Feb 25, 2021 21:54:11.934304953 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.934675932 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.934819937 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.936966896 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.938292027 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:11.938446045 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:11.938591003 CET	49755	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:12.070911884 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:12.072721958 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:12.073867083 CET	443	49754	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:12.073982954 CET	49754	443	192.168.2.5	104.196.12.68
Feb 25, 2021 21:54:12.074172974 CET	443	49755	104.196.12.68	192.168.2.5
Feb 25, 2021 21:54:26.924216032 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:26.924235106 CET	443	49757	35.174.150.168	192.168.2.5
Feb 25, 2021 21:54:26.929199934 CET	49757	443	192.168.2.5	35.174.150.168

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2021 21:53:39.699780941 CET	54302	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:39.748326063 CET	53	54302	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:40.098433018 CET	53784	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:40.128937960 CET	65307	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:40.148503065 CET	53	53784	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:40.180955887 CET	53	65307	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:40.259001017 CET	64344	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:40.266726017 CET	62060	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:40.309478045 CET	53	64344	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:40.318841934 CET	53	62060	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:40.434493065 CET	61805	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:40.482974052 CET	53	61805	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:40.635515928 CET	54795	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:40.684750080 CET	53	54795	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:42.072879076 CET	49557	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:42.130569935 CET	53	49557	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:42.860096931 CET	61733	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:42.910979033 CET	53	61733	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:43.167395115 CET	65447	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:43.911930084 CET	52441	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:43.966656923 CET	53	52441	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:44.169456959 CET	65447	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:44.229216099 CET	53	65447	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:44.813282013 CET	62176	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:44.866594076 CET	53	62176	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:45.859076023 CET	59596	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:45.907787085 CET	53	59596	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:46.905576944 CET	65296	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:46.964546919 CET	53	65296	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:47.187109947 CET	63183	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:47.245925903 CET	53	63183	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:48.063653946 CET	60151	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:48.126220942 CET	53	60151	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:48.370547056 CET	56969	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:48.419287920 CET	53	56969	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:49.332905054 CET	55161	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:49.381422043 CET	53	55161	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:49.764834881 CET	54757	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:49.813411951 CET	53	54757	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:50.351694107 CET	49992	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:50.401343107 CET	53	49992	8.8.8.8	192.168.2.5
Feb 25, 2021 21:53:51.560137987 CET	60075	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:53:51.610153913 CET	53	60075	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:04.577862024 CET	55016	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:04.637146950 CET	53	55016	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:08.276302099 CET	64345	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:08.349158049 CET	53	64345	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:08.482579947 CET	57128	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:08.542680025 CET	53	57128	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:09.128279924 CET	54791	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:09.135535002 CET	50463	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:09.148871899 CET	50394	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:09.185343027 CET	53	54791	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:09.200495005 CET	53	50463	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:09.210706949 CET	53	50394	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:10.070586920 CET	58530	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:10.079468012 CET	53813	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:10.087682962 CET	63732	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:10.106203079 CET	57344	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:10.127825022 CET	53	58530	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:10.138173103 CET	53	53813	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:10.138961077 CET	53	63732	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:10.171334028 CET	53	57344	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:11.320425987 CET	54450	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:11.326370001 CET	59261	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:11.375371933 CET	53	54450	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:11.377552032 CET	53	59261	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:17.039442062 CET	57151	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:17.092674017 CET	53	57151	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:17.634516954 CET	59413	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:17.687428951 CET	53	59413	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:18.326524019 CET	57151	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:18.381495953 CET	53	57151	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:18.639045954 CET	59413	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:18.699165106 CET	53	59413	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:20.119844913 CET	59413	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:20.140557051 CET	57151	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:20.174002886 CET	53	59413	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:20.192372084 CET	53	57151	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:22.132635117 CET	59413	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:22.148195982 CET	57151	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:22.186842918 CET	53	59413	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:22.196691036 CET	53	57151	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:26.148108006 CET	59413	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:26.148438931 CET	57151	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:26.197433949 CET	53	57151	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:26.199886084 CET	53	59413	8.8.8.8	192.168.2.5
Feb 25, 2021 21:54:27.197058916 CET	60516	53	192.168.2.5	8.8.8.8
Feb 25, 2021 21:54:27.248581886 CET	53	60516	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 25, 2021 21:53:48.063653946 CET	192.168.2.5	8.8.8.8	0xbc4c	Standard query (0)	www.tfaforms.com	A (IP address)	IN (0x0001)
Feb 25, 2021 21:53:49.332905054 CET	192.168.2.5	8.8.8.8	0x33da	Standard query (0)	js-agent.newrelic.com	A (IP address)	IN (0x0001)
Feb 25, 2021 21:53:49.764834881 CET	192.168.2.5	8.8.8.8	0xf117	Standard query (0)	bam-cell.nr-data.net	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:04.577862024 CET	192.168.2.5	8.8.8.8	0x3321	Standard query (0)	www.tfaforms.com	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:08.276302099 CET	192.168.2.5	8.8.8.8	0x3000	Standard query (0)	help.formassembly.com	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:09.128279924 CET	192.168.2.5	8.8.8.8	0x2b3a	Standard query (0)	dyzz9obi78pm5.cloudfront.net	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:10.079468012 CET	192.168.2.5	8.8.8.8	0x8e08	Standard query (0)	app.knowledgeowl.com	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:11.320425987 CET	192.168.2.5	8.8.8.8	0x9b96	Standard query (0)	www.formassembly.com	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:11.326370001 CET	192.168.2.5	8.8.8.8	0x51da	Standard query (0)	pi.pardot.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 25, 2021 21:53:48.126220942 CET	8.8.8.8	192.168.2.5	0xbc4c	No error (0)	www.tfaforms.com	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:53:48.126220942 CET	8.8.8.8	192.168.2.5	0xbc4c	No error (0)	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		3.226.66.230	A (IP address)	IN (0x0001)
Feb 25, 2021 21:53:48.126220942 CET	8.8.8.8	192.168.2.5	0xbc4c	No error (0)	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		34.233.52.23	A (IP address)	IN (0x0001)
Feb 25, 2021 21:53:48.126220942 CET	8.8.8.8	192.168.2.5	0xbc4c	No error (0)	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		52.86.83.232	A (IP address)	IN (0x0001)
Feb 25, 2021 21:53:49.381422043 CET	8.8.8.8	192.168.2.5	0x33da	No error (0)	js-agent.newrelic.com	f4.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:53:49.813411951 CET	8.8.8.8	192.168.2.5	0xf117	No error (0)	bam-cell.nr-data.net	tls12.newrelic.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:04.637146950 CET	8.8.8.8	192.168.2.5	0x3321	No error (0)	www.tfaforms.com	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:04.637146950 CET	8.8.8.8	192.168.2.5	0x3321	No error (0)	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		3.226.66.230	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:04.637146950 CET	8.8.8.8	192.168.2.5	0x3321	No error (0)	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		34.233.52.23	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:04.637146950 CET	8.8.8.8	192.168.2.5	0x3321	No error (0)	app-elbapp-a6b1wbowxm9e-391051627.us-east-1.elb.amazonaws.com		52.86.83.232	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:08.349158049 CET	8.8.8.8	192.168.2.5	0x3000	No error (0)	help.formassembly.com	formassembly.knowledgeowl.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:08.349158049 CET	8.8.8.8	192.168.2.5	0x3000	No error (0)	formassembly.knowledgeowl.com		54.152.202.195	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:09.185343027 CET	8.8.8.8	192.168.2.5	0x2b3a	No error (0)	dyzz9obi78pm5.cloudfront.net		13.224.89.142	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:09.185343027 CET	8.8.8.8	192.168.2.5	0x2b3a	No error (0)	dyzz9obi78pm5.cloudfront.net		13.224.89.117	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:09.185343027 CET	8.8.8.8	192.168.2.5	0x2b3a	No error (0)	dyzz9obi78pm5.cloudfront.net		13.224.89.211	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:09.185343027 CET	8.8.8.8	192.168.2.5	0x2b3a	No error (0)	dyzz9obi78pm5.cloudfront.net		13.224.89.143	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:10.138173103 CET	8.8.8.8	192.168.2.5	0x8e08	No error (0)	app.knowledgeowl.com		54.152.202.195	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:11.375371933 CET	8.8.8.8	192.168.2.5	0x9b96	No error (0)	www.formassembly.com	formassembly.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:11.375371933 CET	8.8.8.8	192.168.2.5	0x9b96	No error (0)	formassembly.com		104.196.12.68	A (IP address)	IN (0x0001)
Feb 25, 2021 21:54:11.377552032 CET	8.8.8.8	192.168.2.5	0x51da	No error (0)	pi.pardot.com	pi-ue1.pardot.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:11.377552032 CET	8.8.8.8	192.168.2.5	0x51da	No error (0)	pi-ue1.pardot.com	pi.t.pardot.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:11.377552032 CET	8.8.8.8	192.168.2.5	0x51da	No error (0)	pi.t.pardot.com	pi-ue1-lba3.pardot.com		CNAME (Canonical name)	IN (0x0001)
Feb 25, 2021 21:54:11.377552032 CET	8.8.8.8	192.168.2.5	0x51da	No error (0)	pi-ue1-lba3.pardot.com		35.174.150.168	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www.tfaforms.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49715	3.226.66.230	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 25, 2021 21:53:48.266498089 CET	888	OUT	GET /responses/processor HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive
Feb 25, 2021 21:53:48.552665949 CET	1084	IN	HTTP/1.1 400 Bad Request Date: Thu, 25 Feb 2021 20:53:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/ Set-Cookie: AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/; SameSite=None Server: nginx P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: FORMASSEMBLY=5bc75b683de75add4a7696e2f018028f; HttpOnly=1; Path=/; SameSite=None; Secure Data Raw: 35 64 38 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 6d 41 73 73 65 6d 62 6c 79 2e 63 6f 6d 20 20 3a 20 45 72 72 6f 72 73 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 69 6e 69 74 3d 7b 70 72 69 76 61 63 79 3a 7b 63 6f 6f 6b 69 65 73 5f 65 6e 61 62 6c 65 64 3a 66 61 6c 73 65 7d 7d 3b 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 3d 7b 78 70 69 64 3a 22 56 51 41 4f 55 56 42 54 43 78 41 4a 56 46 46 55 44 67 63 46 56 41 3d 3d 22 2c 6c 69 63 65 6e 73 65 4b 65 79 3a 22 63 33 33 32 39 34 66 35 64 66 22 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 22 39 30 30 36 39 36 32 32 22 7d 3b 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 2c 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 69 66 28 21 65 5b 6e 5d 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 74 5b 6e 5d 5b 30 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 66 75 6e Data Ascii: 5d86<!DOCTYPE HTML><html lang="en"><head> <title>FormAssembly.com : Errors</title> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">(window.NREUM\|\|(NREUM={})).init={privacy:{cookies_enabled:false}};(window.NREUM\|\|(NREUM={})).loader_config={xpid:"VQAOUVBTCxAJVFFUDgcFVA==",licenseKey:"c33294f5df",applicationID:"90069622"};window.NREUM\|\|(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var i=e[n]={exports:{}};t[n][0].call(i.exports,fun
Feb 25, 2021 21:53:48.552741051 CET	1086	IN	Data Raw: 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 69 3d 74 5b 6e 5d 5b 31 5d 5b 65 5d 3b 72 65 74 75 72 6e 20 72 28 69 7c 7c 65 29 7d 2c 69 2c 69 2e 65 78 70 6f 72 74 73 29 7d 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 65 78 70 6f 72 74 73 7d 69 66 28 22 66 75 6e Data Ascii: ction(e){var i=t[n][1][e];return r(i\|\|e)},i,i.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0;i<n.length;i++)r(n[i]);return r}({1:[function(t,e,n){function r(t){try{c.console&&console.log(t)}catc
Feb 25, 2021 21:53:48.552773952 CET	1087	IN	Data Raw: 6e 29 7b 64 26 26 28 70 2b 3d 31 29 7d 29 2c 63 2e 6f 6e 28 22 66 6e 2d 65 72 72 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 64 26 26 21 6e 5b 6c 5d 26 26 28 66 28 6e 2c 6c 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 30 7d Data Ascii: n){d&&(p+=1)}),c.on("fn-err",function(t,e,n){d&&!n[l]&&(f(n,l,function(){return!0}),this.thrown=!0,i(n))}),c.on("fn-end",function(){d&&!this.thrown&&p>0&&(p-=1)}),c.on("internal-error",function(t){o("ierr",[t,s.now(),!0])})},{}],3:[function(t,
Feb 25, 2021 21:53:48.552808046 CET	1088	IN	Data Raw: 22 63 22 2b 73 5d 3f 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 5b 66 5d 28 75 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6f 28 64 2c 5b 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 Data Ascii: "c"+s]?window.performance[f](u,function(t){o(d,[window.performance.getEntriesByType(l)]),window.performance["c"+s]()},!1):window.performance[f]("webkit"+u,function(t){o(d,[window.performance.getEntriesByType(l)]),window.performance["webkitC"+s
Feb 25, 2021 21:53:48.552846909 CET	1090	IN	Data Raw: 74 2c 61 5d 2c 63 29 2c 63 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 69 2e 65 6d 69 74 28 6e 2b 22 65 6e 64 22 2c 5b 6e 75 6c 6c 2c 74 5d 2c 63 29 2c 74 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 72 6f 77 20 Data Ascii: t,a],c),c.then(function(t){return i.emit(n+"end",[null,t],c),t},function(t){throw i.emit(n+"end",[t],c),t})})}var i=t("ee").get("fetch"),o=t(24),a=t(23);e.exports=i;var c=window,s="fetch-",f=s+"body-",u=["arrayBuffer","blob","json","text","for
Feb 25, 2021 21:53:48.552861929 CET	1091	IN	Data Raw: 6f 2c 61 2e 69 6e 50 6c 61 63 65 28 77 69 6e 64 6f 77 2c 5b 63 2c 22 73 65 74 49 6d 6d 65 64 69 61 74 65 22 5d 2c 63 2b 64 29 2c 61 2e 69 6e 50 6c 61 63 65 28 77 69 6e 64 6f 77 2c 5b 73 5d 2c 73 2b 64 29 2c 61 2e 69 6e 50 6c 61 63 65 28 77 69 6e Data Ascii: o,a.inPlace(window,[c,"setImmediate"],c+d),a.inPlace(window,[s],s+d),a.inPlace(window,[f,"clearImmediate"],f+d),o.on(s+u,r),o.on(c+u,i)},{}],10:[function(t,e,n){function r(t,e){d.inPlace(e,["onreadystatechange"],"fn-",c)}function i(){var t=thi
Feb 25, 2021 21:53:48.552882910 CET	1093	IN	Data Raw: 6e 75 6c 6c 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 3b 69 66 28 21 65 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 6e 3d 28 65 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 2e 61 63 63 Data Ascii: null;var e=window.NREUM;if(!e.loader_config)return null;var n=(e.loader_config.accountID\|\|"").toString()\|\|null,r=(e.loader_config.agentID\|\|"").toString()\|\|null,f=(e.loader_config.trustKey\|\|"").toString()\|\|null;if(!n\|\|!r)return null;var h=p.gen
Feb 25, 2021 21:53:48.552912951 CET	1094	IN	Data Raw: 69 74 2e 64 69 73 74 72 69 62 75 74 65 64 5f 74 72 61 63 69 6e 67 2e 65 6e 61 62 6c 65 64 7d 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 72 65 74 75 72 6e 22 69 6e 69 74 22 69 6e 20 4e 52 45 55 4d 26 26 22 64 69 73 74 72 69 62 75 74 65 64 5f 74 72 61 Data Ascii: it.distributed_tracing.enabled}function u(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.exclude_newrelic_header}function d(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&NREUM.init.di
Feb 25, 2021 21:53:48.552974939 CET	1095	IN	Data Raw: 3d 5b 22 6c 6f 61 64 22 2c 22 65 72 72 6f 72 22 2c 22 61 62 6f 72 74 22 2c 22 74 69 6d 65 6f 75 74 22 5d 2c 6c 3d 64 2e 6c 65 6e 67 74 68 2c 70 3d 74 28 22 69 64 22 29 2c 68 3d 74 28 31 37 29 2c 6d 3d 74 28 31 36 29 2c 77 3d 74 28 31 34 29 2c 76 Data Ascii: =["load","error","abort","timeout"],l=d.length,p=t("id"),h=t(17),m=t(16),w=t(14),v=window.XMLHttpRequest;a.features.xhr=!0,t(10),t(6),u.on("new-xhr",function(t){var e=this;e.totalCbs=0,e.called=0,e.cbTime=0,e.end=r,e.ended=!1,e.xhrGuids={},e.l
Feb 25, 2021 21:53:48.553011894 CET	1097	IN	Data Raw: 28 22 69 6e 74 65 72 6e 61 6c 2d 65 72 72 6f 72 22 2c 5b 6e 5d 29 7d 63 61 74 63 68 28 72 29 7b 7d 7d 7d 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 6c 3b 63 2b 2b 29 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 64 5b 63 5d 2c 74 68 Data Ascii: ("internal-error",[n])}catch(r){}}};for(var c=0;c<l;c++)e.addEventListener(d[c],this.listener,!1)}),u.on("xhr-cb-time",function(t,e,n){this.cbTime+=t,e?this.onloadCalled=!0:this.called+=1,this.called!==this.totalCbs\|\|!this.onloadCalled&&"funct
Feb 25, 2021 21:53:48.680006981 CET	1103	IN	Data Raw: 5d 7c 7c 7b 7d 3b 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 5b 30 5d 3f 6e 3d 74 5b 30 5d 3a 74 5b 30 5d 26 26 74 5b 30 5d 2e 75 72 6c 3f 6e 3d 74 5b 30 5d 2e 75 72 6c 3a 77 69 6e 64 6f 77 2e 55 52 4c 26 26 74 5b 30 5d 26 26 74 5b 30 Data Ascii: ]\|\|{};"string"==typeof t[0]?n=t[0]:t[0]&&t[0].url?n=t[0].url:window.URL&&t[0]&&t[0]instanceof URL&&(n=t[0].href),n&&(this.parsedOrigin=s(n),this.sameOrigin=this.parsedOrigin.sameOrigin);var i=f(this.parsedOrigin);if(i&&(i.newrelicHeader\|\|i.tra
Feb 25, 2021 21:53:48.697365046 CET	1117	OUT	GET /dist/form-builder/5.0.0/wforms-layout.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1 Accept: text/css, / Referer: http://www.tfaforms.com/responses/processor Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive Cookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Feb 25, 2021 21:53:48.827569962 CET	1121	IN	HTTP/1.1 200 OK Date: Thu, 25 Feb 2021 20:53:48 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=CvNn7KFgppI/g1URhWAIcbq3D4e8IKs1CIWTJY0NO6OC2wHSTtHqB7/vj296KINXjw93e1Cju1D9T1dluajHUSCqZKYFAElluDh1dYUOFi7DgG1GvyMPml51yHas; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/ Set-Cookie: AWSALBCORS=CvNn7KFgppI/g1URhWAIcbq3D4e8IKs1CIWTJY0NO6OC2wHSTtHqB7/vj296KINXjw93e1Cju1D9T1dluajHUSCqZKYFAElluDh1dYUOFi7DgG1GvyMPml51yHas; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/; SameSite=None Server: nginx Last-Modified: Thu, 25 Feb 2021 17:42:29 GMT ETag: W/"6037e185-755c" X-FA-app: 10-107 Content-Encoding: gzip Data Raw: 32 33 31 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 d5 5d 6b 73 1b c7 72 fd 4c fe 8a 89 55 37 a2 64 61 f9 90 28 c9 50 ae eb 52 94 68 2b a1 24 47 94 93 72 dd 72 a5 16 c0 82 58 13 c0 c2 bb 0b 92 b2 e2 ff 9e 73 ba 67 66 67 5f 24 24 26 95 44 7e 88 5c ec 4c f7 f4 bb 7b 7a 06 0f cd e7 ed ad c1 55 32 ba 48 cb c1 34 5b 96 83 62 91 65 e5 2c 5d 9e 0f 4d bc 2c d3 78 9e c6 45 32 79 b1 fd e7 f6 f6 ee 43 f3 21 29 92 d2 1c 9f 9d 99 81 29 c6 d9 2a 31 f3 74 91 96 c9 c4 94 99 89 ae 4e b2 7c 81 4f 46 1c 62 b2 a5 f9 e5 e7 37 26 e7 90 6d f3 d0 0c be f2 0f c6 ee 6e db b9 27 f3 47 0e cc a4 ac 7e 9c f8 1f d7 d5 0b 59 f5 e3 3c f5 2f 4c d2 4b ff 73 39 7b e4 26 9e ed fb a7 b3 83 ea c7 c7 d5 8f 4f aa 1f 0f ab 1f 9f fa 1f 57 79 e2 7f 2e 27 7e e2 29 48 e2 9f 4f d3 64 3e 01 39 fc 83 74 b9 5a 57 bf 95 c9 75 19 e7 49 ec 3f 5e f9 9f 46 f3 6c 7c f1 fb 3a 2b 13 72 6c 11 e7 e7 e9 72 b8 f7 c2 ac e2 c9 84 cc c2 8f 7f ba b5 94 f1 68 8e d7 cc 28 cb 27 49 3e 18 67 f3 79 bc 2a 92 a1 fb e1 85 fb a4 58 c5 e3 e6 e0 36 8a 8b 73 3f 57 0d 0c 20 83 b7 85 47 71 1c af ca 34 5b 56 bf 43 2e aa 5f b2 49 f5 cb 64 ba 7c 64 19 9a 54 c4 29 ca 3c 5b 9e fb 11 60 8e 63 f5 65 9c 73 d5 2a 9f e5 a7 79 32 5c 82 aa f1 fc 85 91 47 57 49 7a 3e 2b fd 33 4f 87 40 00 d6 73 ac 61 9e 16 90 6f 3b 7e 99 04 14 6b a2 5e ce f0 3a b9 31 80 fc 9f 2f 87 f3 64 5a 06 af f7 09 0b 50 28 77 74 61 1f d3 72 9e 3c f0 2b 98 f5 48 0f c0 e8 aa d2 3f 92 e1 fe de de 5f 6e 59 d2 ef c3 51 02 89 aa 48 f9 fb 30 9e 96 09 c8 63 c6 d0 de 64 59 0e ef df 0f 30 8d 47 a3 dc 23 11 8f 41 e0 4f 0b bc ab 92 a1 dc 14 bd 7e 09 8d ad a9 ed fd 42 b4 fc 24 5b 2f 27 31 d9 da af f0 77 d1 6d 31 09 a1 82 9b d9 3e 59 bd fb 70 ff f9 ea da 5c a6 b1 d8 90 13 ac 4d 11 9a 7a 84 60 14 ac 44 08 ed 1e 3f 8f 0e ff 42 33 65 05 cb cc 0e ec 44 4f bf 6c a2 83 c7 d1 7e 7d a2 c7 2d be da 99 9f 7c d9 cc 7b cf c3 79 fb 84 48 e7 86 3d 5d 99 7f 04 a3 ca 32 5b 18 d5 f7 8a 41 94 19 53 60 dd 34 8d ce 1a ec 27 0b b3 17 50 a0 0f 80 97 87 3e a1 f4 2f a8 46 2a 42 a3 1c 96 02 ff 02 a5 f9 64 09 bd 07 36 e3 0b 9a fd 59 12 c3 cc 14 70 17 f0 Data Ascii: 2311]ksrLU7da(PRh+$GrrXsgfg_$$&D~\L{zU2H4[be,]M,xE2yC!))1tN\|OFb7&mn'G~Y</LKs9{&OWy.'~)HOd>9tZWuI?^Fl\|:+rlrh('I>gyX6s?W Gq4[VC._Id\|dT)<[`cesy2\GWIz>+3O@sao;~k^:1/dZP(wtar<+H?_nYQH0cdY0G#AO~B$[/'1wm1>Yp\Mz`D?B3eDOl~}-\|{yH=]2[AS`4'P>/FBd6Yp
Feb 25, 2021 21:53:48.846951008 CET	1145	OUT	GET /dist/form-builder/5.0.0/wforms-jsonly.css?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1 Accept: text/css, / Referer: http://www.tfaforms.com/responses/processor Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive Cookie: AWSALB=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; AWSALBCORS=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ
Feb 25, 2021 21:53:48.975475073 CET	1188	IN	HTTP/1.1 200 OK Date: Thu, 25 Feb 2021 20:53:48 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/ Set-Cookie: AWSALBCORS=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/; SameSite=None Server: nginx Last-Modified: Thu, 25 Feb 2021 17:42:29 GMT ETag: W/"6037e185-2f3" X-FA-app: 10-107 Content-Encoding: gzip Data Raw: 31 32 30 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b5 52 b1 4e c4 30 0c dd f3 15 46 6c 15 f4 76 98 4e 48 a7 1b 4f 85 1f 70 1b 97 1a d2 a4 8a dd 56 15 e2 df 49 ba 20 ee 0a 82 81 0c 59 6c 3f 3f bf f7 8c d9 15 b0 6f 1a 12 e1 da b1 2e 50 91 43 25 0b d5 e8 48 a0 d8 e5 86 a7 8e 84 00 23 81 76 04 71 ad 68 87 0a d2 85 d1 59 28 7c d0 02 70 18 dc 02 dc c2 0b 4e 28 4d e4 41 81 05 2c 0b d6 8e 6c 99 c1 8c 29 43 db 8a a6 15 f0 66 20 bd 54 1e 1c 2e 77 e0 83 27 b8 e2 7e 08 51 d1 eb bd 79 37 a6 d3 de 41 39 1f 42 ec a1 cd 5f 39 b7 27 7c a6 1b d8 aa 1c d9 d2 e3 58 f7 ac bf c0 be 04 10 9c 68 ef 6d 45 32 f6 04 25 36 ca c1 0b e4 9d df 23 d7 2e 34 af 67 b4 2f a1 e7 f6 61 8c 91 bc 66 f2 e7 e4 b6 20 3e 65 ba 8d 2b 9f 6c 4a 3c 9f dc 90 ac 4c 94 b3 ba 3f 8d 6d 2e bc fe 72 fe 81 c9 59 a1 4d 21 57 67 52 2a 8e e8 ad 23 18 f2 49 13 a7 fc f0 1a a0 e4 f2 96 00 ff 66 db 5f b5 fd 00 08 fc da 09 f3 02 00 00 0d 0a Data Ascii: 120RN0FlvNHOpVI Yl??o.PC%H#vqhY(\|pN(MA,l)Cf T.w'~Qy7A9B_9'\|XhmE2%6#.4g/af >e+lJ<L?m.rYM!WgR*#If_

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49714	3.226.66.230	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 25, 2021 21:53:48.698326111 CET	1118	OUT	GET /wForms/3.11/js/wforms.js?v=6b1109ac309299ec751af6a3c690f678773e405f HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://www.tfaforms.com/responses/processor Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive Cookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Feb 25, 2021 21:53:48.829545021 CET	1132	IN	HTTP/1.1 200 OK Date: Thu, 25 Feb 2021 20:53:48 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/ Set-Cookie: AWSALBCORS=KCbRl27TtolgZdt9YzzzEVXZShIHcErTPtr3hJOL7l8pRtWwPgaR+axy8lVtC9EdUQZFe9KlOpFVmtCxnGesMOb1TBg7xk0/jGmMcdW5a093IRzUAJECn4roAuCZ; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/; SameSite=None Server: nginx Last-Modified: Thu, 25 Feb 2021 17:57:20 GMT ETag: W/"6037e500-3b60f" X-FA-app: 10-107 Content-Encoding: gzip Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ec bd e9 76 5b 47 92 2e fa bb cf 53 80 bb 24 0a 10 36 c1 c1 43 55 81 de a6 39 c9 66 5b 53 8b b4 bb 4f 83 30 16 48 80 22 2c 12 e0 01 40 cb 2a 82 fd ec e7 fb 62 c8 cc 0d 80 92 ec ea 5e f7 ae bb 6e 77 59 c4 ce 39 23 23 23 63 ca c8 df ba e3 ca 59 77 d2 df 2a ee 86 dd eb 7e 33 93 8f 2c ff ad 3f 9e 0c 46 c3 66 b6 d9 d8 c8 f2 fe ef 37 a3 f1 74 d2 cc f6 50 34 7f dd 3d 7f d7 7d db cf 77 cf 26 d3 71 f7 7c 9a bf 18 f5 6e af fa f9 e1 f0 f6 ba 3f ee 9e e1 e7 8b ee 4d be 3f ba ba ea 9f 4f d1 4a fe a6 ff f6 fb f1 4d fe d3 b0 d7 bf 18 0c fb bd fc e5 ed d5 55 7e 72 39 98 e4 27 e3 db 7e fe ac 7b 85 76 bb 93 c9 e0 ed f0 e8 20 ef f5 a7 a8 98 bf bd 1a 9d 75 af b2 9c 03 9b dc 74 cf 31 ba ec 7e 7b d8 7f 5f b9 b8 1d 4a c3 d5 ce 70 d4 99 5c 8e 07 c3 77 9d da dd 6f 98 4b e8 a2 f8 b1 5a 93 6e f0 63 88 de 6a d2 13 3e a6 e8 b0 a6 3d e2 eb 82 3d 23 0f 43 29 42 ab b5 bb 71 7f 7a 3b 1e 56 a6 48 be df 66 bb 3a 96 82 e5 aa 35 49 51 a8 69 7a 43 3e 24 b9 f3 ec d5 9b 17 bb 27 c5 fa e3 6a 6b 73 ed ef ed da fa 5b 4d 7f 7e f2 e6 e8 45 b1 fe cb e9 e4 74 f2 74 5d d3 de 68 9a 24 3d f2 b4 c3 e3 fd dd d7 87 c5 7a b5 75 ba 5e ad b5 4e db 77 f7 b3 a7 f5 b5 46 fe cb a3 9d d3 d3 d8 e0 de ee 31 4a 4d c7 1f d6 1b d3 fe 64 5a 55 a8 d5 76 d6 4f cf 38 9c d3 b3 f5 e6 7a c3 7b fa e1 e8 e0 e0 f0 65 d1 ca ce 47 43 ac da ed f9 74 34 ce f2 6c 3a 3a 9e 02 7a 6f f1 f3 b7 ee d5 6d ff d5 45 d6 d6 a1 bd 38 3e 3a ec bc dc 3d 39 fa f9 b0 f3 ec a7 97 fb 27 47 af 5e 16 da 45 35 ab fe 3a 39 1f 0f 6e a6 b5 ac b6 c3 f5 c0 fa 1e fe 7e 53 cd 7e c9 ea e3 fe e4 bc 7b d3 af 0e 26 2f bb 2f 6b 8d 71 ff e6 0a 2b 57 5d 97 ef f5 3c 3b 3d 7d 5f cf 6a f5 ec 51 56 6b de 71 dc 4d 59 7c 85 72 e7 7c 74 3b 9c f6 c7 c5 a6 0e 62 72 35 38 ef 17 bb e3 71 f7 43 e3 66 3c 9a 8e a6 1f 6e fa 0d 49 dd ee 3c 33 24 e8 5c 8c c6 87 dd f3 4b ac 8b af 60 c5 51 a9 3a 3a fb 15 a8 54 bb 1b 5c 54 57 f4 b7 ae d5 d1 41 ed ae fc 5d 64 67 5b 9d ac ee 43 a8 d7 ef 0d Data Ascii: 6000v[G.S$6CU9f[SO0H",@b^nwY9###cYw~3,?Ff7tP4=}w&q\|n?M?OJMU~r9'~{v ut1~{_Jp\woKZncj>==#C)Bqz;VHf:5IQizC>$'jks[M~Ett]h$=zu^NwF1JMdZUvO8z{eGCt4l::zomE8>:=9'G^E5:9n~S~{&//kq+W]<;=}_jQVkqMY\|r\|t;br58qCf<nI<3$\K`Q::T\TWA]dg[C
Feb 25, 2021 21:53:48.829587936 CET	1133	IN	Data Raw: 09 ca c5 ee 89 0d 9d c9 ed d9 f9 15 3a 89 38 d3 19 00 ae dd e1 79 3f ef e0 ef 74 70 5e bb 13 a4 68 74 3a 3e 72 c0 b9 20 46 c5 a9 e8 2c 3d bf 5f 10 96 2c b1 8d e1 86 06 6b 77 fd df a7 fd 61 af 1a 1a 42 1f de 5b ed be d7 bf c2 76 d1 4d 5c ee 4c 5b Data Ascii: :8y?tp^ht:>r F,=_,kwaB[vM\L[O-4LZ2\|)$;~?N]l&e:!^[Xp7nrq{ssyhm\};7ATlm8))46T6TNsZ,#kJ>tL!xVz$Kxk
Feb 25, 2021 21:53:48.829634905 CET	1135	IN	Data Raw: 84 b0 e0 c9 07 38 16 df 9c 9a 7a bf c8 66 7e 92 bf 7c a1 6a 14 c5 47 97 76 23 a1 bd ee 4f 2f 47 3d 3b d9 31 16 32 95 af 30 24 49 ae 95 b9 4a e9 4b b9 77 63 68 05 cd 75 53 c7 4d c8 fd c7 ee b0 5d 02 54 e2 7e 49 c0 33 8f 05 82 67 83 9e c1 3f 50 df Data Ascii: 8zf~\|jGv#O/G=;120$IJKwchuSM]T~I3g?PjX#-)XIX.W8\eQR5%%jw"<PK2ZHs)epLPZZ4U(p*_]#-($.,^3+Dl^'CQ#}N{\|6,=&;
Feb 25, 2021 21:53:48.829678059 CET	1136	IN	Data Raw: 26 96 57 6c b8 9b 0f f0 9f 08 d0 03 4d 80 ea a5 7b 43 93 84 da 17 ab 91 ff d2 1c 61 8e c9 8a 37 94 25 89 0a e4 a5 a4 4e fa 35 1e 24 8c 6d 9e ee 9a 3a f2 23 dc 07 9b 81 1c a2 15 21 fc 11 ec 55 42 db 61 e0 44 58 fa b3 69 49 25 f3 38 f8 f1 f0 7f 1f Data Ascii: &WlM{Ca7%N5$m:#!UBaDXiI%8).+'kr:l-KTMg\ftQ-/#S`z1XT[&/6^9Mj2m0GDf4Q`/o6L!9qFB_,8
Feb 25, 2021 21:53:48.829715967 CET	1138	IN	Data Raw: a2 cb ed 50 b5 8c 95 c2 50 77 29 fd e7 4a 3b 4e 19 d7 c1 c3 40 5a a1 b6 d7 69 9d 20 99 22 46 1c 6d 21 a9 75 9c 15 01 c5 85 a6 18 bd 8a aa 17 01 a4 8a 39 3e 50 5c 08 c0 99 63 38 f9 52 98 70 63 9f 6a 50 39 58 ba 60 75 44 56 c3 99 38 80 fb 5a e3 d7 Data Ascii: PPw)J;N@Zi "Fm!u9>P\c8RpcjP9X`uDV8Z`Xj3,nFX>S(R%* =3wMHlB"'>XsV/\|; [04X5pi[8ZdhhjH>LcRMp/6N>N8=4N
Feb 25, 2021 21:53:48.829755068 CET	1139	IN	Data Raw: 81 91 24 e1 5c bc 8b 7a 31 9c cd 5e e9 bd dc a5 b5 49 6b 29 e0 36 70 5b b0 f0 b5 30 55 40 79 0d a2 2c cc 8b 85 a6 2c 98 2b 22 cc 80 34 a7 7e c0 b1 c5 a5 9d df 39 98 2c 37 f4 2f 64 8e 87 93 10 9c 3f 44 c7 bd 49 6d 22 1e cf 7a e3 1c ac 97 90 c5 25 Data Ascii: $\z1^Ik)6p[0U@y,,+"4~9,7/d?DIm"z%gp&'./EfO(GnGlH)uIdjd)0v>igKv*>;I^@pJ.,=9a-o"xPlo3'rJDV/q+
Feb 25, 2021 21:53:48.829794884 CET	1140	IN	Data Raw: 72 63 73 83 0b 25 69 6b c5 17 5f e3 6b 63 43 f5 4d e8 81 a7 be ea 7d 83 e3 91 94 84 90 5c bb 77 7a 9f 2c 70 18 1f 25 1d a0 46 96 45 1c fb 65 3d 47 f4 86 47 08 ed c7 9b c3 f8 e3 91 eb 94 8d 88 ad e4 30 17 8a 45 34 01 45 b4 c7 a5 56 bc 94 d7 4f ad Data Ascii: rcs%ik_kcCM}\wz,p%FEe=GG0E4EVO%E,I,4?I>p8Z\Xs95A)c'T,\|`g'Kg\|a~3\/1Fdyl 'H$pHaJj3RJjwc==N
Feb 25, 2021 21:53:48.829834938 CET	1142	IN	Data Raw: 17 c4 b6 46 d8 2f 48 aa f0 eb 79 28 67 6d 8d 02 bf e5 3a 74 95 24 34 16 28 42 1b 32 e6 d2 a6 12 02 d3 06 1a 90 22 70 9e 51 26 4f 60 42 8c 17 9a 01 c7 87 8b c1 ef 74 ad 9d e2 06 c3 5c df 40 38 f8 ac 2e cf 13 91 bb bd 93 11 29 e1 a1 f8 71 c4 e7 58 Data Ascii: F/Hy(gm:t$4(B2"pQ&O`Bt\@8.)qX@bJ[TX!Ls-@{a"5-1Wzzr V1l~(Ia8ex`TP)UG9=PB62&ae<V"sxFnC_P8[lUf9:p@hr$fVh-
Feb 25, 2021 21:53:48.829874039 CET	1143	IN	Data Raw: f4 4b 32 ad 40 28 16 4b df 3b a9 b1 ed 1b 49 19 7d 18 04 93 7c 4b ea 07 c7 e8 cf 1f c8 11 23 c9 ba 93 b0 aa 74 9d d1 d0 15 f6 b1 2d f7 0a 17 6a 31 95 8e 33 52 a1 5e ae f1 af 00 b3 3e 52 23 7c 76 a9 b7 98 87 da 10 d2 78 bb 91 7d ea 2d 71 fb a8 49 Data Ascii: K2@(K;I}\|K#t-j13R^>R#\|vx}-qId+Oz\f(%(ll&O`8;(RzI.?0qo<8y<:=){p:5`THg+>Q=n9#e
Feb 25, 2021 21:53:48.829911947 CET	1145	IN	Data Raw: 6a c9 e6 04 42 eb 41 61 b6 6c 1c 01 df e0 41 f3 e6 68 ef a7 13 78 83 dc 65 22 07 c0 52 1b e4 01 88 d9 60 04 90 72 39 bd be 7a 86 5f ba aa b6 16 a5 45 c5 6e 14 dd 8d f1 d1 40 9c dd 29 8c 5a 67 f0 b6 8e 14 0c 6c 19 35 50 91 d3 b4 84 46 e8 11 ee 85 Data Ascii: jBAalAhxe"R`r9z_En@)Zgl5PFQgPj@NPO]T(~bf<R`$trL`i\|?GYsGq,LVdl bCq\|r+tmTj%^G/2G/_tcm
Feb 25, 2021 21:53:48.957109928 CET	1148	IN	Data Raw: cc 97 fb 87 cf 77 f7 f0 06 40 56 ed 9d 5d d5 76 a4 b9 99 f6 cc 6e 67 e8 9e 81 b2 91 f4 5b 7f 06 39 6b f6 fe b2 df bf aa cd a0 b3 81 ee 40 0a d4 66 f0 85 bd 1e 4c d9 3e dc a6 b7 75 76 18 0a b5 1f 6e 8c ff 05 d6 78 cf a8 27 1d c3 3a 8f 3b b9 db 49 Data Ascii: w@V]vng[9k@fL>uvnx':;Ib8L+/6/ep;~,8`6?n\|+VjEK;D,UY^{4cQ[AH1e-.uRo~v{I~N#} 40!B
Feb 25, 2021 21:54:07.655030966 CET	1653	OUT	GET /support/ HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive Cookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D
Feb 25, 2021 21:54:08.008790970 CET	1653	IN	HTTP/1.1 302 Found Date: Thu, 25 Feb 2021 20:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; Expires=Thu, 04 Mar 2021 20:54:07 GMT; Path=/ Set-Cookie: AWSALBCORS=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; Expires=Thu, 04 Mar 2021 20:54:07 GMT; Path=/; SameSite=None Server: nginx P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: CAKEPHP=caa58e0fa02091d8517d35b02c8892bb; HttpOnly=1; Path=/; SameSite=None; Secure Location: http://www.tfaforms.com/pages/support X-FA-app: 10-107 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Feb 25, 2021 21:54:08.014332056 CET	1654	OUT	GET /pages/support HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive Cookie: AWSALB=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh; AWSALBCORS=w2xsCRk8PDwyPr2U7uUX039HzmHDtqkU4eBp/O2BRjf+Jny08ehMgk4sD2wTwPyNOmZN2UAaz6WF+V27xF0v0RPZjE1nQN4BrUwpRSJEq5UGNZxx90wDnvw9BcSh
Feb 25, 2021 21:54:08.260314941 CET	1655	IN	HTTP/1.1 302 Found Date: Thu, 25 Feb 2021 20:54:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=Q32h0UgGiAOSXfZRntdY3Ds23kDJARxefYd/AN3GfasjgFiEkSRIp6TVXZgtwERqE0AWEvtKxhTkhdmzdhprSbdeoCSzE0ELv96dzcdwZNB6UvJeXVo7jxRh6PnP; Expires=Thu, 04 Mar 2021 20:54:08 GMT; Path=/ Set-Cookie: AWSALBCORS=Q32h0UgGiAOSXfZRntdY3Ds23kDJARxefYd/AN3GfasjgFiEkSRIp6TVXZgtwERqE0AWEvtKxhTkhdmzdhprSbdeoCSzE0ELv96dzcdwZNB6UvJeXVo7jxRh6PnP; Expires=Thu, 04 Mar 2021 20:54:08 GMT; Path=/; SameSite=None Server: nginx P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: CAKEPHP=9337805f66c5e8fd50a05c0629e96888; HttpOnly=1; Path=/; SameSite=None; Secure Location: https://help.formassembly.com X-FA-app: 10-107 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49717	3.226.66.230	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 25, 2021 21:53:48.828516960 CET	1131	OUT	GET /js/iframe_message_helper_internal.js?v=2 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://www.tfaforms.com/responses/processor Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.tfaforms.com Connection: Keep-Alive Cookie: AWSALB=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL; AWSALBCORS=G5teNT+mPnhY4FafeUdFCQ4qpE7NMCAv52/lB6FGm+nJ8CQskggT5uw7fUU2YPyZOopJ7hJYfXTgmfwYtSLXzHuGXQFLqebmYZrsaIQDgKX/t5WSb1nhVUqL3YxL
Feb 25, 2021 21:53:48.957947969 CET	1176	IN	HTTP/1.1 200 OK Date: Thu, 25 Feb 2021 20:53:48 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=u+nSfl7Ae5PVrHQevIhhLhE+NJa8dvdDqC0lhr/2RIEgvo+O8ZWusO6Um5lD2NQo3dYZF3+cPB0SZmp7FFavhWzfoAntrs7gGGWpgpTJKv/Bw3kIrfdQ6X9im14G; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/ Set-Cookie: AWSALBCORS=u+nSfl7Ae5PVrHQevIhhLhE+NJa8dvdDqC0lhr/2RIEgvo+O8ZWusO6Um5lD2NQo3dYZF3+cPB0SZmp7FFavhWzfoAntrs7gGGWpgpTJKv/Bw3kIrfdQ6X9im14G; Expires=Thu, 04 Mar 2021 20:53:48 GMT; Path=/; SameSite=None Server: nginx Last-Modified: Thu, 25 Feb 2021 17:32:37 GMT ETag: W/"6037df35-4dca" X-FA-app: 10-107 Content-Encoding: gzip Data Raw: 31 61 36 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 c5 5c 6d 57 db d6 b2 fe de 5f b1 71 cf 32 72 10 c2 24 69 9a 9a ba dc b4 49 4f b8 27 81 de 40 7a ba 16 e5 64 c9 96 8c 95 c8 92 2b c9 10 0e f8 bf df e7 99 bd b7 de 6c 68 48 db 55 fa 02 96 b6 66 cf fb cc 9e 19 79 e7 c1 83 2f d4 03 75 32 8d 72 95 8f b3 68 5e a8 d9 22 2f d4 28 54 51 32 8e 17 41 18 e0 0f e5 ab 1f d3 6c f6 2c cf c3 d9 28 be 52 13 7c f0 f8 dc bf a7 61 a2 e2 d4 b7 cb 12 75 f0 e3 9b 67 af 5f b8 2a 2a d4 65 14 c7 6a 9c 26 45 94 2c d2 45 8e e7 f2 30 01 b8 22 57 8b 79 e0 17 61 40 10 d3 30 3a 9f 16 2a 4f 55 31 f5 0b fc 2f 94 67 fc 28 09 33 35 f6 b1 77 f0 9e 18 69 c0 76 79 91 aa 99 5f 8c a7 84 80 ad b8 4b 98 14 9b b9 b9 4f e4 78 eb 04 d0 e6 69 0e 0c ce 15 28 0c d2 24 c4 0e 59 ba 38 9f 82 a6 71 96 e6 f9 76 90 ce b0 99 9a 85 79 ee 9f 87 f8 3d 9e fa 49 94 6b 02 f3 68 36 8f c3 e3 22 cd 78 ef 7d ae e2 68 94 f9 d9 15 a1 f9 31 90 5e e4 e0 90 53 f2 6a 16 25 d1 24 c2 a5 51 18 a7 97 3d b5 6d 10 c4 f2 24 0c c9 26 60 9e 03 5c a8 c0 01 1f cb 8a cb 10 3c 9c 13 7c 86 67 fc 20 27 c3 c9 06 4d 71 9d 14 8b 23 f8 58 d8 55 93 34 c6 4e 24 90 52 f1 8b 01 77 9c ba d1 24 f3 67 e1 c1 73 b7 f0 b3 f3 b0 78 9b c5 86 25 db 6a 3a 50 61 84 0d 32 a0 74 69 19 8a 3d e7 d1 c7 30 ce 55 9a 91 35 e9 6c e6 43 58 71 f4 21 54 9d 7c 31 9a 45 05 04 d6 d9 23 74 25 e8 59 64 b2 70 1c 46 17 80 66 d0 9e fb 19 d1 03 4a 41 7a a9 95 00 0c 0d 62 68 54 a1 fc f1 38 cd 02 60 1b 5f 89 02 6d 2b 8b e8 40 80 2e 92 e8 b7 05 56 0a f6 ea e0 39 89 52 97 d3 68 3c 6d ec 69 75 d4 9f cf 63 70 db d5 58 01 81 54 e8 ba c4 1e 60 23 78 94 d7 38 a9 b2 45 92 90 51 45 a5 ed 42 cf b6 32 4c 7a f3 4a 63 31 f1 e3 78 e4 8f 3f 40 2b e3 45 11 a5 09 10 52 49 5a e2 2a d2 bf f0 a3 d8 1f c5 a1 61 09 c8 8d c6 50 6a bd e3 85 1f 83 8c 74 62 84 08 c5 ec e4 d9 b8 a3 fc a2 c8 a2 d1 a2 80 1a 02 5c 00 46 45 93 ab 8a a7 46 e4 ea c0 dc 21 b6 46 f1 47 57 15 96 9a ab 49 0a 2e a7 d9 07 e5 4f 8a 30 d3 40 a8 03 d0 23 11 58 9e 13 73 bf ce 82 35 78 88 95 66 Data Ascii: 1a69\mW_q2r$iIO'@zd+lhHUfy/u2rh^"/(TQ2Al,(R\|aug_*ej&E,E0"Wya@0:OU1/g(35wivy_KOxi($Y8qvy=Ikh6"x}h1^Sj%$Q=m$&`\<\|g 'Mq#XU4N$Rw$gsx%j:Pa2ti=0U5lCXq!T\|1E#t%YdpFfJAzbhT8`_m+@.V9Rh<miucpXT`#x8EQEB2LzJc1x?@+ERIZ*aPjtb\FEF!FGWI.O0@#Xs5xf
Feb 25, 2021 21:53:48.957986116 CET	1178	IN	Data Raw: a1 d8 c0 22 a1 ee 9f 6b c3 54 8a 0a 20 b7 41 7a 9c e2 7a a6 8d 4e 78 5a b2 0c ba 0b bf c0 95 45 43 48 75 c5 85 d0 81 d4 3c 05 8f 40 d1 8f 75 5f 12 a4 e3 c5 0c 7c f0 85 cf e2 03 c2 8f f3 98 26 69 28 87 cf 09 03 3e a8 55 bb 28 e6 f9 60 67 67 1a c6 Data Ascii: "kT AzzNxZECHu<@u_\|&i(>U(`ggsOTx%:!I/08G~Y0yoQm'Z/y~zz8LP=>`p(lNeQNnLSRwgupX\ChKN]gE?XfE
Feb 25, 2021 21:53:48.958024979 CET	1179	IN	Data Raw: 0a 66 c0 15 04 d7 39 c1 f1 4b 74 12 2a 0c 32 13 94 4e 3e 0f 92 5f 99 50 4c 26 52 77 7d eb 56 b2 61 e7 e8 5f 1d a8 5f 8e 03 28 4f 16 42 51 ef 7a 8c b3 aa ca 07 f2 ab d0 bf 16 83 cc b0 5b 07 cc 3d 9c fc fc 45 5c 94 97 6f 6e 2c 1f f9 97 a9 c5 c8 45 Data Ascii: f9Kt*2N>_PL&Rw}Va__(OBQz[=E\on,End7v$q!5XwG'_\\|~p;B>g^qUGFc4ju<\2rb7KvUABN(L rkIc\GV
Feb 25, 2021 21:53:48.958061934 CET	1181	IN	Data Raw: 32 2c 69 8a 29 b9 a1 e2 59 46 eb 20 ef b4 31 5a 59 00 ad 2b af 59 3a fe 09 cf 61 d0 55 93 0c 42 f2 d5 34 82 d5 26 12 89 15 fa fa 71 e0 ea fe 38 f7 c4 ee 9a 79 f2 3c aa 03 b5 08 55 c7 2c 08 69 04 6f df 1c fc 00 1a 31 81 90 14 26 86 94 c6 8b 12 82 Data Ascii: 2,i)YF 1ZY+Y:aUB4&q8y<U,io1&R-Mvz3Xer.ZOpvp.bAD%%Nh6n/O@$<l&-p6AS[T,*.4:3Vyq)4
Feb 25, 2021 21:53:48.958101034 CET	1182	IN	Data Raw: 29 a1 16 d9 c0 e0 d8 bf 28 13 0b 84 e1 46 04 60 56 01 5f 41 8f 6d df 40 a8 99 bc a6 00 8d 52 70 e4 11 5e 31 b9 d2 c5 32 cb 4e 8a b5 11 af 3f 3d 80 13 c4 67 aa 39 1f 6d ec ca 91 99 76 f0 5b 8d 6b ae ba 66 c7 57 ed f6 fb 7d f8 bc 27 e5 ff 1e 3e c6 Data Ascii: )(F`V_Am@Rp^12N?=g9mv[kfW}'>Grpy?R(?t3R4T=Ysflmdt`D%l=x~hW-Z"@D~c8R%)}BIf0WDFNfl_O_6Aa
Feb 25, 2021 21:53:48.958134890 CET	1183	IN	Data Raw: 39 a0 02 43 18 53 ce 59 44 09 fe ba fc 11 9b 57 49 38 b6 40 2a 01 d8 59 08 ff 86 91 a2 f3 05 ea 5a 38 7c 30 29 01 e6 cc 9a 6a 3c 02 6d 70 ff 15 53 58 5b 44 de 2a fb 57 6c b9 a7 9a 94 7a 02 64 de 84 97 59 24 65 b5 e4 83 1c 3f 6d 73 a2 1c 25 a1 1c Data Ascii: 9CSYDWI8@YZ8\|0)j<mpSX[DWlzdY$e?ms%Bn\|P;j;HB?@W!XJ)W$3FhZk7-((62/raW;O0B9OA;.HSN`=uxRg\/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49724	3.226.66.230	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 25, 2021 21:54:04.768224001 CET	1621	OUT	GET /responses/favicon.ico HTTP/1.1 User-Agent: AutoIt Host: www.tfaforms.com Cookie: AWSALB=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ; AWSALBCORS=rX+ntaeAJCEkzztTjGj94kJTM2s7FB1FnMDrpmrd32zmMXoTesGf8ZLBQdoUumC0EQIhtCim8tUb7TVUDZ+ZTwG+x22XOR6IjUEs2Y16AidM6w3hGoDIn5hX8FSZ
Feb 25, 2021 21:54:05.075164080 CET	1623	IN	HTTP/1.1 404 Not Found Date: Thu, 25 Feb 2021 20:54:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: AWSALB=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/ Set-Cookie: AWSALBCORS=Jr1KpBU0IiY2xw54lW1Dmf0+Y1qJzsbrtbg4DyaV5cWmuitGVUmQvVYJhx9Bccjkyqn1DwY/lWDeTSADlti3m4300rktFVFipBuOGSfwKq+wQcNmzRqe/UV6ql2D; Expires=Thu, 04 Mar 2021 20:54:04 GMT; Path=/; SameSite=None Server: nginx P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: CAKEPHP=08f519fdfa456469e460b5af44981a9f; HttpOnly=1; Path=/; SameSite=None; Secure Data Raw: 36 63 62 30 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 69 6e 69 74 3d 7b 70 72 69 76 61 63 79 3a 7b 63 6f 6f 6b 69 65 73 5f 65 6e 61 62 6c 65 64 3a 66 61 6c 73 65 7d 7d 3b 28 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 29 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 3d 7b 78 70 69 64 3a 22 56 51 41 4f 55 56 42 54 43 78 41 4a 56 46 46 55 44 67 63 46 56 41 3d 3d 22 2c 6c 69 63 65 6e 73 65 4b 65 79 3a 22 63 33 33 32 39 34 66 35 64 66 22 2c 61 70 70 6c 69 63 61 74 69 6f 6e 49 44 3a 22 39 30 30 36 39 36 32 32 22 7d 3b 77 69 6e 64 6f 77 2e 4e 52 45 55 4d 7c 7c 28 4e 52 45 55 4d 3d 7b 7d 29 2c 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 69 66 28 21 65 5b 6e 5d 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 74 5b 6e 5d 5b 30 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 69 3d 74 5b 6e 5d 5b 31 5d 5b 65 5d 3b 72 65 74 75 72 6e 20 72 28 69 7c 7c 65 29 7d 2c 69 2c 69 2e 65 78 70 6f 72 74 73 29 7d 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 65 78 70 6f 72 74 73 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 29 72 65 74 75 72 6e 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3b 66 6f 72 28 76 61 72 20 69 3d 30 3b 69 3c 6e 2e 6c 65 6e 67 74 68 3b Data Ascii: 6cb0<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><script type="text/javascript">(window.NREUM\|\|(NREUM={})).init={privacy:{cookies_enabled:false}};(window.NREUM\|\|(NREUM={})).loader_config={xpid:"VQAOUVBTCxAJVFFUDgcFVA==",licenseKey:"c33294f5df",applicationID:"90069622"};window.NREUM\|\|(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var i=e[n]={exports:{}};t[n][0].call(i.exports,function(e){var i=t[n][1][e];return r(i\|\|e)},i,i.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0;i<n.length;
Feb 25, 2021 21:54:05.075222015 CET	1624	IN	Data Raw: 69 2b 2b 29 72 28 6e 5b 69 5d 29 3b 72 65 74 75 72 6e 20 72 7d 28 7b 31 3a 5b 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 74 29 7b 74 72 79 7b 63 2e 63 6f 6e 73 6f 6c 65 26 26 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 Data Ascii: i++)r(n[i]);return r}({1:[function(t,e,n){function r(t){try{c.console&&console.log(t)}catch(e){}}var i,o=t("ee"),a=t(23),c={};try{i=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(c.console=!0,i.indexOf(
Feb 25, 2021 21:54:05.075264931 CET	1626	IN	Data Raw: 26 28 70 2d 3d 31 29 7d 29 2c 63 2e 6f 6e 28 22 69 6e 74 65 72 6e 61 6c 2d 65 72 72 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6f 28 22 69 65 72 72 22 2c 5b 74 2c 73 2e 6e 6f 77 28 29 2c 21 30 5d 29 7d 29 7d 2c 7b 7d 5d 2c 33 3a 5b 66 75 6e Data Ascii: &(p-=1)}),c.on("internal-error",function(t){o("ierr",[t,s.now(),!0])})},{}],3:[function(t,e,n){t("loader").features.ins=!0},{}],4:[function(t,e,n){function r(t){}if(window.performance&&window.performance.timing&&window.performance.getEntriesBy
Feb 25, 2021 21:54:05.075301886 CET	1627	IN	Data Raw: 75 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6f 28 64 2c 5b 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 6c 29 5d 29 2c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 5b 22 77 65 Data Ascii: u,function(t){o(d,[window.performance.getEntriesByType(l)]),window.performance["webkitC"+s]()},!1)),document[f]("scroll",r,{passive:!0}),document[f]("keypress",r,!1),document[f]("click",r,!1)}},{}],5:[function(t,e,n){function r(t){for(var e=t;
Feb 25, 2021 21:54:05.075341940 CET	1628	IN	Data Raw: 65 2e 65 78 70 6f 72 74 73 3d 69 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2c 73 3d 22 66 65 74 63 68 2d 22 2c 66 3d 73 2b 22 62 6f 64 79 2d 22 2c 75 3d 5b 22 61 72 72 61 79 42 75 66 66 65 72 22 2c 22 62 6c 6f 62 22 2c 22 6a 73 6f 6e 22 2c 22 74 65 Data Ascii: e.exports=i;var c=window,s="fetch-",f=s+"body-",u=["arrayBuffer","blob","json","text","formData"],d=c.Request,l=c.Response,p=c.fetch,h="prototype",m="nr@context";d&&l&&p&&(a(u,function(t,e){r(d[h],e,f),r(l[h],e,f)}),r(c,"fetch",s),i.on(s+"end"
Feb 25, 2021 21:54:05.075396061 CET	1630	IN	Data Raw: 28 74 2c 65 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 65 29 7b 64 2e 69 6e 50 6c 61 63 65 28 65 2c 5b 22 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 22 5d 2c 22 66 6e 2d 22 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 76 Data Ascii: (t,e,n){function r(t,e){d.inPlace(e,["onreadystatechange"],"fn-",c)}function i(){var t=this,e=u.context(t);t.readyState>3&&!e.resolved&&(e.resolved=!0,u.emit("xhr-resolved",[],t)),d.inPlace(t,g,"fn-",c)}function o(t){y.push(t),h&&(b?b.then(a):
Feb 25, 2021 21:54:05.075439930 CET	1631	IN	Data Raw: 7c 7c 6e 75 6c 6c 2c 66 3d 28 65 2e 6c 6f 61 64 65 72 5f 63 6f 6e 66 69 67 2e 74 72 75 73 74 4b 65 79 7c 7c 22 22 29 2e 74 6f 53 74 72 69 6e 67 28 29 7c 7c 6e 75 6c 6c 3b 69 66 28 21 6e 7c 7c 21 72 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 Data Ascii: \|\|null,f=(e.loader_config.trustKey\|\|"").toString()\|\|null;if(!n\|\|!r)return null;var h=p.generateSpanId(),m=p.generateTraceId(),w=Date.now(),v={spanId:h,traceId:m,timestamp:w};return(t.sameOrigin\|\|s(t)&&l())&&(v.traceContextParentHeader=i(h,m),v
Feb 25, 2021 21:54:05.075479031 CET	1633	IN	Data Raw: 65 61 64 65 72 7d 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 72 65 74 75 72 6e 22 69 6e 69 74 22 69 6e 20 4e 52 45 55 4d 26 26 22 64 69 73 74 72 69 62 75 74 65 64 5f 74 72 61 63 69 6e 67 22 69 6e 20 4e 52 45 55 4d 2e 69 6e 69 74 26 26 4e 52 45 55 4d Data Ascii: eader}function d(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&NREUM.init.distributed_tracing.cors_use_newrelic_header!==!1}function l(){return"init"in NREUM&&"distributed_tracing"in NREUM.init&&!!NREUM.init.distributed_tracing.c
Feb 25, 2021 21:54:05.075516939 CET	1634	IN	Data Raw: 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 2e 74 6f 74 61 6c 43 62 73 3d 30 2c 65 2e 63 61 6c 6c 65 64 3d 30 2c 65 2e 63 62 54 69 6d 65 3d 30 2c 65 2e 65 6e 64 3d 72 2c 65 2e 65 6e 64 65 64 3d 21 31 2c 65 2e 78 68 72 47 75 69 64 Data Ascii: tion(t){var e=this;e.totalCbs=0,e.called=0,e.cbTime=0,e.end=r,e.ended=!1,e.xhrGuids={},e.lastSize=null,e.loadCaptureCalled=!1,t.addEventListener("load",function(n){o(e,t)},!1),h&&(h>34\|\|h<10)\|\|window.opera\|\|t.addEventListener("progress",functi
Feb 25, 2021 21:54:05.075567007 CET	1636	IN	Data Raw: 68 69 73 2e 6f 6e 6c 6f 61 64 43 61 6c 6c 65 64 3d 21 30 3a 74 68 69 73 2e 63 61 6c 6c 65 64 2b 3d 31 2c 74 68 69 73 2e 63 61 6c 6c 65 64 21 3d 3d 74 68 69 73 2e 74 6f 74 61 6c 43 62 73 7c 7c 21 74 68 69 73 2e 6f 6e 6c 6f 61 64 43 61 6c 6c 65 64 Data Ascii: his.onloadCalled=!0:this.called+=1,this.called!==this.totalCbs\|\|!this.onloadCalled&&"function"==typeof n.onload\|\|this.end(n)}),u.on("xhr-load-added",function(t,e){var n=""+p(t)+!!e;this.xhrGuids&&!this.xhrGuids[n]&&(this.xhrGuids[n]=!0,this.to
Feb 25, 2021 21:54:05.203764915 CET	1637	IN	Data Raw: 69 6e 3d 74 68 69 73 2e 70 61 72 73 65 64 4f 72 69 67 69 6e 2e 73 61 6d 65 4f 72 69 67 69 6e 29 3b 76 61 72 20 69 3d 66 28 74 68 69 73 2e 70 61 72 73 65 64 4f 72 69 67 69 6e 29 3b 69 66 28 69 26 26 28 69 2e 6e 65 77 72 65 6c 69 63 48 65 61 64 65 Data Ascii: in=this.parsedOrigin.sameOrigin);var i=f(this.parsedOrigin);if(i&&(i.newrelicHeader\|\|i.traceContextParentHeader))if("string"==typeof t[0]\|\|window.URL&&t[0]&&t[0]instanceof URL){var o={};for(var a in r)o[a]=r[a];o.headers=new Headers(r.headers\|

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 25, 2021 21:54:08.611567020 CET	54.152.202.195	443	192.168.2.5	49727	CN=help.formassembly.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sun Jan 31 17:22:30 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Sat May 01 18:22:30 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:08.611567020 CET	54.152.202.195	443	192.168.2.5	49727	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:08.614350080 CET	54.152.202.195	443	192.168.2.5	49728	CN=help.formassembly.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sun Jan 31 17:22:30 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Sat May 01 18:22:30 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:08.614350080 CET	54.152.202.195	443	192.168.2.5	49728	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:09.286130905 CET	13.224.89.142	443	192.168.2.5	49733	CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue May 26 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Apr 21 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Feb 25, 2021 21:54:09.286622047 CET	13.224.89.142	443	192.168.2.5	49731	CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue May 26 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Apr 21 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Feb 25, 2021 21:54:09.286655903 CET	13.224.89.142	443	192.168.2.5	49732	CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue May 26 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Apr 21 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Feb 25, 2021 21:54:09.286887884 CET	13.224.89.142	443	192.168.2.5	49734	CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue May 26 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Apr 21 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Feb 25, 2021 21:54:09.335412979 CET	13.224.89.142	443	192.168.2.5	49739	CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue May 26 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Apr 21 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Feb 25, 2021 21:54:09.349229097 CET	13.224.89.142	443	192.168.2.5	49740	CN=*.cloudfront.net, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Tue May 26 02:00:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Wed Apr 21 14:00:00 CEST 2021 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
Feb 25, 2021 21:54:10.427422047 CET	54.152.202.195	443	192.168.2.5	49748	CN=*.knowledgeowl.com, OU=PremiumSSL Wildcard, OU=IT, O=Silly Moose LLC, STREET=2552 W 133rd Circle, L=Broomfield, ST=Colorado, OID.2.5.4.17=80020, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Jul 19 02:00:00 CEST 2019 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010	Tue Jul 27 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Feb 01 01:00:00 CET 2010	Tue Jan 19 00:59:59 CET 2038
Feb 25, 2021 21:54:10.430417061 CET	54.152.202.195	443	192.168.2.5	49744	CN=*.knowledgeowl.com, OU=PremiumSSL Wildcard, OU=IT, O=Silly Moose LLC, STREET=2552 W 133rd Circle, L=Broomfield, ST=Colorado, OID.2.5.4.17=80020, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Jul 19 02:00:00 CEST 2019 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010	Tue Jul 27 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Feb 01 01:00:00 CET 2010	Tue Jan 19 00:59:59 CET 2038
Feb 25, 2021 21:54:10.433835030 CET	54.152.202.195	443	192.168.2.5	49749	CN=*.knowledgeowl.com, OU=PremiumSSL Wildcard, OU=IT, O=Silly Moose LLC, STREET=2552 W 133rd Circle, L=Broomfield, ST=Colorado, OID.2.5.4.17=80020, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Jul 19 02:00:00 CEST 2019 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010	Tue Jul 27 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Feb 01 01:00:00 CET 2010	Tue Jan 19 00:59:59 CET 2038
Feb 25, 2021 21:54:10.436851025 CET	54.152.202.195	443	192.168.2.5	49747	CN=*.knowledgeowl.com, OU=PremiumSSL Wildcard, OU=IT, O=Silly Moose LLC, STREET=2552 W 133rd Circle, L=Broomfield, ST=Colorado, OID.2.5.4.17=80020, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Jul 19 02:00:00 CEST 2019 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010	Tue Jul 27 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Feb 01 01:00:00 CET 2010	Tue Jan 19 00:59:59 CET 2038
Feb 25, 2021 21:54:10.452405930 CET	54.152.202.195	443	192.168.2.5	49746	CN=*.knowledgeowl.com, OU=PremiumSSL Wildcard, OU=IT, O=Silly Moose LLC, STREET=2552 W 133rd Circle, L=Broomfield, ST=Colorado, OID.2.5.4.17=80020, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Jul 19 02:00:00 CEST 2019 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010	Tue Jul 27 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Feb 01 01:00:00 CET 2010	Tue Jan 19 00:59:59 CET 2038
Feb 25, 2021 21:54:10.457192898 CET	54.152.202.195	443	192.168.2.5	49750	CN=*.knowledgeowl.com, OU=PremiumSSL Wildcard, OU=IT, O=Silly Moose LLC, STREET=2552 W 133rd Circle, L=Broomfield, ST=Colorado, OID.2.5.4.17=80020, C=US CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Jul 19 02:00:00 CEST 2019 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010	Tue Jul 27 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Feb 01 01:00:00 CET 2010	Tue Jan 19 00:59:59 CET 2038
Feb 25, 2021 21:54:11.637028933 CET	35.174.150.168	443	192.168.2.5	49756	CN=pi.pardot.com, O="salesforce.com, inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Sat Dec 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Sun Dec 05 00:59:59 CET 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.637028933 CET	35.174.150.168	443	192.168.2.5	49756	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.637166023 CET	35.174.150.168	443	192.168.2.5	49757	CN=pi.pardot.com, O="salesforce.com, inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Sat Dec 05 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Sun Dec 05 00:59:59 CET 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.637166023 CET	35.174.150.168	443	192.168.2.5	49757	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.652435064 CET	104.196.12.68	443	192.168.2.5	49754	CN=www.formassembly.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 13 14:25:04 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Tue Apr 13 15:25:04 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.652435064 CET	104.196.12.68	443	192.168.2.5	49754	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.654108047 CET	104.196.12.68	443	192.168.2.5	49755	CN=www.formassembly.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 13 14:25:04 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Tue Apr 13 15:25:04 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 25, 2021 21:54:11.654108047 CET	104.196.12.68	443	192.168.2.5	49755	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4616 Parent PID: 792

General

Start time:	21:53:46
Start date:	25/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7395b0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4588 Parent PID: 4616

General

Start time:	21:53:46
Start date:	25/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4616 CREDAT:17410 /prefetch:2
Imagebase:	0x950000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://www.tfaforms.com/responses/processor

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4616 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4588 Parent PID: 4616

General

Chronological Activities

Disassembly