Play interactive tour

Edit tour

Analysis Report RFQ #46200058149.exe

Overview

General Information

Sample Name:	RFQ #46200058149.exe
Analysis ID:	383193
MD5:	67b96dc502b0c7a496092d7e6d1da6c5
SHA1:	a7c79eeaaafb23e8e40457cd5d44c61148cd1f5f
SHA256:	ef5cb0bfe2d23b7a13b685f43dc9a100dac402023e11dce7991173bde63b298e
Tags:	exeNanoCoreRAT
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Nanocore Rat

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Nanocore RAT

Hides that the sample has been downloaded from the Internet (zone.identifier)

Hides threads from debuggers

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Startup

System is w10x64

RFQ #46200058149.exe (PID: 5340 cmdline: 'C:\Users\user\Desktop\RFQ #46200058149.exe' MD5: 67B96DC502B0C7A496092D7E6D1DA6C5)

cmd.exe (PID: 5912 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

timeout.exe (PID: 5504 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

RFQ #46200058149.exe (PID: 5972 cmdline: C:\Users\user\Desktop\RFQ #46200058149.exe MD5: 67B96DC502B0C7A496092D7E6D1DA6C5)

WerFault.exe (PID: 5416 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 2672 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x105d5:$x1: NanoCore.ClientPluginHost 0x10612:$x2: IClientNetworkHost 0x14145:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1033d:$a: NanoCore 0x1034d:$a: NanoCore 0x10581:$a: NanoCore 0x10595:$a: NanoCore 0x105d5:$a: NanoCore 0x1039c:$b: ClientPlugin 0x1059e:$b: ClientPlugin 0x105de:$b: ClientPlugin 0x104c3:$c: ProjectData 0x10eca:$d: DESCrypto 0x18896:$e: KeepAlive 0x16884:$g: LogClientMessage 0x12a7f:$i: get_Connected 0x11200:$j: #=q 0x11230:$j: #=q 0x1124c:$j: #=q 0x1127c:$j: #=q 0x11298:$j: #=q 0x112b4:$j: #=q 0x112e4:$j: #=q 0x11300:$j: #=q
00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x223f5:$x1: NanoCore.ClientPluginHost 0x55015:$x1: NanoCore.ClientPluginHost 0x22432:$x2: IClientNetworkHost 0x55052:$x2: IClientNetworkHost 0x25f65:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x58b85:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x2215d:$a: NanoCore 0x2216d:$a: NanoCore 0x223a1:$a: NanoCore 0x223b5:$a: NanoCore 0x223f5:$a: NanoCore 0x54d7d:$a: NanoCore 0x54d8d:$a: NanoCore 0x54fc1:$a: NanoCore 0x54fd5:$a: NanoCore 0x55015:$a: NanoCore 0x221bc:$b: ClientPlugin 0x223be:$b: ClientPlugin 0x223fe:$b: ClientPlugin 0x54ddc:$b: ClientPlugin 0x54fde:$b: ClientPlugin 0x5501e:$b: ClientPlugin 0x222e3:$c: ProjectData 0x54f03:$c: ProjectData 0x22cea:$d: DESCrypto 0x5590a:$d: DESCrypto 0x2a6b6:$e: KeepAlive
Process Memory Space: RFQ #46200058149.exe PID: 5340	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf3c0c9:$x1: NanoCore.ClientPluginHost 0x11a16ef:$x1: NanoCore.ClientPluginHost 0x11c049f:$x1: NanoCore.ClientPluginHost 0xf3c12a:$x2: IClientNetworkHost 0x11a1750:$x2: IClientNetworkHost 0x11c0500:$x2: IClientNetworkHost 0xf4152f:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xf4f4a1:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x11a6b55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x11b4ac7:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x11c5905:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x11d3877:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: RFQ #46200058149.exe PID: 5340	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: RFQ #46200058149.exe PID: 5340	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xf3bbce:$a: NanoCore 0xf3bbea:$a: NanoCore 0xf3bd45:$a: NanoCore 0xf3bd54:$a: NanoCore 0xf3c02d:$a: NanoCore 0xf3c059:$a: NanoCore 0xf3c0c9:$a: NanoCore 0xf4bb0b:$a: NanoCore 0xf4bb1d:$a: NanoCore 0xf4bb59:$a: NanoCore 0x11a11f4:$a: NanoCore 0x11a1210:$a: NanoCore 0x11a136b:$a: NanoCore 0x11a137a:$a: NanoCore 0x11a1653:$a: NanoCore 0x11a167f:$a: NanoCore 0x11a16ef:$a: NanoCore 0x11b1131:$a: NanoCore 0x11b1143:$a: NanoCore 0x11b117f:$a: NanoCore 0x11bffa4:$a: NanoCore
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.RFQ #46200058149.exe.505e448.10.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.RFQ #46200058149.exe.505e448.10.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
0.2.RFQ #46200058149.exe.505e448.10.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.RFQ #46200058149.exe.505e448.10.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.RFQ #46200058149.exe.505e448.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.RFQ #46200058149.exe.505e448.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.RFQ #46200058149.exe.505e448.10.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.RFQ #46200058149.exe.505e448.10.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
0.3.RFQ #46200058149.exe.5091268.0.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x42dad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x42dea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4691d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.3.RFQ #46200058149.exe.5091268.0.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x42b25:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x42dad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x443e6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x443da:$s2: FileCommand 0x1266b:$s3: PipeExists 0x4528b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4b042:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x42dd7:$s5: IClientLoggingHost
0.3.RFQ #46200058149.exe.5091268.0.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.3.RFQ #46200058149.exe.5091268.0.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42b15:$a: NanoCore 0x42b25:$a: NanoCore 0x42d59:$a: NanoCore 0x42d6d:$a: NanoCore 0x42dad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42b74:$b: ClientPlugin 0x42d76:$b: ClientPlugin 0x42db6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x42c9b:$c: ProjectData 0x10a82:$d: DESCrypto 0x436a2:$d: DESCrypto 0x1844e:$e: KeepAlive
Click to see the 7 entries

Sigma Overview

System Summary:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\RFQ #46200058149.exe, ProcessId: 5972, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE

Source: unknown

HTTPS traffic detected: 172.67.150.212:443 -> 192.168.2.5:49699 version: TLS 1.0

Source: RFQ #46200058149.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: dhcpcsvc.pdb$ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: rsaenh.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb3y source: RFQ #46200058149.exe, 00000007.00000003.443708855.00000000064D5000.00000004.00000001.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: RFQ #46200058149.exe, 00000000.00000002.301989509.0000000005979000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb* source: RFQ #46200058149.exe, 00000000.00000002.301989509.0000000005979000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.247025053.00000000035A1000.00000004.00000001.sdmp
Source:	Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mskeyprotect.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: secur32.pdbR source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: ml.pdb? source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.247731524.0000000003595000.00000004.00000001.sdmp
Source:	Binary string: mskeyprotect.pdb=[ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: cryptnet.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: dnsapi.pdb2 source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: winnsi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ml.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: clr.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: .ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: cryptsp.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: CLBCatQ.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: urlmon.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: schannel.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: RFQ #46200058149.PDBTwB source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.247492157.00000000035A7000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: RFQ #46200058149.exe, 00000000.00000002.302123092.00000000059FC000.00000004.00000001.sdmp
Source:	Binary string: shcore.pdbn source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: jVisualBasic.pdb,+K source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: System.Xml.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: indows.Forms.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: mscoree.pdb source: WerFault.exe, 0000000B.00000003.259007833.00000000059A0000.00000004.00000040.sdmp
Source:	Binary string: crypt32.pdbF source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: WLDP.pdbD source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: iertutil.pdbZ source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: mscorsecimpl.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: imagehlp.pdbX source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: nsi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Configuration.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: webio.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: gpapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: msvcr120_clr0400.i386.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: System.Configuration.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\user\Desktop\RFQ #46200058149.PDB/ source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: iertutil.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: cryptsp.pdbL source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.pdb?W source: WerFault.exe, 0000000B.00000003.258734874.000000000581E000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: msasn1.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb_ source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.pdb source: RFQ #46200058149.exe, 00000000.00000002.301971445.0000000005960000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: comctl32v582.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: RFQ #46200058149.exe, 00000007.00000003.443708855.00000000064D5000.00000004.00000001.sdmp
Source:	Binary string: System.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258734874.000000000581E000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb( source: WerFault.exe, 0000000B.00000003.247025053.00000000035A1000.00000004.00000001.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDSO* source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: urlmon.pdbh source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: ncrypt.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: secur32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.259007833.00000000059A0000.00000004.00000040.sdmp
Source:	Binary string: rasapi32.pdb> source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: rasadhlp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ml.ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: schannel.pdb^ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdbT3#l source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdbRSDSD source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.pdb-3853321935-2125563209-4053062332-1002_Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler source: RFQ #46200058149.exe, 00000007.00000003.425042337.00000000064DB000.00000004.00000001.sdmp
Source:	Binary string: wmswsock.pdbl source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: Kernel.Appcore.pdb! source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: .pdb, source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: wUxTheme.pdbt source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: jLC:\Windows\Microsoft.VisualBasic.pdb source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: dnsapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: fwpuclnt.pdb8 source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: rasapi32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: diasymreader.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdbf source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: winhttp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: comctl32v582.pdb=R source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: winhttp.pdb* source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ntasn1.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb@ source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: rtutils.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 0000000B.00000003.247731524.0000000003595000.00000004.00000001.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: cabinet.pdb` source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: WLDP.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: clrjit.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: cabinet.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: rasman.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb0 source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: mscorlib.pdb853321935-2125563209-4053062332-1002_Classes\WOW6432Node\CLSID\{9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917}\InprocServer32 source: RFQ #46200058149.exe, 00000000.00000002.301971445.0000000005960000.00000004.00000001.sdmp
Source:	Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: ncryptsslp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: nsi.pdb=[ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wmswsock.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: version.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: onfiguration.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: wintrust.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: System.pdb source: WerFault.exe, 0000000B.00000003.258734874.000000000581E000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: ore.ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: ore.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: psapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Windows.Forms.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: fwpuclnt.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: cldapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000B.00000003.247492157.00000000035A7000.00000004.00000001.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mscoreei.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Core.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: powrprof.pdbT source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: CLBCatQ.pdbz source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.pdb8 source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: crypt32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: edputil.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49700 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49701 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49708 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49711 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49717 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49721 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49724 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49725 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49727 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49728 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49731 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49737 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49738 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49739 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49740 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49741 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49744 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49745 -> 45.15.143.169:5353
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49746 -> 45.15.143.169:5353

Source: global traffic

HTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FE6EFB3AED9F05224C930BEF8BE1CC20.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: myliverpoolnews.cfConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 172.67.150.212 172.67.150.212

Source: Joe Sandbox View

ASN Name: DEDIPATH-LLCUS DEDIPATH-LLCUS

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown

HTTPS traffic detected: 172.67.150.212:443 -> 192.168.2.5:49699 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.143.169

Source: global traffic

Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer\|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer\|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer\|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer\|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections & Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.facebook.com (Facebook)
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer\|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer\|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer\|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer\|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections & Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.twitter.com (Twitter)
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header\|MainLogo\|Image\|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header\|DropDown\|Text\|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header\|SectionLabel\|Text\|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header\|MainLogo\|Image\|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header\|DropDown\|Text\|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header\|SectionLabel\|Text\|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: <meta property="og:site_name" content="Liverpool.com"><meta property="og:language" content="en"><meta property="og:type" content="article"><meta property="og:title" content="The Brewster Experience has underdelivered so far, but that will change"><meta property="og:url" content="https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763"><meta property="og:description" content="Rhian Brewster was hyped up before the start of the season, but was that fair?"><meta property="og:image" content="https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178657262.jpg"><meta property="og:section" content="Features"><meta property="article:tag" content="Rhian Brewster"><meta property="article:author" content="https://www.facebook.com/kristianwalsh1987/"><meta property="article:published_time" content="2019-10-30T16:00:00Z"><meta property="article:modified_time" content="2019-10-30T15:36:53Z"><meta property="article:expiration_time" content="2019-11-29T15:36:53Z"><meta property="article:section" content="Features"><meta property="article:id" content="liverpool-17172763"> equals www.facebook.com (Facebook)
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster's feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle\|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.facebook.com (Facebook)
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster's feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle\|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.twitter.com (Twitter)

Source: unknown

DNS traffic detected: queries for: myliverpoolnews.cf

Source: RFQ #46200058149.exe, 00000000.00000002.296584123.00000000032E4000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: RFQ #46200058149.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: RFQ #46200058149.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: RFQ #46200058149.exe, 00000000.00000002.296584123.00000000032E4000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: RFQ #46200058149.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: RFQ #46200058149.exe, 00000000.00000002.302123092.00000000059FC000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: RFQ #46200058149.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: RFQ #46200058149.exe, 00000000.00000002.296584123.00000000032E4000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
Source: RFQ #46200058149.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RFQ #46200058149.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: RFQ #46200058149.exe, 00000000.00000002.296513368.0000000003291000.00000004.00000001.sdmp	String found in binary or memory: http://myliverpoolnews.cf
Source: RFQ #46200058149.exe, 00000000.00000002.296513368.0000000003291000.00000004.00000001.sdmp	String found in binary or memory: http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-
Source: RFQ #46200058149.exe, 00000000.00000002.296584123.00000000032E4000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: RFQ #46200058149.exe, 00000000.00000002.302123092.00000000059FC000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: RFQ #46200058149.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: RFQ #46200058149.exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: http://schema.org/BreadcrumbList
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: http://schema.org/ListItem
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: http://schema.org/NewsArticle
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Source: RFQ #46200058149.exe, 00000000.00000002.296513368.0000000003291000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
Source: WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
Source: RFQ #46200058149.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: RFQ #46200058149.exe, 00000000.00000002.296584123.00000000032E4000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0v
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://c.amazon-adsystem.com/aax2/apstag.js
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://felix.data.tm-awx.com
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://felix.data.tm-awx.com/ampconfig.json"
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://felix.data.tm-awx.com/felix.min.js
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/ded/script.js
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article17156435.ece/ALTERNATES/s615/1_GettyImages-1183794835.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s180/0_Curtis-10.png
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s220b/0_Salah-Goal-vs-Leeds.jp
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s615/0_GettyImages-1302496803.
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://mab.data.tm-awx.com/rhs"
Source: RFQ #46200058149.exe, 00000000.00000002.296563326.00000000032CF000.00000004.00000001.sdmp	String found in binary or memory: https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal
Source: RFQ #46200058149.exe, 00000000.00000002.296563326.00000000032CF000.00000004.00000001.sdmp	String found in binary or memory: https://myliverpoolnews.cf4
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://quantcast.mgr.consensu.org
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://reach-id.orbit.tm-awx.com/analytics.js.gz
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://reachplc.hub.loginradius.com"
Source: RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://s2-prod.liverpool.com
Source: RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://s2-prod.liverpool.com/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://s2-prod.mirror.co.uk/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://trinitymirror.grapeshot.co.uk/
Source: RFQ #46200058149.exe	String found in binary or memory: https://www.digicert.com/CPS0
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M3TH25P
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/andrew-robertson
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/champions-league
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/curtis-jones
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/georginio-wijnaldum
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/mohamed-salah
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/ozan-kabak
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/premier-league
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/sadio-mane
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/steven-gerrard
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/transfers
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-17164868
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-jones-jurgen-klopp-19941053
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533
Source: RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-sadio-mane-expected-goals-19932676
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/schedule/
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154
Source: RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/search/

Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 2672

Source: RFQ #46200058149.exe

Static PE information: invalid certificate

Source: RFQ #46200058149.exe	Binary or memory string: OriginalFilename vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.296161892.00000000018D0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.293497076.0000000000EA2000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameL vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.306600775.0000000008990000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.296131286.00000000018A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.301229918.0000000004F52000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameRunPeBraba.dll6 vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.303465347.00000000061E0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.296215366.00000000018F0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.296012696.0000000001700000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dllj% vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameGPvY NLF.exe2 vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.307045747.0000000008B60000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.306403675.00000000076C0000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000000.00000002.306403675.00000000076C0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000007.00000003.249307167.0000000000DB1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe, 00000007.00000000.238080626.0000000000642000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameL vs RFQ #46200058149.exe
Source: RFQ #46200058149.exe	Binary or memory string: OriginalFilenameL vs RFQ #46200058149.exe

Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: classification engine

Classification label: mal88.troj.evad.winEXE@9/11@2/3

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

File created: C:\Users\user\AppData\Local\?????????????????????????

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5340
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{c0340967-aec0-4bf6-856f-1aecda114896}

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FCE.tmp

Jump to behavior

Source: RFQ #46200058149.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

File read: C:\Users\user\Desktop\RFQ #46200058149.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RFQ #46200058149.exe 'C:\Users\user\Desktop\RFQ #46200058149.exe'
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout 1
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Users\user\Desktop\RFQ #46200058149.exe C:\Users\user\Desktop\RFQ #46200058149.exe
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 2672
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Users\user\Desktop\RFQ #46200058149.exe C:\Users\user\Desktop\RFQ #46200058149.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout 1	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: RFQ #46200058149.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: RFQ #46200058149.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: dhcpcsvc.pdb$ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: rsaenh.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb3y source: RFQ #46200058149.exe, 00000007.00000003.443708855.00000000064D5000.00000004.00000001.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: RFQ #46200058149.exe, 00000000.00000002.301989509.0000000005979000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb* source: RFQ #46200058149.exe, 00000000.00000002.301989509.0000000005979000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.247025053.00000000035A1000.00000004.00000001.sdmp
Source:	Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mskeyprotect.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: secur32.pdbR source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: ml.pdb? source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.247731524.0000000003595000.00000004.00000001.sdmp
Source:	Binary string: mskeyprotect.pdb=[ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: cryptnet.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: dnsapi.pdb2 source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: winnsi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ml.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: clr.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: .ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: cryptsp.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: CLBCatQ.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: urlmon.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: schannel.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: RFQ #46200058149.PDBTwB source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.247492157.00000000035A7000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: RFQ #46200058149.exe, 00000000.00000002.302123092.00000000059FC000.00000004.00000001.sdmp
Source:	Binary string: shcore.pdbn source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: jVisualBasic.pdb,+K source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: System.Xml.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: indows.Forms.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: mscoree.pdb source: WerFault.exe, 0000000B.00000003.259007833.00000000059A0000.00000004.00000040.sdmp
Source:	Binary string: crypt32.pdbF source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: WLDP.pdbD source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: iertutil.pdbZ source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: mscorsecimpl.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: imagehlp.pdbX source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: nsi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Configuration.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: webio.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: gpapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: msvcr120_clr0400.i386.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: System.Configuration.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\user\Desktop\RFQ #46200058149.PDB/ source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: iertutil.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: cryptsp.pdbL source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.pdb?W source: WerFault.exe, 0000000B.00000003.258734874.000000000581E000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: msasn1.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb_ source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.pdb source: RFQ #46200058149.exe, 00000000.00000002.301971445.0000000005960000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: comctl32v582.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: RFQ #46200058149.exe, 00000007.00000003.443708855.00000000064D5000.00000004.00000001.sdmp
Source:	Binary string: System.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258734874.000000000581E000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb( source: WerFault.exe, 0000000B.00000003.247025053.00000000035A1000.00000004.00000001.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDSO* source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: urlmon.pdbh source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: ncrypt.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: secur32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.259007833.00000000059A0000.00000004.00000040.sdmp
Source:	Binary string: rasapi32.pdb> source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: rasadhlp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ml.ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: schannel.pdb^ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdbT3#l source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdbRSDSD source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.pdb-3853321935-2125563209-4053062332-1002_Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler source: RFQ #46200058149.exe, 00000007.00000003.425042337.00000000064DB000.00000004.00000001.sdmp
Source:	Binary string: wmswsock.pdbl source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: Kernel.Appcore.pdb! source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: .pdb, source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: wUxTheme.pdbt source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: jLC:\Windows\Microsoft.VisualBasic.pdb source: RFQ #46200058149.exe, 00000000.00000002.293636749.00000000012F8000.00000004.00000010.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: dnsapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: fwpuclnt.pdb8 source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: rasapi32.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: diasymreader.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdbf source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: winhttp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: comctl32v582.pdb=R source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: winhttp.pdb* source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: imagehlp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: ntasn1.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb@ source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: rtutils.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 0000000B.00000003.247731524.0000000003595000.00000004.00000001.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: cabinet.pdb` source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: WLDP.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: clrjit.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: cabinet.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: rasman.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb0 source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: mscorlib.pdb853321935-2125563209-4053062332-1002_Classes\WOW6432Node\CLSID\{9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917}\InprocServer32 source: RFQ #46200058149.exe, 00000000.00000002.301971445.0000000005960000.00000004.00000001.sdmp
Source:	Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: ncryptsslp.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: nsi.pdb=[ source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wmswsock.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: version.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: onfiguration.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: wintrust.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: System.pdb source: WerFault.exe, 0000000B.00000003.258734874.000000000581E000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: ore.ni.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: ore.pdb source: WerFault.exe, 0000000B.00000003.258748661.0000000005803000.00000004.00000001.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: psapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Windows.Forms.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: fwpuclnt.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: cldapi.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000B.00000003.247492157.00000000035A7000.00000004.00000001.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: mscoreei.pdb source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Core.pdb source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: powrprof.pdbT source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: CLBCatQ.pdbz source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000000B.00000002.293261949.0000000005AE0000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.pdb8 source: WER5FCE.tmp.dmp.11.dr
Source:	Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.pdb8S source: WerFault.exe, 0000000B.00000003.258677475.0000000005801000.00000004.00000001.sdmp
Source:	Binary string: System.ni.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp, WER5FCE.tmp.dmp.11.dr
Source:	Binary string: crypt32.pdb source: WerFault.exe, 0000000B.00000003.258514359.00000000059A8000.00000004.00000040.sdmp
Source:	Binary string: edputil.pdb source: WerFault.exe, 0000000B.00000003.258477287.00000000059AE000.00000004.00000040.sdmp

Source: RFQ #46200058149.exe

Static PE information: 0xB5100D24 [Mon Apr 5 21:20:36 2066 UTC]

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

File opened: C:\Users\user\Desktop\RFQ #46200058149.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Window / User API: threadDelayed 5436	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Window / User API: threadDelayed 3942	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Window / User API: foregroundWindowGot 651	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Window / User API: foregroundWindowGot 762	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe TID: 2268	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe TID: 576	Thread sleep time: -8301034833169293s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: RFQ #46200058149.exe, 00000000.00000002.303465347.00000000061E0000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.292803664.0000000005570000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: RFQ #46200058149.exe, 00000000.00000003.239094814.000000000599C000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.288279848.00000000035AB000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: WerFault.exe, 0000000B.00000002.292789920.0000000005447000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW(
Source: RFQ #46200058149.exe, 00000000.00000002.303465347.00000000061E0000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.292803664.0000000005570000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: RFQ #46200058149.exe, 00000000.00000002.303465347.00000000061E0000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.292803664.0000000005570000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: RFQ #46200058149.exe, 00000000.00000003.239094814.000000000599C000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW8bQ
Source: RFQ #46200058149.exe, 00000000.00000002.303465347.00000000061E0000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.292803664.0000000005570000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Thread information set: HideFromDebugger	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Process created: C:\Users\user\Desktop\RFQ #46200058149.exe C:\Users\user\Desktop\RFQ #46200058149.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout 1	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Users\user\Desktop\RFQ #46200058149.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Users\user\Desktop\RFQ #46200058149.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\RFQ #46200058149.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: RFQ #46200058149.exe, 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RFQ #46200058149.exe, 00000007.00000003.249307167.0000000000DB1000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ #46200058149.exe PID: 5340, type: MEMORY
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.RFQ #46200058149.exe.505e448.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.RFQ #46200058149.exe.5091268.0.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Path Interception	Process Injection11	Masquerading1	OS Credential Dumping	Query Registry1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Disable or Modify Tools1	LSASS Memory	Security Software Discovery131	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Remote Access Software1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion141	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection11	NTDS	Virtualization/Sandbox Evasion141	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Hidden Files and Directories1	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol3	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Timestomp1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery12	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://reachplc.hub.loginradius.com"	0%	Avira URL Cloud	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://s2-prod.liverpool.com	0%	URL Reputation	safe
https://s2-prod.liverpool.com	0%	URL Reputation	safe
https://s2-prod.liverpool.com	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837	0%	URL Reputation	safe
https://i2-prod.liverpool.com	0%	URL Reputation	safe
https://i2-prod.liverpool.com	0%	URL Reputation	safe
https://i2-prod.liverpool.com	0%	URL Reputation	safe
https://felix.data.tm-awx.com/felix.min.js	0%	URL Reputation	safe
https://felix.data.tm-awx.com/felix.min.js	0%	URL Reputation	safe
https://felix.data.tm-awx.com/felix.min.js	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
myliverpoolnews.cf	172.67.150.212	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FE6EFB3AED9F05224C930BEF8BE1CC20.html	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://c.amazon-adsystem.com/aax2/apstag.js	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/premier-league	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RFQ #46200058149.exe, 00000000.00000002.296513368.0000000003291000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://reachplc.hub.loginradius.com"	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://s2-prod.liverpool.com	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://felix.data.tm-awx.com/felix.min.js	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/ozan-kabak	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://s2-prod.mirror.co.uk/	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-	RFQ #46200058149.exe, 00000000.00000002.296513368.0000000003291000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/champions-league	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/curtis-jones	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/steven-gerrard	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schema.org/NewsArticle	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/schedule/	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schema.org/BreadcrumbList	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://securepubads.g.doubleclick.net/tag/js/gpt.js	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://s2-prod.liverpool.com/	RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://felix.data.tm-awx.com/ampconfig.json"	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20	WerFault.exe, 0000000B.00000003.256378861.0000000005B20000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836	RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp, RFQ #46200058149.exe, 00000000.00000002.296661281.00000000032FE000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schema.org/ListItem	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/all-about/georginio-wijnaldum	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://myliverpoolnews.cf4	RFQ #46200058149.exe, 00000000.00000002.296563326.00000000032CF000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://mab.data.tm-awx.com/rhs"	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://felix.data.tm-awx.com	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/andrew-robertson	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://myliverpoolnews.cf	RFQ #46200058149.exe, 00000000.00000002.296513368.0000000003291000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.liverpool.com/all-about/transfers	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://reach-id.orbit.tm-awx.com/analytics.js.gz	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://github.com/ded/script.js	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-17164868	RFQ #46200058149.exe, 00000000.00000003.225747726.0000000004479000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.15.143.169	unknown	Latvia		35913	DEDIPATH-LLCUS	true
172.67.150.212	myliverpoolnews.cf	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	383193
Start date:	07.04.2021
Start time:	13:01:16
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	RFQ #46200058149.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.troj.evad.winEXE@9/11@2/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 76.9% (good quality ratio 52.3%) Quality average: 31.8% Quality standard deviation: 22%
HCA Information:	Successful, ratio: 100% Number of executed functions: 6 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 93.184.220.29, 20.50.102.62, 23.54.113.53, 23.0.174.200, 23.0.174.185, 95.100.54.203, 104.42.151.234, 104.43.193.48, 13.88.21.125, 23.10.249.26, 23.10.249.43, 20.54.26.129 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cs9.wac.phicdn.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:02:05	API Interceptor	1015x Sleep call for process: RFQ #46200058149.exe modified
13:02:36	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
172.67.150.212	Payment Slip E05060_47.doc	Get hash	malicious	Browse	myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-3764A540BD56887B40989BBA8472B701.html
	New Orders.exe	Get hash	malicious	Browse	myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-28D56F639751140E7A008217BE126C8D.html
	DHL_document11022020680908911.exe	Get hash	malicious	Browse	myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-531418C06045F41752298279414DE528.html
	BL8846545545363.exe	Get hash	malicious	Browse	myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B7B18D8B53846C51E3D2182818196100.html
	BL84995005038483.exe	Get hash	malicious	Browse	myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-994F3BB06F4A7FE8F60B83F74A076F10.html

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
myliverpoolnews.cf	Payment Slip E05060_47.doc	Get hash	malicious	Browse	104.21.56.119
	New Orders.exe	Get hash	malicious	Browse	172.67.150.212
	Download Report.06.05.2021.exe	Get hash	malicious	Browse	104.21.56.119
	BL836477488575.exe	Get hash	malicious	Browse	104.21.56.119
	DHL_document11022020680908911.exe	Get hash	malicious	Browse	172.67.150.212
	BL8846545545363.exe	Get hash	malicious	Browse	172.67.150.212
	VMtEguRH.exe	Get hash	malicious	Browse	104.21.56.119
	BL84995005038483.exe	Get hash	malicious	Browse	172.67.150.212

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DEDIPATH-LLCUS	LM_QUOTE757860PDF.exe	Get hash	malicious	Browse	45.15.143.178
	PO_4000010871_RFQ_PRS_1000024753_RM.exe	Get hash	malicious	Browse	213.59.118.134
	OBJEDNAT.scr.exe	Get hash	malicious	Browse	45.144.225.107
	QFSN0331PDF.exe	Get hash	malicious	Browse	45.144.225.66
	GBNv7C8xNt.exe	Get hash	malicious	Browse	45.144.225.167
	SWIFTCOPY_110255293303484_SANTANDER.doc	Get hash	malicious	Browse	45.144.225.167
	receiptpdf.exe	Get hash	malicious	Browse	74.201.28.50
	4FNTlzlu10.exe	Get hash	malicious	Browse	45.133.1.139
	7Q1bVVkIIL.exe	Get hash	malicious	Browse	45.133.1.139
	GMC77273992277382993PDF.exe	Get hash	malicious	Browse	45.133.1.59
	ajESKcIz8f.exe	Get hash	malicious	Browse	45.133.1.139
	7ua1kNyteq.exe	Get hash	malicious	Browse	45.144.225.66
	mHL0xKXQHT.exe	Get hash	malicious	Browse	74.201.28.35
	receiptpdf.exe	Get hash	malicious	Browse	74.201.28.35
	QGFG0322PDF.exe	Get hash	malicious	Browse	45.144.225.66
	h6uc8EaDQX.exe	Get hash	malicious	Browse	74.201.28.35
	9MyoOYNXKe.exe	Get hash	malicious	Browse	103.124.106.203
	iz8AtqlQeh.exe	Get hash	malicious	Browse	103.124.106.203
	dd7211d8c5d8b0e6290b9eb79787d64b73a91bde129cc.exe	Get hash	malicious	Browse	103.124.106.203
	862e41d1ddfa72722af62eb35aac11970ed21b6a7f01c.exe	Get hash	malicious	Browse	103.124.106.203
CLOUDFLARENETUS	Invoice,PDF.exe.exe	Get hash	malicious	Browse	172.67.188.154
	606d810b8ff92.pdf.dll	Get hash	malicious	Browse	104.20.185.68
	Lista e porosive te blerjes.exe	Get hash	malicious	Browse	162.159.134.233
	testfile_load.docm	Get hash	malicious	Browse	104.23.99.190
	testfile_load.docm	Get hash	malicious	Browse	104.23.99.190
	testfile_load.docm	Get hash	malicious	Browse	104.23.98.190
	syscshost.dll	Get hash	malicious	Browse	104.20.185.68
	invoice.exe	Get hash	malicious	Browse	172.67.160.234
	syscshost.dll	Get hash	malicious	Browse	104.20.184.68
	Payment Slip E05060_47.doc	Get hash	malicious	Browse	172.67.188.154
	New Orders.exe	Get hash	malicious	Browse	172.67.150.212
	Download Report.06.05.2021.exe	Get hash	malicious	Browse	104.21.56.119
	PROFORMA INVOICE.exe	Get hash	malicious	Browse	104.21.19.200
	payment.exe	Get hash	malicious	Browse	104.21.48.97
	BL836477488575.exe	Get hash	malicious	Browse	104.21.56.119
	RFQ_AP65425652_032421 v#U00e1#U00ba#U00a5n #U00c4#U2018#U00e1#U00bb ,pdf.exe	Get hash	malicious	Browse	172.65.227.72
	DHL_document11022020680908911.exe	Get hash	malicious	Browse	172.67.150.212
	DHL_document11022020680908911.doc.exe	Get hash	malicious	Browse	104.21.15.11
	Confirmation_(#1422) DEKRA order,pdf.exe	Get hash	malicious	Browse	104.21.19.200
	BL8846545545363.exe	Get hash	malicious	Browse	172.67.150.212

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Invoice,PDF.exe.exe	Get hash	malicious	Browse	172.67.150.212
	testfile_load.docm	Get hash	malicious	Browse	172.67.150.212
	New Orders.exe	Get hash	malicious	Browse	172.67.150.212
	Download Report.06.05.2021.exe	Get hash	malicious	Browse	172.67.150.212
	PROFORMA INVOICE.exe	Get hash	malicious	Browse	172.67.150.212
	BL836477488575.exe	Get hash	malicious	Browse	172.67.150.212
	DHL_document11022020680908911.exe	Get hash	malicious	Browse	172.67.150.212
	Confirmation_(#1422) DEKRA order,pdf.exe	Get hash	malicious	Browse	172.67.150.212
	BL8846545545363.exe	Get hash	malicious	Browse	172.67.150.212
	ATTACHED.exe	Get hash	malicious	Browse	172.67.150.212
	Urgent RFQ_AP65425652_040621,pdf.exe	Get hash	malicious	Browse	172.67.150.212
	OVERVIEW .pdf.exe	Get hash	malicious	Browse	172.67.150.212
	PURCHASE ORDER - XIFFA55.PDF.exe	Get hash	malicious	Browse	172.67.150.212
	doc20192910887888001990.exe	Get hash	malicious	Browse	172.67.150.212
	BL84995005038483.exe	Get hash	malicious	Browse	172.67.150.212
	ATTACHED.exe	Get hash	malicious	Browse	172.67.150.212
	ej 9999999.exe	Get hash	malicious	Browse	172.67.150.212
	DHL FINAL REMINDER PDF.exe	Get hash	malicious	Browse	172.67.150.212
	WSU0LJSL.exe	Get hash	malicious	Browse	172.67.150.212
	RFQ 100400806 SUPPLY.exe	Get hash	malicious	Browse	172.67.150.212

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_RFQ #46200058149_b4d3e1611dc98a70f1fcdf76f5b66818af29bc_427b5a83_156ea880\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	17670
Entropy (8bit):	3.7667567847033796
Encrypted:	false
SSDEEP:	192:EsusamHBUZMXiaKswHQ7V+N/u7sKS274ItEj:nusLBUZMXiafVq/u7sKX4ItEj
MD5:	5888DFCFA3A345C6C0ED4A4C0AE3669C
SHA1:	9AE3573BD8339DFCB3A0A4D80B83E1A4322B583B
SHA-256:	5AC91C9A6D9D61265AA99FB8ABDAA7E5A03519AE22E2281846A86B1DAEF0E972
SHA-512:	1F2FAB5B222A3042E060E51101468BDD0FAA0EB429A87D44A346AD901A15ECC10D6A64D19047D7A7658ECC4CBD15DF438ADBB2C26F94AE86968C6008D4FE91E0
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.2.2.9.9.3.3.7.9.6.1.2.1.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.2.2.9.9.3.4.6.9.6.1.2.0.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.7.7.d.2.4.8.2.-.c.6.b.e.-.4.2.f.f.-.a.f.b.4.-.f.7.d.5.5.8.4.4.7.6.6.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.d.6.6.5.7.b.4.-.9.3.f.7.-.4.a.3.d.-.9.0.4.0.-.c.4.8.d.6.9.8.a.e.2.2.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.F.Q. .#.4.6.2.0.0.0.5.8.1.4.9...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.d.c.-.0.0.0.1.-.0.0.1.6.-.1.4.9.0.-.2.d.e.1.e.8.2.b.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.0.f.9.2.6.1.f.e.0.9.3.f.0.9.6.7.f.4.0.3.5.d.3.c.4.e.d.3.d.a.f.0.0.0.0.0.0.0.0.!.0.0.0.0.a.7.c.7.9.e.e.a.a.a.f.b.2.3.e.8.e.4.0.4.5.7.c.d.5.d.4.4.c.6.1.1.4.8.c.d.1.f.5.f.!.R.F.Q. .#.4.6.2.0.0.0.5.8.1.4.9...

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FCE.tmp.dmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Wed Apr 7 20:02:21 2021, 0x1205a4 type
Category:	dropped
Size (bytes):	340719
Entropy (8bit):	3.5620041721378817
Encrypted:	false
SSDEEP:	3072:6HZoYCbg0Sjd+pMQb2jJy3ykjL9gIOgF5iH770E2UCgURsv46cSvg:65B0/pMQCjJyL9RpDu77aTjC4PS4
MD5:	69DDCB125A35756BE7455B158AC8DAF4
SHA1:	6600B884D4998A872C19A9769B0BD0CDB0DC64CB
SHA-256:	477F80FAED13F4DEC72F161D5EC9137D9B9180711A4263F60F3829E0B40106D9
SHA-512:	EDB6FE968D7448ED4FB8E46679B9FA0454E8B7DB4502B5830A550FECBAB0E46C44E2359F04A8B5D756713E82F2C96031EEE5D58F53023C01D07058D7C9752694
Malicious:	false
Reputation:	low
Preview:	MDMP....... .........n`...................U...........B......t2......GenuineIntelW...........T.............n`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7357.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8446
Entropy (8bit):	3.699510585522676
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiEB68W6YI+SUzWgmfZjS8CprS389bpGIsf0jm:RrlsNi6616YxSUzWgmfdS2opG7ft
MD5:	BAF97A62AF5099FE2DB41A84129D1031
SHA1:	6006C7931A377B8CEFE399C665BD77BCEC0A76DB
SHA-256:	7BC029A886D38196F155DD4139935F106538DFF03AE26962923E58BC9C0CC269
SHA-512:	29E433A564A995800226574893BF52051246A32FDD2BDB65D44D090761ED2B83707A35C7B45671230B0947BB47E4D66C3C73B16334DAF296890F760D2B45F029
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.4.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER758B.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4731
Entropy (8bit):	4.482281240674152
Encrypted:	false
SSDEEP:	48:cvIwSD8zstJgtWI9k6WSC8BP8fm8M4JIedFFxd2+q8vCdt82t0tFd:uITfHL7SNGJIePd2KCb82t0tFd
MD5:	1E1EC12AA951A86B2FA813C6E3F36375
SHA1:	1C0AD65B2C7E1E0FE56CDFE10D1D1FA09E575407
SHA-256:	6A4987CE144499CF985F971C29CCB1E12F8C7BB2F4DE3FBE050A727145DF8227
SHA-512:	E062A1BED8B9CEA071C707D1EB055CF13DE1E9534CDF66A66A0FD955CCC37BEF516CA84E6DA2421260FD25338E4C9B32697493CFF9D081553136D97142DCA500
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="936313" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	Microsoft Cabinet archive data, 58596 bytes, 1 file
Category:	dropped
Size (bytes):	58596
Entropy (8bit):	7.995478615012125
Encrypted:	true
SSDEEP:	1536:J7r25qSSheImS2zyCvg3nB/QPsBbgwYkGrLMQ:F2qSSwIm1m/QEBbgb1oQ
MD5:	61A03D15CF62612F50B74867090DBE79
SHA1:	15228F34067B4B107E917BEBAF17CC7C3C1280A8
SHA-256:	F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
SHA-512:	5FECE89CCBBF994E4F1E3EF89A502F25A72F359D445C034682758D26F01D9F3AA20A43010B9A87F2687DA7BA201476922AA46D4906D442D56EB59B2B881259D3
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF............,...................I........T........bR. .authroot.stl...s~.4..CK..8T....c_.d....A.K......&.-.J...."Y...$E.KB..D...D.....3.n..u.............\|..=H4..c&.......f.,..=..-....p2.:..`HX......b.......Di.a......M.....4.....i..}..:~N.<..>..V..CX......B......,.q.M.....HB..E~Q...)..Gax../..}7..f......O0...x..k..ha...y.K.0.h..(....{2Y.].g...yw..\|0.+?.`-../.xvy..e......w.+^...w\|.Q.k.9&.Q.EzS.f......>?w.G.......v.F......A......-P.$.Y...u....Z..g..>.0&.y.(..<.].`>... ..R.q...g.Y..s.y.B..B....Z.4.<?.R....1.8.<.=.8..[a.s.......add..).NtX....r....R.&W4.5]....k.._iK..xzW.w.M.>,5.}..}.tLX5Ls3_..).!..X.~...%.B.....YS9m.,.....BV`.Cee.....?......:.x-.q9j...Yps..W...1.A<.X.O....7.ei..a\.~=X....HN.#....h,....y...\.br.8.y"k).....~B..v....GR.g\|.z..+.D8.m..F .h............ItNs.\....s..,.f`D...]..k...:9..lk.<D....u...........[...*.wY.O....P?.U.l....Fc.ObLq......Fvk..G9.8..!..\T:K`.......'.3......;.u..h...uD..^.bS...r........j..j .=...s .FxV....g.c.s..9.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.1292511123011737
Encrypted:	false
SSDEEP:	6:kKPekO/kwTJ0N+SkQlPlEGYRMY9z+4KlDA3RUe0ht:nekO/kwTJrkPlE99SNxAhUe0ht
MD5:	566306A7B32BC696CCCB0443B513A4B5
SHA1:	769810CD8F1F25E0FAD2CF6221B42918FA6B1972
SHA-256:	06DFE7E16529D27A6405F5D9DBAC3B31AB779717365A0EFD53CA64C413191525
SHA-512:	34C0BED6B312B088C44E7DAF4CA80B0DBAF2162E4838536663F1DA5E944B21AB49D820F04CF26024D67CDFA8228BA7273CE592A4CA09A68455E6028CF1F4AE41
Malicious:	false
Reputation:	low
Preview:	p...... .............+..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...

C:\Users\user\AppData\Local\?????????????????????????\RFQ_#46200058149.exe_Url_ctkhc4ktipcqngjefh42yihypvjrfm5z\3.371.288.95\a3kbdic0.newcfg Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	modified
Size (bytes):	945388
Entropy (8bit):	3.114389457588161
Encrypted:	false
SSDEEP:	12288:67bFG6l5E7Vf8aHI8gbSzj4Dhnnp04aHLlw9FuU/y3gZWa1upW35rhlQTK38Fc1d:sPGp+Ho+g2ES
MD5:	1B71DDAEDCDCF1617179B1495973F5A7
SHA1:	AB9175FA1026C6A2464B34B7A920E5934280539E
SHA-256:	27839F3489FDCF1E603F4AF3997C1FE53C05F1E45E50119EBE14F090C53DD9A3
SHA-512:	C0C5B70CC395614F754C115F96ACF48DECA3773AE83EDC8A211D88BB8BD1D8D214F814777E643A43448AA071A92D3D72161D1938613CC43F44B2A756C86255FA
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name=".........................._x148A__x1484__x1475__x147F__x148A__x1487__x1483__x1469__x1462__x1455__x1454__x1453__x1456__x145F__x1461__x1469__x1484__x146B__x1453__x1462__x1488__x145D__x1456__x1487__x147A__x147C__x1457__x1460__x1480__x1462__x1466__x1479__x147C__x1453__x147A__x148B__x147B__x1467__x1481__x1475__x1474__x148B__x145A__x1489__x1459__x147D_" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <...................

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	data
Category:	dropped
Size (bytes):	1856
Entropy (8bit):	7.024371743172393
Encrypted:	false
SSDEEP:	48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrw8:flC0IlC0IlC0IlC0IlC0IlC0IlC0IlCr
MD5:	838CD9DBC78EA45A5406EAE23962086D
SHA1:	C8273AACDEE03AC0CDCDDBAA83F51D04D6A4203C
SHA-256:	6E11A62511C5BBC0413128305069B780C448684B54FAA3E8DD0B4FD3DB8C9867
SHA-512:	F7D25EF1FA6F50667DD6785CC774E0AA6BC52A2231FE96E7C59D14EFDFDDA076F6399288CF6EAC8EFA8A75727893432AA155DA0E392F8CD1F26C5C5871EAC6B5
Malicious:	false
Reputation:	low
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:EP:0
MD5:	AB92503DEE5748FC157D27383948CF90
SHA1:	0862273CB0A15EBF25A202CB5133CFD7AC3CA046
SHA-256:	BACCF15FA5F39978F57BB22FF66B9891401442DA29DD4E3B3E2C70E4B762F76C
SHA-512:	B58988E01FEF2E02B80268A13FC03086508BA297FD77B8BB592E7924812321B8982E0FF05D19C70B60A48B31A6DD11C7B7A935FD27F66610FBE690DBAF24E16C
Malicious:	true
Reputation:	low
Preview:	3.s....H

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	5.221928094887364
Encrypted:	false
SSDEEP:	3:9bzY6oRDMjmPl:RzWDMCd
MD5:	AE0F5E6CE7122AF264EC533C6B15A27B
SHA1:	1265A495C42EED76CC043D50C60C23297E76CCE1
SHA-256:	73B0B92179C61C26589B47E9732CE418B07EDEE3860EE5A2A5FB06F3B8AA9B26
SHA-512:	DD44C2D24D4E3A0F0B988AD3D04683B5CB128298043134649BBE33B2512CE0C9B1A8E7D893B9F66FBBCDD901E2B0646C4533FB6C0C8C4AFCB95A0EFB95D446F8
Malicious:	false
Preview:	9iH...}Z.4..f..... 8.j....\|.&X..e.F.*.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat Download File
Process:	C:\Users\user\Desktop\RFQ #46200058149.exe
File Type:	data
Category:	dropped
Size (bytes):	327432
Entropy (8bit):	7.99938831605763
Encrypted:	true
SSDEEP:	6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
MD5:	7E8F4A764B981D5B82D1CC49D341E9C6
SHA1:	D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
SHA-256:	0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
SHA-512:	880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
Malicious:	false
Preview:	pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...\|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.).....{B.[...y%...i.Q.<..xt.X..H.. ..HF7g...I.3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.\|i4...i...;O...n.?.,. ....v?.5}.OY@.dG\|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...\|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`\|.B....3.....I..o...u1..8i=.z.W..7

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.914857977057756
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.98% Win32 Executable (generic) a (10002005/4) 49.93% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	RFQ #46200058149.exe
File size:	55488
MD5:	67b96dc502b0c7a496092d7e6d1da6c5
SHA1:	a7c79eeaaafb23e8e40457cd5d44c61148cd1f5f
SHA256:	ef5cb0bfe2d23b7a13b685f43dc9a100dac402023e11dce7991173bde63b298e
SHA512:	56ea1e779902e8a51de0d20f5d4ea3a4d4e5a441e166668fadfbc25bd14715b388296f7d9d44b01499001d71612a73e858c0d0ad8d1fd473e3843169e8f60aab
SSDEEP:	768:b/LA9K0Ubu5O9ooy+bwEbcpo31EKGSBAmoSOh:bzIKS5uAmoS
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............."...0.............>.... ........@.. ....................... ......I7....@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x40d53e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0xB5100D24 [Mon Apr 5 21:20:36 2066 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	C=cJGypErFTYiIKZrVRPaZESbD, S=YzrefMybHjDaqHbkToqPfxOqnUOifyYQU, L=GrmKqYXcIpqu, T=lhjOxKoqQZNoFhwaegDYkMfihogoajYDuqQHU, E=TjleyVAYSBdZejEgZMvkyncOeuPXZHOXQXVxRYDxHdW, OU=NljTHpvqDvYN, O=vXrtPKPHdcshcP, CN=DgYLGpwPLUvEHXHFAFtskroWZlsMsMtPTwOYljdPOsBdPanwm
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	4/7/2021 3:24:46 AM 4/7/2022 3:24:46 AM
Subject Chain	C=cJGypErFTYiIKZrVRPaZESbD, S=YzrefMybHjDaqHbkToqPfxOqnUOifyYQU, L=GrmKqYXcIpqu, T=lhjOxKoqQZNoFhwaegDYkMfihogoajYDuqQHU, E=TjleyVAYSBdZejEgZMvkyncOeuPXZHOXQXVxRYDxHdW, OU=NljTHpvqDvYN, O=vXrtPKPHdcshcP, CN=DgYLGpwPLUvEHXHFAFtskroWZlsMsMtPTwOYljdPOsBdPanwm
Version:	3
Thumbprint MD5:	FB6C7A2D94E91E9FF30697013C5B69D5
Thumbprint SHA-1:	FE02D73BF104783555975688A868009D5570EB73
Thumbprint SHA-256:	BF63495CB82B667811FF374D33F61D640122D1FF75F5B9C359536F194FF72F44
Serial:	00F3D510D4C10F5E02E90D4C9AB74AC201

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd4f0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe000	0x81c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xc400	0x14c0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x10000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb544	0xb600	False	0.184495192308	data	5.49483421273	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xe000	0x81c	0xa00	False	0.30546875	data	5.05547520825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x10000	0xc	0x200	False	0.044921875	data	0.0815394123432	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xe0a0	0x590	data	English	United States
RT_MANIFEST	0xe630	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
LegalCopyright	All Rights Reserved
Assembly Version	1.628.632.750
InternalName	.exe
FileVersion	1.628.632.750
CompanyName	Inc.
LegalTrademarks
Comments
ProductName
ProductVersion	1.628.632.750
FileDescription
OriginalFilename	.exe
Translation	0x0000 0x0514

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/07/21-13:02:17.171046	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49700	5353	192.168.2.5	45.15.143.169
04/07/21-13:02:23.616130	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49701	5353	192.168.2.5	45.15.143.169
04/07/21-13:02:29.609043	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49708	5353	192.168.2.5	45.15.143.169
04/07/21-13:02:35.662373	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49711	5353	192.168.2.5	45.15.143.169
04/07/21-13:02:43.025136	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49717	5353	192.168.2.5	45.15.143.169
04/07/21-13:02:48.990683	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49721	5353	192.168.2.5	45.15.143.169
04/07/21-13:02:55.031007	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49724	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:01.040878	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49725	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:06.089379	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49727	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:12.226347	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49728	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:18.456156	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49731	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:25.504170	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49737	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:32.502954	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49738	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:38.477187	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49739	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:44.674403	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49740	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:51.574841	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49741	5353	192.168.2.5	45.15.143.169
04/07/21-13:03:57.560887	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49744	5353	192.168.2.5	45.15.143.169
04/07/21-13:04:03.546218	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49745	5353	192.168.2.5	45.15.143.169
04/07/21-13:04:08.527094	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49746	5353	192.168.2.5	45.15.143.169

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 7, 2021 13:02:06.561278105 CEST	49698	80	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.589848042 CEST	80	49698	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.590656042 CEST	49698	80	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.590687990 CEST	49698	80	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.620342016 CEST	80	49698	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.633188009 CEST	80	49698	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.661340952 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.677747965 CEST	49698	80	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.690354109 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.691577911 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.700535059 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.729173899 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.740087986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.740125895 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.740264893 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.748444080 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.777738094 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.778348923 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:06.822460890 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:06.852838993 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042640924 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042685986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042733908 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042764902 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042777061 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.042802095 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042823076 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.042829037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042866945 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042891979 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042902946 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.042927980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042954922 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.042977095 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.043055058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.043085098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.043118954 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.043158054 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.289462090 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.289509058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.289546967 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.289594889 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.289645910 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.289710999 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.289978981 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.290029049 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.290122032 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.290605068 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.290741920 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.290843010 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.291336060 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.291750908 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.291874886 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.291970015 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.292062998 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.292784929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.292829037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.292937994 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.292973995 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.293483019 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.293526888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.293617010 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.294059992 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.294224977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.294698954 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.294738054 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.294794083 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.294872046 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.295423985 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.295464039 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.295536041 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.296227932 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.296269894 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.296910048 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.296947956 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.296983004 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.297379971 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.297568083 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.297609091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.298372984 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.298384905 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.298559904 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.299046040 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.299089909 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.299161911 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.300101042 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.300188065 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.300283909 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.300322056 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.300405025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.301075935 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.301115036 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.301153898 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.301175117 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.318403959 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.318449974 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.318486929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.318526983 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.318571091 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.318598986 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.319514990 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.319587946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.319937944 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.319977045 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.320014000 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.320029974 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.320741892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.320784092 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.321480989 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.321522951 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.321588993 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.321611881 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.322124004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.322227955 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.322602034 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.322710991 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.322757006 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.322874069 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.323415041 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.323457003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.323554993 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.324112892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.324229002 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.324280977 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.324928045 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.324979067 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.325213909 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.325582027 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.325623035 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.326363087 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.326406002 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.326466084 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.326541901 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.327233076 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.327272892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.327339888 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.328094959 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.328135967 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.328195095 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.328284979 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.328330994 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.328380108 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.329435110 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.329476118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.329533100 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.329734087 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.329776049 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.329830885 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.330521107 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.330595016 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.331163883 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.331207037 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.331278086 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.331346035 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.332101107 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.332273006 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.332375050 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.332663059 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.332705021 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.332969904 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.333511114 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.333554029 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.333616018 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.333966017 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.334296942 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.334477901 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.347554922 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.347875118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.347923994 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.348104000 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.348562002 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.348608017 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.348647118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.348673105 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.349009991 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.349061012 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.349065065 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.349114895 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.349126101 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.350220919 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.350275993 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.350312948 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.350990057 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.351061106 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.351125956 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.351201057 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.351221085 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.352432966 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.352513075 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.352550983 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.352646112 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.353192091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.353255033 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.353322029 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.353431940 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.355106115 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.355220079 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.355278969 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.355292082 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.355334997 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.355406046 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.355518103 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.355557919 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.355596066 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.355624914 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.356965065 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.357007980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.357043982 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.357049942 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.357419014 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.357477903 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.357520103 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.357557058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.358153105 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.358402967 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.358444929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.358481884 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.358532906 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.358551025 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.359616041 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.359658003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.359740019 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.359761000 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.360904932 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.360951900 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.360987902 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.360999107 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.361044884 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.361468077 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.361500025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.361541033 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.361557007 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.362855911 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.362905025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.362947941 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.362993002 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.363006115 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.363038063 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.376746893 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.376787901 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.376826048 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.376844883 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.376863956 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.376908064 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.377703905 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.377744913 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.377780914 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.377795935 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.377813101 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.377895117 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.379762888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.379806995 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.379844904 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.379870892 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.379890919 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.379976988 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.380177021 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.380234957 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.380244017 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.380311012 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.380361080 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.380388021 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381005049 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381052971 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381067991 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.381089926 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381129026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381426096 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.381797075 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381839037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381876945 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381912947 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.381922960 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.381931067 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.381953001 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.382673025 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.382738113 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.382787943 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.382829905 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.382867098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.382911921 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.382921934 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.383632898 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.383676052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.383713007 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.383738995 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.383807898 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.383876085 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.384442091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.384485960 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.384532928 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.384567022 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.384576082 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.384644985 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.385445118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.385474920 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.385521889 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.385545969 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.385570049 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.385629892 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.386292934 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.386362076 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.386401892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.386439085 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.386441946 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.386486053 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.387032986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387100935 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387140036 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387160063 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.387201071 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387291908 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.387819052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387857914 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387921095 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.387989998 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.388036013 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.388058901 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.388678074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.388720989 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.388767958 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.388809919 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.388859987 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.388880968 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.389487982 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.389601946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.389626026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.389666080 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.389734983 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.389750004 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.390337944 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.390470028 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.390530109 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.390563965 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.390605927 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.390676975 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.391141891 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.391259909 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.391319036 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.391346931 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.391350031 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.391411066 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.391953945 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.391995907 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.392033100 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.392075062 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.392127991 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.392237902 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.405347109 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.405447006 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.405493975 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.405543089 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.405565977 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.405611038 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.406573057 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.406946898 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.407013893 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.407202005 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.407341957 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.407385111 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.407427073 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.408361912 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.408643961 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.409111977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409172058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409209967 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409277916 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409295082 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409317970 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409322977 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.409336090 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.409360886 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.409432888 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.410027981 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410062075 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410089970 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410130024 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410140038 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.410168886 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.410621881 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410662889 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410700083 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410717964 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.410744905 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410764933 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.410789013 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.410847902 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.412333965 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412589073 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412744045 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412786007 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412822962 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412837029 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.412849903 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.412861109 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412930012 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.412960052 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.412971973 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413000107 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413043976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413069963 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.413165092 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.413363934 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413429022 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413465977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413502932 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413541079 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.413558006 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.413578033 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.414213896 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.414268970 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.414308071 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.414310932 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.414362907 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.414382935 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.414510965 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.414920092 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.414956093 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.415115118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.415220022 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.415278912 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.415668011 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.415837049 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.415851116 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.415877104 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416052103 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.416146040 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416187048 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416224957 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416263103 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416271925 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.416301966 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416333914 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.416850090 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416887999 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416902065 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.416927099 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416965961 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.416982889 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.417006969 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.417098999 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.417485952 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.417510033 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.417541981 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.417582035 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.417613983 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.417618036 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.417650938 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.418215036 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.418246984 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.418286085 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.418302059 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.418322086 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.418359995 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.418378115 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.418400049 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419235945 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419275999 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419310093 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.419318914 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.419322968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419365883 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419404984 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419439077 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.419452906 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.419459105 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.420253992 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.420290947 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.420324087 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.420372963 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.420378923 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.420397997 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.420417070 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.420495033 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.421087980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421212912 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421256065 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421427011 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.421528101 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421653032 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421741962 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421777964 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421807051 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.421813011 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.421818972 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.422043085 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422080040 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422115088 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422132015 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.422138929 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.422209024 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422281027 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.422708988 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422748089 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422810078 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422892094 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422930002 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.422946930 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.422970057 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.423022985 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423105955 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.423548937 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423587084 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423620939 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423651934 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.423666000 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423729897 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423758984 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.423775911 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.423814058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424007893 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.424403906 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424443007 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424477100 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424525976 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.424541950 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.424632072 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424668074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424702883 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424736977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.424787998 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.424830914 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.425417900 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425529003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425568104 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425601006 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425651073 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.425659895 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425662041 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.425751925 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425838947 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.425919056 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.426326036 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.426419973 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.426470995 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.426531076 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.426567078 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.426599979 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.426650047 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.426670074 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.426776886 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.426812887 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427009106 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.427376986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427531004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427583933 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427608013 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427660942 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.427675962 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.427714109 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427757025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427808046 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427835941 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.427900076 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.427908897 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.427948952 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428416014 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428455114 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428581953 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.428599119 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428637981 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428672075 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428706884 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428728104 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.428740978 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.428755045 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.428838015 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.429471016 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429510117 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429553032 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429636002 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.429687023 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429722071 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429754019 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429769993 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.429833889 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.429852009 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.434272051 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.434396982 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.434489012 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.434619904 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.434648991 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.434700966 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.435566902 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.435655117 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.435723066 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.435789108 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.435863972 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.435967922 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.437191010 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.437201977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.437252045 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.437300920 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.437339067 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.437401056 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439388037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439461946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439546108 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439574003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439620018 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439642906 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.439657927 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439898968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439938068 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.439974070 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.440077066 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.440099001 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.440177917 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.440237045 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.440279961 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.440309048 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.440377951 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.440412998 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.440452099 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.441414118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441611052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441648960 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441704988 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441713095 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.441725969 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.441747904 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441787004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441822052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441883087 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.441905975 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.441957951 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.441993952 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442029953 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442089081 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442132950 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.442145109 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.442193031 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442231894 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442265987 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442325115 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.442831993 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442876101 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442914009 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442949057 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442981958 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.442984104 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.442992926 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.443017960 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443056107 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443110943 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.443124056 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.443696976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443736076 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443788052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443821907 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443850040 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.443882942 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.443913937 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443952084 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.443985939 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.444631100 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.444798946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.444835901 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445031881 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.445049047 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445102930 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.445408106 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445457935 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445492029 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445527077 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445554972 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445600986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445826054 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445842028 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.445862055 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445894957 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445930004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.445935011 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.445964098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446026087 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446058989 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446075916 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.446084976 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.446537018 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446605921 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.446670055 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446708918 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446751118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446789026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446822882 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.446856976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447402000 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.447444916 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447479963 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447514057 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447546005 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.447549105 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447588921 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447599888 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.447628975 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447663069 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447689056 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.447705984 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.447766066 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.448373079 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448481083 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448519945 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448554039 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448606968 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.448637009 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.448695898 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448733091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448767900 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448801994 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.448849916 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.448872089 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.449366093 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449424982 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449459076 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449493885 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449528933 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449561119 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449594975 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.449630022 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450211048 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.450225115 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450253963 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450304031 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450350046 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.450544119 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450572014 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450599909 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450628042 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450654030 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450654030 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.450664997 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.450701952 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450736046 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450767040 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.450790882 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.450803041 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.451478004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451509953 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451536894 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451558113 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.451565027 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451653957 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451683044 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451697111 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.451709986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451738119 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.451744080 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.451755047 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.452349901 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452384949 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452455997 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452486992 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452512980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452584982 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452615976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452652931 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.452713013 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.453541040 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453571081 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453598976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453625917 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453653097 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453680038 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453706980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.453733921 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454070091 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.454433918 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454467058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454493999 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454507113 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.454521894 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454549074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454576969 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454602957 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.454616070 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.454616070 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454659939 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.454737902 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.455310106 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455354929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455382109 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455416918 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455450058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455482006 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455503941 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455516100 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.455530882 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.455534935 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.455566883 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.456278086 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456322908 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456365108 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456393003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456427097 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456454039 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456480026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456507921 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.456690073 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.456708908 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.457070112 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457098007 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457127094 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457134962 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.457156897 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457217932 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.457269907 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457288980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457320929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457365990 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457375050 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.457418919 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.457438946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457518101 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.457890987 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.457921028 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458029032 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458055973 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458091021 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458121061 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458148003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458174944 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458201885 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458239079 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.458261013 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.458772898 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458803892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458870888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458900928 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458908081 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.458929062 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.458965063 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.458978891 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.459009886 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.459428072 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.459804058 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.492626905 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492675066 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492703915 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492757082 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492835999 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.492855072 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.492856026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492906094 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492943048 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.492974997 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.492995024 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493032932 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493081093 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493128061 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493135929 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493165016 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493205070 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493251085 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493288994 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493326902 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493357897 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493370056 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493402004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493433952 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493451118 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493483067 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493525982 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493549109 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493563890 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493647099 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493679047 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493719101 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493745089 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493812084 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493861914 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493870974 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.493889093 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493901968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493942976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.493992090 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494035959 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494045019 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494051933 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494076014 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494191885 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494239092 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494277954 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494298935 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494311094 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494354010 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494390965 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494438887 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494528055 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494539976 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494554996 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494594097 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494622946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494723082 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494761944 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494775057 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494782925 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494801044 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494901896 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.494909048 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494956970 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.494997978 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495065928 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495100975 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495114088 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495148897 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495191097 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495264053 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495285988 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495333910 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495387077 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495388985 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495419979 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495523930 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495573997 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495601892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495654106 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495672941 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495806932 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495845079 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495907068 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495954037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.495959044 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495970964 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.495992899 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496028900 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496032000 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496071100 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496109009 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496118069 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496159077 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496197939 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496212959 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496246099 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496293068 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496387959 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496428967 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496465921 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496474981 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496542931 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496596098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496603012 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496639013 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496675968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496707916 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496714115 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496738911 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496768951 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496783018 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496807098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496814966 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496855974 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496890068 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496927977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.496958971 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496968985 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.496969938 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497016907 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497065067 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497075081 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497123003 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497162104 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497200012 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497219086 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497237921 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497243881 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497276068 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497313976 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497348070 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497376919 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497452974 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497469902 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497529984 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497570038 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497585058 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497607946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497644901 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497664928 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497682095 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497729063 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497747898 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497770071 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497807026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497847080 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497852087 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497884035 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497909069 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.497921944 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497960091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.497963905 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498008013 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498059988 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498064041 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498121977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498176098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498218060 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498255968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498262882 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498269081 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498292923 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498331070 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498384953 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498430014 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498431921 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498444080 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498473883 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498512030 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498548985 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498579025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498594046 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498600960 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498615980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498816967 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498859882 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498898983 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498903990 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498912096 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.498929024 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498959064 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.498997927 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499036074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499042988 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499049902 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499073029 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499165058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499205112 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499243021 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499252081 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499264002 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499376059 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499433994 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499466896 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499636889 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499701023 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499784946 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499825001 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499830961 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499838114 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.499918938 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499944925 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499968052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.499993086 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500009060 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500016928 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500017881 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500081062 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500145912 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500195026 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500202894 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500262022 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500344038 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500386000 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500482082 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500509977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500533104 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500534058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500539064 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500632048 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500684977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500746965 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.500813007 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.500864029 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501038074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501065016 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501090050 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501115084 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501140118 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501152039 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501164913 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501168966 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501224041 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501230955 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501416922 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501466990 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501483917 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501544952 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501558065 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501573086 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501599073 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501625061 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501646996 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501713037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501738071 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501771927 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501780987 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501792908 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501818895 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501843929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501895905 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501907110 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.501982927 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.501991987 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502080917 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502163887 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502265930 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502289057 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.502301931 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502358913 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502466917 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.502485037 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502518892 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502546072 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502568960 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502688885 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502717018 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502741098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502777100 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502801895 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502826929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502851009 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502933025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502959967 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.502985001 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503007889 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503036976 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503051996 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503103018 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503151894 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503182888 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503242970 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503278017 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503304005 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503333092 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503355980 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503583908 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503611088 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503635883 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503658056 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503667116 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503710985 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503717899 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503726006 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503729105 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503755093 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503758907 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503779888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503804922 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503829002 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503843069 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503849030 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503853083 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503906012 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503926039 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.503952026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.503977060 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504012108 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504084110 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504108906 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504127979 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504132986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504158020 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504183054 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504225016 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504226923 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504240990 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504336119 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504373074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504384995 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504400015 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504439116 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504520893 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504549026 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504565954 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504575014 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504575968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504620075 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504645109 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504681110 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504702091 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504734039 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504765034 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504791975 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504817009 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.504854918 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504864931 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.504904985 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505002022 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505029917 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505146980 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505175114 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505187988 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.505198956 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.505202055 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505261898 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505359888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505402088 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505426884 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.505429029 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505439043 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.505460024 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505506039 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505685091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505753040 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505844116 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505871058 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505894899 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505955935 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.505980968 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506006956 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506130934 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.506160975 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.506511927 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506542921 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506570101 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506795883 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506823063 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506845951 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.506849051 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506864071 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.506912947 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.506939888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507205009 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507229090 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507282019 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507396936 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507424116 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507452011 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507455111 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507478952 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507488012 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507502079 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507503986 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507535934 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507559061 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507611990 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507666111 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507733107 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507802963 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507839918 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507869959 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507878065 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507921934 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507941961 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.507952929 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507977962 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.507997036 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.508003950 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508053064 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.508121014 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508147001 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508171082 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508193016 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.508198977 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508243084 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.508285046 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508312941 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508347988 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508492947 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508518934 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508625984 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508651972 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508675098 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508703947 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508739948 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508831978 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508918047 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508943081 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.508999109 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.509004116 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509011030 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.509057999 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.509066105 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509116888 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509207964 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509221077 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.509273052 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509304047 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509426117 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.509459972 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509490013 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509531021 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.509550095 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509701014 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509747028 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509773016 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509799004 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509922028 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509979963 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.509999990 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.510046959 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.510191917 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.510238886 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.510286093 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.510298967 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523006916 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523025990 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523101091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523122072 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523143053 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523173094 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523197889 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523255110 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523276091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523334980 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523353100 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523375034 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523396015 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523438931 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523457050 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523483038 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523504019 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523547888 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523588896 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523684025 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523736000 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523755074 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523776054 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523808002 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523816109 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523835897 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523873091 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523888111 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523901939 CEST	443	49699	172.67.150.212	192.168.2.5
Apr 7, 2021 13:02:07.523935080 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.523950100 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:07.568643093 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:16.990803003 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.095808029 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.096021891 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.171046019 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.291538954 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.300849915 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.404030085 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.404416084 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.550291061 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.550539970 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.706823111 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.758796930 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.758861065 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.758899927 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.758938074 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.758965015 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.758977890 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.759011984 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.759020090 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.759068966 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.759115934 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.759118080 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.759176970 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.759217978 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.759260893 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.759394884 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.863727093 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.863789082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.863828897 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.863877058 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.863920927 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.863920927 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.863960028 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.863972902 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864000082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864038944 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864052057 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864075899 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864115000 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864151001 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864151955 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864162922 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864204884 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864253998 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864291906 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864306927 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864335060 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864351034 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864376068 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864413023 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864451885 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864454031 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864491940 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864509106 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.864542007 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.864639997 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968058109 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968113899 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968153000 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968193054 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968230963 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968271017 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968285084 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968308926 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968322992 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968347073 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968373060 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968394995 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968400002 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968444109 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968482018 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968522072 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968538046 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968560934 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968596935 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968622923 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968635082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968667030 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968673944 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968720913 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.968722105 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968765974 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968802929 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968841076 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968882084 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968920946 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968960047 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.968997955 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969046116 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969055891 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.969090939 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969130039 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969168901 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969208002 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969248056 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969286919 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969325066 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969373941 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969399929 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.969455957 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969496012 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969536066 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969573975 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969583035 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.969602108 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.969615936 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969664097 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969680071 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.969707966 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:17.969742060 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:17.969809055 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074424028 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074484110 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074521065 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074558973 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074599028 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074619055 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074647903 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074655056 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074692965 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074724913 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074733019 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074773073 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074810982 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074815989 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074850082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074887991 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074891090 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074928045 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.074949980 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.074981928 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075025082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075062990 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075102091 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075113058 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075140953 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075143099 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075182915 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075222015 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075263977 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075272083 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075294971 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075325966 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075335026 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075339079 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075371981 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075411081 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075428009 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075448036 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075495958 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075537920 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075573921 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075575113 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075599909 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075615883 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075654984 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075691938 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075707912 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075730085 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075746059 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075769901 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075817108 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075819969 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075860023 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075897932 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075934887 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075952053 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.075973034 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.075990915 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.076010942 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076049089 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076086044 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076100111 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.076134920 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076179028 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076198101 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.076219082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076261997 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076287031 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.076299906 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076339006 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.076383114 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.076406956 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.178914070 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.178965092 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179013968 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179055929 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179094076 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179126024 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179187059 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179374933 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179414988 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179442883 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179451942 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179491043 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179508924 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179528952 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179567099 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179582119 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179605007 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179652929 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179656982 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179699898 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179738045 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179752111 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179776907 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179815054 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179841995 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179852009 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179891109 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179928064 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179930925 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.179975986 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.179977894 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180018902 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180058956 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180098057 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180104017 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180136919 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180154085 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180172920 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180211067 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180244923 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180248022 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180296898 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180337906 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180376053 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180382967 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180413961 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180423975 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180454969 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180497885 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180526972 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180536032 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180552959 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180576086 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180623055 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180665016 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180696011 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180701971 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180712938 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180741072 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180778980 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180814981 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180839062 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180851936 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180866003 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.180891037 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180937052 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180979013 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.180993080 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.181015968 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.181054115 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.181075096 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.181117058 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.281316996 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.281379938 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.281449080 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.281486034 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.281723976 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.281826019 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.283410072 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283451080 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283498049 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283540010 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283572912 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.283576012 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283615112 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283653021 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283673048 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.283689976 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283727884 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283766031 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283776045 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.283813953 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283835888 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.283858061 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283895016 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283932924 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.283961058 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.283970118 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284008026 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284044981 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284051895 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284084082 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284109116 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284132004 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284173965 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284195900 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284209967 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284249067 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284287930 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284306049 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284326077 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284363985 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284383059 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284401894 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284466028 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284471035 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284507036 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284509897 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284548998 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284585953 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284586906 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284629107 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284665108 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284703016 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284706116 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284740925 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284780025 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284790039 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284831047 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284833908 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284873962 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284912109 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284950018 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.284955025 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.284989119 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.285027981 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.285039902 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.285068035 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.285104990 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.285115957 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.285159111 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.285161972 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.285257101 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.304543972 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.384789944 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.384848118 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.384888887 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.384887934 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.384927034 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.384931087 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.384933949 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.384993076 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.387732029 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.387784958 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.387823105 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.387825966 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.387835979 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.387860060 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.387866974 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.387916088 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.387943983 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.387976885 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388020992 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388072968 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388082027 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388123035 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388127089 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388163090 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388179064 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388201952 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388217926 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388242006 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388262033 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388282061 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388322115 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388330936 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388334990 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388375044 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388380051 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388415098 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388426065 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388457060 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388472080 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388497114 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388504028 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388535023 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388541937 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388573885 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388581038 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388612986 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388628960 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388663054 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388673067 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388706923 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388711929 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388746023 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388782978 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388787031 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388797045 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388823032 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388832092 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388861895 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388870955 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388900995 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388915062 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388940096 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388947010 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.388988018 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.388988972 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389030933 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389054060 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389071941 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389080048 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389111996 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389127016 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389151096 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389157057 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389188051 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389206886 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389223099 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389228106 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389267921 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389277935 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389318943 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389324903 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389362097 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389367104 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389420986 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389436960 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389475107 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389493942 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389514923 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389532089 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389554977 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389564991 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389592886 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389607906 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389631987 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.389647961 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.389679909 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.456628084 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487354994 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487417936 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487458944 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487487078 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.487497091 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487545967 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487555027 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:18.487591028 CEST	5353	49700	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:18.487693071 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:19.368542910 CEST	49700	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:23.400998116 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:23.502110958 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:23.502217054 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:23.616130114 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:23.744108915 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:23.744342089 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:23.845192909 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:23.846427917 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:24.003036022 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.326766968 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.413602114 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:24.428397894 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:24.515439987 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.515522003 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:24.581192970 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.581293106 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:24.659569979 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.688350916 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.780924082 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:24.884427071 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:24.888735056 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:25.034162998 CEST	5353	49701	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:25.490706921 CEST	49701	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:29.493935108 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:29.596291065 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:29.596375942 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:29.609042883 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:29.738436937 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:29.739072084 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:29.841156006 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:29.842618942 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:29.987338066 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:30.313029051 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:30.314003944 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:30.417936087 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:30.418045998 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:30.565579891 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:30.565680981 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:30.667910099 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:30.668018103 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:30.772161961 CEST	5353	49708	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:30.820470095 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:31.546293020 CEST	49708	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:35.556504965 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:35.661708117 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:35.661840916 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:35.662373066 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:35.784663916 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:35.784946918 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:35.891844988 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:35.893022060 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:36.050046921 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:36.343141079 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:36.344119072 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:36.450927973 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:36.451953888 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:36.556968927 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:36.557185888 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:36.661813021 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:36.664911985 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:36.815572977 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:36.815668106 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:36.971836090 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:37.762968063 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:37.927153111 CEST	5353	49711	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:38.833312035 CEST	49711	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:42.917649031 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:43.022366047 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:43.024485111 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:43.025135994 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:43.144865990 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:43.145172119 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:43.250533104 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:43.270996094 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:43.421515942 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:43.744632006 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:43.749651909 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:43.854326963 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:43.854856014 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:44.012794018 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:44.015790939 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:44.120752096 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:44.121005058 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:44.227929115 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:44.462376118 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:44.528798103 CEST	5353	49717	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:44.528892994 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:44.859344006 CEST	49717	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:46.270478010 CEST	49699	443	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:46.271756887 CEST	49698	80	192.168.2.5	172.67.150.212
Apr 7, 2021 13:02:48.885694981 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:48.988002062 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:48.988135099 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:48.990683079 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:49.108884096 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:49.109323025 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:49.211985111 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:49.213612080 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:49.356931925 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:49.680537939 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:49.689796925 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:49.793973923 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:49.806606054 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:49.909401894 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:49.910778999 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:50.013938904 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:50.088488102 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:50.231903076 CEST	5353	49721	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:50.869596004 CEST	49721	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:54.927170038 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:55.029551029 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:55.030399084 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:55.031007051 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:55.160240889 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:55.174357891 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:55.276367903 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:55.277565002 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:55.435714960 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:55.789082050 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:55.790469885 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:55.892061949 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:55.893398046 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:56.044473886 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:56.044595957 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:56.147727966 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:56.197561979 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:56.300564051 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:56.353837013 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:56.741240025 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:02:56.888204098 CEST	5353	49724	45.15.143.169	192.168.2.5
Apr 7, 2021 13:02:56.907156944 CEST	49724	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:00.933887005 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:01.040045023 CEST	5353	49725	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:01.040170908 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:01.040878057 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:01.155457973 CEST	5353	49725	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:01.198143959 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:01.303546906 CEST	5353	49725	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:01.304008007 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:01.411664963 CEST	5353	49725	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:01.422594070 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:01.573873043 CEST	5353	49725	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:01.964395046 CEST	49725	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:05.981918097 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:06.087971926 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:06.088203907 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:06.089379072 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:06.233849049 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:06.234352112 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:06.339514971 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:06.351125956 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:06.502046108 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:06.981204987 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:06.983223915 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:07.142966986 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:07.143065929 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:07.299026012 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:07.371900082 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:07.417191029 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:07.599638939 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:07.638581038 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:07.743098021 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:07.744847059 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:07.852493048 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:07.852670908 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:07.959383965 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:08.010996103 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:08.116406918 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:08.117564917 CEST	5353	49727	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:08.121406078 CEST	49727	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.122178078 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.225378990 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:12.225565910 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.226346970 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.351830006 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:12.352016926 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.502234936 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:12.502425909 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.604937077 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:12.606890917 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:12.752106905 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:13.137094975 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:13.147610903 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:13.249573946 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:13.249768019 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:13.393112898 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:13.393205881 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:13.497661114 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:13.542777061 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:13.644519091 CEST	5353	49728	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:13.699167967 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:14.246512890 CEST	49728	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:18.352344990 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:18.453984976 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:18.455549002 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:18.456156015 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:18.578246117 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:18.615164042 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:18.716912031 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:18.718060970 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:18.864274025 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:19.247070074 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:19.394809008 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:19.675060034 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:19.675955057 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:19.777676105 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:19.778928995 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:19.880896091 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:19.881016016 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:19.982914925 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:20.027606010 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:20.080059052 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:20.223047018 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:20.246949911 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:20.395072937 CEST	5353	49731	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:21.366607904 CEST	49731	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:25.397923946 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:25.502978086 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:25.504142046 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:25.504169941 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:25.640398026 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:25.640841961 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:25.746691942 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:25.748544931 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:25.910778046 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:26.201029062 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:26.203372002 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:26.311285973 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:26.316137075 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:26.421853065 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:26.422045946 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:26.528237104 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:26.574996948 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:26.742928982 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:26.895001888 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:27.367259979 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:27.519866943 CEST	5353	49737	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:28.352888107 CEST	49737	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:32.394028902 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:32.502083063 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:32.502351046 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:32.502954006 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:32.628967047 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:32.633922100 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:32.739727974 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:32.742299080 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:32.894650936 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:33.294624090 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:33.321336985 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:33.428133965 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:33.428273916 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:33.582340956 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:33.582513094 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:33.687752008 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:33.731961966 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:33.838718891 CEST	5353	49738	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:33.888216972 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:34.358041048 CEST	49738	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:38.375000954 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:38.476572037 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:38.477138996 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:38.477186918 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:38.597738981 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:38.625252008 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:38.727454901 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:38.728737116 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:38.874439955 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:39.366885900 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:39.369671106 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:39.471534967 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:39.473453999 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:39.624213934 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:39.624492884 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:39.726375103 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:39.779299974 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:39.880805016 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:39.935595036 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:40.453944921 CEST	5353	49739	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:40.498034954 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:40.546906948 CEST	49739	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:44.566028118 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:44.673108101 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:44.673258066 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:44.674402952 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:44.799243927 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:44.801178932 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:44.906915903 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:44.909940958 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:45.064378023 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:45.385941029 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:45.392600060 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:45.501147032 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:45.501336098 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:45.670861959 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:45.671008110 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:45.777024984 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:45.826770067 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:45.932792902 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:45.982974052 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:46.438503981 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:46.592729092 CEST	5353	49740	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:47.405527115 CEST	49740	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:51.456660986 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:51.557706118 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:51.557817936 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:51.574841022 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:51.691229105 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:51.695509911 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:51.797311068 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:51.799524069 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:51.952147007 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.278364897 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.279230118 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:52.380052090 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.420972109 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:52.469734907 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:52.626136065 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.658222914 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.702239037 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:52.744278908 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:52.803200006 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.858458996 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:52.889914036 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:52.890000105 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:53.202478886 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:53.303662062 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:53.358489990 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:53.421689034 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:53.459562063 CEST	5353	49741	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:53.459660053 CEST	49741	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:57.438944101 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:57.540016890 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:57.540122986 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:57.560887098 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:57.681318998 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:57.681871891 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:57.783723116 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:57.785901070 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:57.934006929 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:58.258980989 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:58.268872023 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:58.369982004 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:58.372158051 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:58.474912882 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:58.475039959 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:58.577547073 CEST	5353	49744	45.15.143.169	192.168.2.5
Apr 7, 2021 13:03:58.624538898 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:03:59.422796011 CEST	49744	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:03.440033913 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:03.544686079 CEST	5353	49745	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:03.544888020 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:03.546217918 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:03.655462027 CEST	5353	49745	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:03.703243971 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:03.807846069 CEST	5353	49745	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:03.808243036 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:03.913223028 CEST	5353	49745	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:03.914732933 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:04.070343971 CEST	5353	49745	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:04.406783104 CEST	49745	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:08.423840046 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:08.525830030 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:08.526011944 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:08.527093887 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:08.650441885 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:08.650873899 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:08.754673004 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:08.757138968 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:08.913726091 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:09.407886028 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:09.519143105 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:09.524611950 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:09.625861883 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:09.627310038 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:09.728780031 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:09.728892088 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:09.831440926 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:09.875483990 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:12.915322065 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:12.969531059 CEST	49746	5353	192.168.2.5	45.15.143.169
Apr 7, 2021 13:04:13.635641098 CEST	5353	49746	45.15.143.169	192.168.2.5
Apr 7, 2021 13:04:13.698451996 CEST	49746	5353	192.168.2.5	45.15.143.169

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 7, 2021 13:01:57.666064024 CEST	54302	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:01:57.699048042 CEST	53	54302	8.8.8.8	192.168.2.5
Apr 7, 2021 13:01:57.835232973 CEST	53784	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:01:57.848604918 CEST	53	53784	8.8.8.8	192.168.2.5
Apr 7, 2021 13:01:57.870088100 CEST	65307	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:01:57.884546041 CEST	53	65307	8.8.8.8	192.168.2.5
Apr 7, 2021 13:01:58.216387033 CEST	64344	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:01:58.242887020 CEST	53	64344	8.8.8.8	192.168.2.5
Apr 7, 2021 13:01:59.915389061 CEST	62060	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:01:59.940996885 CEST	53	62060	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:05.765697002 CEST	61805	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:05.786441088 CEST	53	61805	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:06.521837950 CEST	54795	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:06.542304039 CEST	53	54795	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:06.642534018 CEST	49557	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:06.657759905 CEST	53	49557	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:26.104932070 CEST	61733	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:26.152183056 CEST	53	61733	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:28.068749905 CEST	65447	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:28.084856033 CEST	53	65447	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:28.419487953 CEST	52441	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:28.432147980 CEST	53	52441	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:29.162633896 CEST	62176	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:29.175187111 CEST	53	62176	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:30.679785013 CEST	59596	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:30.694525003 CEST	53	59596	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:33.519079924 CEST	65296	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:33.531760931 CEST	53	65296	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:35.690540075 CEST	63183	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:35.703210115 CEST	53	63183	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:39.809226036 CEST	60151	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:39.821969032 CEST	53	60151	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:40.813354015 CEST	56969	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:40.828380108 CEST	53	56969	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:41.733205080 CEST	55161	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:41.749515057 CEST	53	55161	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:43.816843033 CEST	54757	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:43.830353975 CEST	53	54757	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:44.786832094 CEST	49992	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:44.800668955 CEST	53	49992	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:46.068089962 CEST	60075	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:46.080852032 CEST	53	60075	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:51.182168007 CEST	55016	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:51.195074081 CEST	53	55016	8.8.8.8	192.168.2.5
Apr 7, 2021 13:02:52.309345961 CEST	64345	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:02:52.327894926 CEST	53	64345	8.8.8.8	192.168.2.5
Apr 7, 2021 13:03:05.314524889 CEST	57128	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:03:05.340697050 CEST	53	57128	8.8.8.8	192.168.2.5
Apr 7, 2021 13:03:18.004636049 CEST	54791	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:03:18.020281076 CEST	53	54791	8.8.8.8	192.168.2.5
Apr 7, 2021 13:03:21.618623972 CEST	50463	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:03:21.638210058 CEST	53	50463	8.8.8.8	192.168.2.5
Apr 7, 2021 13:03:52.518874884 CEST	50394	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:03:52.534435987 CEST	53	50394	8.8.8.8	192.168.2.5
Apr 7, 2021 13:03:54.824187994 CEST	58530	53	192.168.2.5	8.8.8.8
Apr 7, 2021 13:03:54.850320101 CEST	53	58530	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 7, 2021 13:02:06.521837950 CEST	192.168.2.5	8.8.8.8	0xa57f	Standard query (0)	myliverpoolnews.cf	A (IP address)	IN (0x0001)
Apr 7, 2021 13:02:06.642534018 CEST	192.168.2.5	8.8.8.8	0xc83b	Standard query (0)	myliverpoolnews.cf	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Apr 7, 2021 13:02:06.542304039 CEST	8.8.8.8	192.168.2.5	0xa57f	No error (0)	myliverpoolnews.cf	172.67.150.212	A (IP address)	IN (0x0001)
Apr 7, 2021 13:02:06.542304039 CEST	8.8.8.8	192.168.2.5	0xa57f	No error (0)	myliverpoolnews.cf	104.21.56.119	A (IP address)	IN (0x0001)
Apr 7, 2021 13:02:06.657759905 CEST	8.8.8.8	192.168.2.5	0xc83b	No error (0)	myliverpoolnews.cf	172.67.150.212	A (IP address)	IN (0x0001)
Apr 7, 2021 13:02:06.657759905 CEST	8.8.8.8	192.168.2.5	0xc83b	No error (0)	myliverpoolnews.cf	104.21.56.119	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

myliverpoolnews.cf

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49698	172.67.150.212	80	C:\Users\user\Desktop\RFQ #46200058149.exe

Timestamp	kBytes transferred	Direction	Data
Apr 7, 2021 13:02:06.590687990 CEST	1340	OUT	GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FE6EFB3AED9F05224C930BEF8BE1CC20.html HTTP/1.1 UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41 Host: myliverpoolnews.cf Connection: Keep-Alive
Apr 7, 2021 13:02:06.633188009 CEST	1341	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 07 Apr 2021 11:02:06 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Wed, 07 Apr 2021 12:02:06 GMT Location: https://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-FE6EFB3AED9F05224C930BEF8BE1CC20.html cf-request-id: 094d9836110000b7c914187000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m9eQ%2Bca61StvdHz7yPlbWFTXI1pBp7YQkrNE7je%2FSSf0koz4kSPtrJdseqt2bsqSTUwhZmkNnO%2BGEff%2B6O21ufwbrUCHlDUCH5a17fhuqKxyOIQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"max_age":604800,"report_to":"cf-nel"} Server: cloudflare CF-RAY: 63c2c3034ea8b7c9-CDG alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 7, 2021 13:02:06.740125895 CEST	172.67.150.212	443	192.168.2.5	49699	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Mar 31 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Thu Mar 31 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0	54328bd36c14bd82ddaa0c04b25ed9ad
Apr 7, 2021 13:02:06.740125895 CEST	172.67.150.212	443	192.168.2.5	49699	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		54328bd36c14bd82ddaa0c04b25ed9ad

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: RFQ #46200058149.exe PID: 5340 Parent PID: 5632

General

Start time:	13:02:04
Start date:	07/04/2021
Path:	C:\Users\user\Desktop\RFQ #46200058149.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\RFQ #46200058149.exe'
Imagebase:	0xea0000
File size:	55488 bytes
MD5 hash:	67B96DC502B0C7A496092D7E6D1DA6C5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.301376960.000000000505E000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000003.240375757.000000000507F000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 5912 Parent PID: 5340

General

Start time:	13:02:10
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\cmd.exe' /c timeout 1
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5964 Parent PID: 5912

General

Start time:	13:02:10
Start date:	07/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 5504 Parent PID: 5912

General

Start time:	13:02:11
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout 1
Imagebase:	0x160000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: RFQ #46200058149.exe PID: 5972 Parent PID: 5340

General

Start time:	13:02:12
Start date:	07/04/2021
Path:	C:\Users\user\Desktop\RFQ #46200058149.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\RFQ #46200058149.exe
Imagebase:	0x640000
File size:	55488 bytes
MD5 hash:	67B96DC502B0C7A496092D7E6D1DA6C5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: WerFault.exe PID: 5416 Parent PID: 5340

General

Start time:	13:02:15
Start date:	07/04/2021
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 2672
Imagebase:	0xf10000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: RFQ #46200058149.exe PID: 5340 Parent PID: 5632 RFQ #46200058149.exeCOMMON

Executed Functions

Function 089806E8, Relevance: 3.2, APIs: 2, Instructions: 196COMMON

Download Yara Rule

APIs

SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 089806A6
KiUserExceptionDispatcher.NTDLL ref: 08980751

Memory Dump Source

Source File: 00000000.00000002.306585817.0000000008980000.00000040.00000001.sdmp, Offset: 08980000, based on PE: false

Similarity

API ID: DispatcherExceptionKernelObjectSecurityUser
String ID:
API String ID: 2691534626-0
Opcode ID: e55a2d86b77d3ceb1493fb0f512b6791e3a107f87506a1fa9832764e8f5d4123
Instruction ID: 78cbd89075071d459b4fa479efb4408ac07f30b1aeafb5c8d819f1169e9c6140
Opcode Fuzzy Hash: e55a2d86b77d3ceb1493fb0f512b6791e3a107f87506a1fa9832764e8f5d4123
Instruction Fuzzy Hash: FA814BB0E0064ACFDB14EFA9D589BDDBBB1FF84319F148119D015AB381C739A84ACB64

Uniqueness

Uniqueness Score: -1.00%

Function 089806F8, Relevance: 1.7, APIs: 1, Instructions: 230COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 08980751

Memory Dump Source

Source File: 00000000.00000002.306585817.0000000008980000.00000040.00000001.sdmp, Offset: 08980000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 35d9bcae6c18f4e5e9c8092e8e2cd093f341ce8f2d0b8f7100d00d0f65a9b397
Instruction ID: 691f7a44e9ba1e530af83a75b1ae64a74150da9b570eaa1d1413a6e67c91d433
Opcode Fuzzy Hash: 35d9bcae6c18f4e5e9c8092e8e2cd093f341ce8f2d0b8f7100d00d0f65a9b397
Instruction Fuzzy Hash: 00A129B0E0050ACFDB18EFA9D499BDCBBB1BF84359F588019D005AB390D739D889CB64

Uniqueness

Uniqueness Score: -1.00%

Function 08980428, Relevance: 1.7, APIs: 1, Instructions: 183COMMON

Download Yara Rule

APIs

SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 089806A6

Memory Dump Source

Source File: 00000000.00000002.306585817.0000000008980000.00000040.00000001.sdmp, Offset: 08980000, based on PE: false

Similarity

API ID: KernelObjectSecurity
String ID:
API String ID: 3015937269-0
Opcode ID: c1e49b92602019449adfd56d7c9db51ee0017e12443c8b5937d0253d9018d2e3
Instruction ID: 609075ad88701930619d24a84fadb1b285a8040a5206edfb821390235645bbcd
Opcode Fuzzy Hash: c1e49b92602019449adfd56d7c9db51ee0017e12443c8b5937d0253d9018d2e3
Instruction Fuzzy Hash: A361AD71D0160ADFCB04EFA9D8846DEBBB1EF86324F018529E515AB790DB349849CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 08980546, Relevance: 1.7, APIs: 1, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.306585817.0000000008980000.00000040.00000001.sdmp, Offset: 08980000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847ec9e7f7124cbe194fc53697c3063f0a2a9c8887694f9e1c97f536d393fe25
Instruction ID: afb81a126801cfbd056972c746abfc0a15ec699c7ed1395cc34b039a95701f8c
Opcode Fuzzy Hash: 847ec9e7f7124cbe194fc53697c3063f0a2a9c8887694f9e1c97f536d393fe25
Instruction Fuzzy Hash: 07619D71D0160ACFCB04EFA9D8846DEBBB1FF89325F048569E419AB790D7349849CF61

Uniqueness

Uniqueness Score: -1.00%

Function 08980621, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 089806A6

Memory Dump Source

Source File: 00000000.00000002.306585817.0000000008980000.00000040.00000001.sdmp, Offset: 08980000, based on PE: false

Similarity

API ID: KernelObjectSecurity
String ID:
API String ID: 3015937269-0
Opcode ID: 82b50832f3c6574f1fdd489e7304b51f807100ca7269484b8ce85d8977de57c9
Instruction ID: 43874e103e80bf1944727f9df236be1a0cb5e22dc1df578039e644004a7e4325
Opcode Fuzzy Hash: 82b50832f3c6574f1fdd489e7304b51f807100ca7269484b8ce85d8977de57c9
Instruction Fuzzy Hash: 182159B1900209CFCB10DF99C585BDEFBF4FB88324F01852AE418A7240D778AA44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 08980628, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 089806A6

Memory Dump Source

Source File: 00000000.00000002.306585817.0000000008980000.00000040.00000001.sdmp, Offset: 08980000, based on PE: false

Similarity

API ID: KernelObjectSecurity
String ID:
API String ID: 3015937269-0
Opcode ID: 00795bbd3cede9d82b775aeef33242608f5de73bc30b90236ee9f97db9afea5f
Instruction ID: 2c059c3a8212536786f059d6c65dccb65011200bd02842f883e04cc6590fb75a
Opcode Fuzzy Hash: 00795bbd3cede9d82b775aeef33242608f5de73bc30b90236ee9f97db9afea5f
Instruction Fuzzy Hash: 162149B19002098FCB10DF9AC589BDEBBF4FF88324F148529E418A7340D778A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report RFQ #46200058149.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets