Play interactive tour

Edit tour

Analysis Report #Ud83d#Udcde.htm

Overview

General Information

Sample Name:	#Ud83d#Udcde.htm
Analysis ID:	550
MD5:	5d44cee8d28cebf028ac3afc7c4309d0
SHA1:	b53e4a9f2a2efe93ca896cd6a56af26bf861cf0f
SHA256:	c77e9dbffd377fe486c902715fd1d5587c2c7ef58cfb2839284d109a72a6a645
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false

Signatures

Yara detected HtmlPhish35

Opens the Safari browser app

Classification

Startup

System is macvm-highsierra

xpcproxy New Fork (PID: 573, Parent: 1)

Safari (MD5: 8e18be737fe87f19fe7a97b4821e2005) Arguments: /Applications/Safari.app/Contents/MacOS/Safari

cleanup

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
#Ud83d#Udcde.htm	JoeSecurity_HtmlPhish_35	Yara detected HtmlPhish_35	Joe Security

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish35

Show sources

Source: Yara match

File source: #Ud83d#Udcde.htm, type: SAMPLE

Source: unknown	HTTPS traffic detected: 17.248.145.229:443 -> 192.168.11.11:49254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.224:443 -> 192.168.11.11:49256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.195:443 -> 192.168.11.11:49257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.175:443 -> 192.168.11.11:49258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.11.11:49259 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.109.201
Source: unknown	TCP traffic detected without corresponding DNS query: 2.20.214.243
Source: unknown	TCP traffic detected without corresponding DNS query: 2.20.214.243
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.109.201
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: sslcnd.aioecoin.org

Source: .dat.nosync023d.M2fcej.274.dr

String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49254
Source: unknown	Network traffic detected: HTTP traffic on port 49254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49259 -> 443

Source: unknown	HTTPS traffic detected: 17.248.145.229:443 -> 192.168.11.11:49254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.176.224:443 -> 192.168.11.11:49256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.195:443 -> 192.168.11.11:49257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.175:443 -> 192.168.11.11:49258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.11.11:49259 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.macHTM@0/6@4/0

Source: /usr/libexec/xpcproxy (PID: 573)

Safari app opened: /Applications/Safari.app/Contents/MacOS/Safari

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 573)

Random device file read: /dev/urandom

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 573)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 573)	XML plist file created: /Users/berri/Library/Safari/.dat.nosync023d.M2fcej	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 573)	Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync023d.coDlpE	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 573)	Binary plist file created: /Users/berri/Library/Safari/.dat.nosync023d.KFEApc	Jump to dropped file

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 573)

System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Plist Modification1	Plist Modification1	Direct Volume Access	OS Credential Dumping	System Information Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
#Ud83d#Udcde.htm	3%	Virustotal		Browse

Dropped Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
mamodmiappscn.firebaseapp.com	0%	Virustotal	Browse
gateway.fe.apple-dns.net	0%	Virustotal	Browse
sslcnd.aioecoin.org	0%	Virustotal	Browse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mamodmiappscn.firebaseapp.com	151.101.1.195	true	false	0%, Virustotal, Browse	unknown
gateway.fe.apple-dns.net	17.248.145.229	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.16.18.94	true	false		high
unpkg.com	104.16.124.175	true	false		high
sslcnd.aioecoin.org	172.67.176.224	true	false	0%, Virustotal, Browse	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
17.171.27.65	unknown	United States	714	APPLE-ENGINEERINGUS	false
17.253.109.201	unknown	United States	6185	APPLE-AUSTINUS	false
17.248.145.229	gateway.fe.apple-dns.net	United States	714	APPLE-ENGINEERINGUS	false
172.67.176.224	sslcnd.aioecoin.org	United States	13335	CLOUDFLARENETUS	false
151.101.1.195	mamodmiappscn.firebaseapp.com	United States	54113	FASTLYUS	false
2.20.214.243	unknown	European Union	16625	AKAMAI-ASUS	false
104.16.124.175	unpkg.com	United States	13335	CLOUDFLARENETUS	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	550
Start date:	09.04.2021
Start time:	17:18:38
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	#Ud83d#Udcde.htm
Cookbook file name:	defaultmacfilecookbook.jbs
Analysis system description:	Virtual Machine, High Sierra (Office 2016 v16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:	default
Detection:	MAL
Classification:	mal48.phis.macHTM@0/6@4/0
Warnings:	Show All Excluded IPs from analysis (whitelisted): 18.156.205.85, 23.54.112.17, 93.184.220.29, 18.156.44.202, 23.52.27.27, 172.217.168.42 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, gateway.icloud.com, g.symcd.com, e673.dsce9.akamaiedge.net, ajax.googleapis.com, api-glb-euc1b.smoot.apple.com, e8218.dscb1.akamaiedge.net, api.smoot.apple.com, bag-smoot.v.aaplimg.com, ocsp-ds.ws.symantec.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, configuration.apple.com, ocsp.digicert.com, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, smoot-searchv2-euc1b.v.aaplimg.com Report size getting too big, too many PREAD calls found.

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
2.20.214.243	2730.sh	Get hash	malicious	Browse
2.20.214.243	http://Destalo.pt	Get hash	malicious	Browse
104.16.124.175	ARMI Contractors RFQ.xlsx	Get hash	malicious	Browse
	RFQ.xlsx	Get hash	malicious	Browse
	INVOICES & STATEMENTS_02201.htm	Get hash	malicious	Browse
	4892.htm	Get hash	malicious	Browse
	http://login.technion.net	Get hash	malicious	Browse
	https://email.tungsten-network.com/K00kzKB00nv60AOP31Bq0G0	Get hash	malicious	Browse
	https://stevenscapitaladvisors.webflow.io/	Get hash	malicious	Browse
	https://secure-teams-storage.webflow.io/	Get hash	malicious	Browse
	https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse
	https://fuscoinsurance.webflow.io/	Get hash	malicious	Browse
	7158-14990-098-60-14990.htm	Get hash	malicious	Browse
	http://tracking.samsclub.com/track?type=click&enid=ZWFzPTEmYW1wO21zaWQ9MSZhbXA7YXVpZD0xNTYyMTMxNiZhbXA7bWFpbGluZ2lkPTYyMjA2JmFtcDttZXNzYWdlaWQ9MjYwMCZhbXA7ZGF0YWJhc2VpZD0xNTcxOTQxMzk5JmFtcDtzZXJpYWw9MTY3Nzk5MDgmYW1wO2VtYWlsaWQ9Y2JlbkBjb2xvcmNvYXRpbmMuY29tJmFtcDt1c2VyaWQ9MV8xODAyNiZhbXA7dGFyZ2V0aWQ9JmFtcDtmbD0mYW1wO212aWQ9JmFtcDtleHRyYT0mYW1wOyZhbXA7JmFtcDs=&&&16010&&&metging.web.app/chris.whippNovemberchris.whippchris.whipp#chris.whipp@paragon-europe.com	Get hash	malicious	Browse
	Scillc.HTM	Get hash	malicious	Browse
	https://appurl.io/QmuLwihhr	Get hash	malicious	Browse
	https://yuyiuhjcvxds.azurewebsites.net/6pFae/r04jrnZ/3XKfY/S@XzS7ANbN/yuhjnxc.php?bbre=2fb88ee97a699cbd93cb7f3859951f69	Get hash	malicious	Browse
	http://viaurnature.e-monsite.com	Get hash	malicious	Browse
	https://815ox.codesandbox.io/?bbre=324wso	Get hash	malicious	Browse
	https://truycvrtuyff-smart-pangolin-hj.mybluemix.net/weogtds/isoxci.html?bbre=329sddiis	Get hash	malicious	Browse
	https://pq4ig.csb.app/?bbre=324redfi	Get hash	malicious	Browse
	https://moneylinks.page.link/6SuK	Get hash	malicious	Browse
172.67.176.224	Open Invoice & Statements.htm	Get hash	malicious	Browse
	#Ud83d#Udcde.htm	Get hash	malicious	Browse
	#Ud83d#Udcde.htm.htm	Get hash	malicious	Browse
	AudioMessageg 7JI7-APOE7Z-PZB3.htm	Get hash	malicious	Browse
	Audio-07030.htm	Get hash	malicious	Browse
	Remittance.htm	Get hash	malicious	Browse
	metropolitanproperties.com.odt	Get hash	malicious	Browse
	ATT00900.htm	Get hash	malicious	Browse
151.101.1.195	46578-TR.exe	Get hash	malicious	Browse	www.covidtracksb.com/goei/?jBZx=D8b4q&kfOdRJ=xBMInsAuN+E1djdIl4AZwIkS2iJ2Ju/hNdjKdY9aIZe6wtX7I1CrmxbEw2e35jcdm3/W
	remittanceslip_pdf.exe	Get hash	malicious	Browse	www.devfestindia.com/cu6o/?uN6x=W+WuFBrln1qCfAXJ5xKULfOGff8dAb86Jvk64PlTVVMLGqhT4HhQij0c0Z21Ont+U/Id&Vtx0E=FDHHERlxjn8PMDI
	Project.pdf.exe	Get hash	malicious	Browse	www.towatchapp.com/ocq1/?lhudJ=s9fWYY+GRE/zu2qn9kCI0m/+x20wNzaZElH9PrG8sfLhi2QQuUQu3XvRAAgtMskCm9iv&1bm=3fhdLbnpevPXqD
	quotation.exe	Get hash	malicious	Browse	www.fsjdc.com/x2ee/?iBZLH8e=/LfDiPUOWZnyidNro0j70T8JUoHePLB2D+vct3YQB9mB3q5S0iE8mJFwRkJZflqbRhoGi7RzLw==&_RA89r=ZL3D3PvXurq
	DOCX RFQ#2.doc	Get hash	malicious	Browse	dropb-cfeb2.web.app/white.exe
	DOCX RFQ#2.rtf	Get hash	malicious	Browse	dropb-cfeb2.web.app/white.exe
	12-4.exe	Get hash	malicious	Browse	www.cvscarepasscard.com/gwg/
	PAYMENT COPY.exe	Get hash	malicious	Browse	www.firedoom.com/sbmh/?EjRh0d=C5hy1K5oAHBPrT8N397N//2qVHn6YwjigpXcmeWEXRbnBwwwMsoNEjPCOjfDrGfyrTiG&Bn=8pt0_Nex
	PO987556.exe	Get hash	malicious	Browse	www.firedoom.com/sbmh/?Yn=ybIHmldXUn88Ur&jfIT64=C5hy1K5oAHBPrT8N397N//2qVHn6YwjigpXcmeWEXRbnBwwwMsoNEjPCOg/57X/Kx0DB
	account confirmation!.exe	Get hash	malicious	Browse	www.firedoom.com/sbmh/?0Tx43p=zbDHwlRpXFN&DV8X=C5hy1K5oAHBPrT8N397N//2qVHn6YwjigpXcmeWEXRbnBwwwMsoNEjPCOjfDrGfyrTiG
	New Additional Agreement.exe	Get hash	malicious	Browse	www.erraticer.com/bw82/?J2JxbNH=6vRuuEDvqC5+aa5DVmVINCXZAyoyPzPxPo5XFdu9xcvmHzBmwHK9JJE0E4eNhlSLE1w3&BXEpz=Z2Jd8XTPeT
	00d1gI2vB4.exe	Get hash	malicious	Browse	www.erraticer.com/bw82/?ET8T=6vRuuEDvqC5+aa5DVmVINCXZAyoyPzPxPo5XFdu9xcvmHzBmwHK9JJE0E4eNhlSLE1w3&URiP=qFQxprRp5PPPOfyp
	New Additional Agreement.exe	Get hash	malicious	Browse	www.erraticer.com/bw82/?8p=6vRuuEDvqC5+aa5DVmVINCXZAyoyPzPxPo5XFdu9xcvmHzBmwHK9JJE0E7ykiluzNWFh0m7Gjw==&Bh=H0GxrDp
	Additional Agreement KYC.exe	Get hash	malicious	Browse	www.erraticer.com/bw82/?Ezrtr2qh=6vRuuEDvqC5+aa5DVmVINCXZAyoyPzPxPo5XFdu9xcvmHzBmwHK9JJE0E7ykiluzNWFh0m7Gjw==&QL3=ojqPsv
	http://roundcubemailagentupdate.web.app	Get hash	malicious	Browse	roundcubemailagentupdate.web.app/
	http://auto78438787328758792947.web.app	Get hash	malicious	Browse	auto78438787328758792947.web.app/
	http://salary-bonus.web.app	Get hash	malicious	Browse	salary-bonus.web.app/
	Client Contact REGISTRATION Sheet.xlsx	Get hash	malicious	Browse	www.letsdindin.com/mnf3/?9rTpeFt0=G6fRyfWpf4em3a5PxYoprh6KPSSsHaeEr4x3W3Pvzp31VBrhmksxwaIIwF2fZ05EyJsOCg==&rj9L_=qpnTHjlx
	http://Coronavirus.app	Get hash	malicious	Browse	coronavirus.app/
	http://mime-iz10.web.app	Get hash	malicious	Browse	mime-iz10.web.app/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdnjs.cloudflare.com	#Ud83d#Udcde973.htm	Get hash	malicious	Browse	104.16.18.94
	Open Invoice & Statements.htm	Get hash	malicious	Browse	104.16.18.94
	securedmessage.htm	Get hash	malicious	Browse	104.16.18.94
	Three.exe	Get hash	malicious	Browse	104.16.18.94
	One.exe	Get hash	malicious	Browse	104.16.19.94
	Five.exe	Get hash	malicious	Browse	104.16.19.94
	Two.exe	Get hash	malicious	Browse	104.16.19.94
	nicoleta.fagaras-DHL_TRACKING_1394942.html	Get hash	malicious	Browse	104.16.18.94
	PaymentAdvice-copy.htm	Get hash	malicious	Browse	104.16.18.94
	FARASIS.xlsx	Get hash	malicious	Browse	104.16.18.94
	FARASIS.xlsx	Get hash	malicious	Browse	104.16.19.94
	wzdu53.exe	Get hash	malicious	Browse	104.16.18.94
	Friday, April 2nd, 2021, 20210402062906.8CE1B73ADE2A192C@compassionarmy.com.htm	Get hash	malicious	Browse	104.16.18.94
	ACH REMITTANCE.xlsx	Get hash	malicious	Browse	104.16.18.94
	ACH REMITTANCE.xlsx	Get hash	malicious	Browse	104.16.19.94
	#Ud83d#Udcde.htm.htm	Get hash	malicious	Browse	104.16.18.94
	ccavero@hycite.com.htm	Get hash	malicious	Browse	104.16.19.94
	SOC_0#7198, INV#512 Via GoogleDocs gracechung.html	Get hash	malicious	Browse	104.16.19.94
	ACH WIRE INF0RMATION.xlsx	Get hash	malicious	Browse	104.16.19.94
	ACH WIRE INF0RMATION.xlsx	Get hash	malicious	Browse	104.16.19.94
mamodmiappscn.firebaseapp.com	#Ud83d#Udcde.htm	Get hash	malicious	Browse	151.101.65.195
mamodmiappscn.firebaseapp.com	#Ud83d#Udcde.htm.htm	Get hash	malicious	Browse	151.101.1.195
unpkg.com	Open Invoice & Statements.htm	Get hash	malicious	Browse	104.16.123.175
	#Ud83d#Udcde.htm.htm	Get hash	malicious	Browse	104.16.123.175
	ATT31834.htm	Get hash	malicious	Browse	104.16.126.175
	Q lifesettlements INVOICE.htm	Get hash	malicious	Browse	104.16.126.175
	Audio-07030.htm	Get hash	malicious	Browse	104.16.123.175
	Remittance.htm	Get hash	malicious	Browse	104.16.123.175
	metropolitanproperties.com.odt	Get hash	malicious	Browse	104.16.122.175
	metropolitanproperties.com.odt	Get hash	malicious	Browse	104.16.123.175
	ATT00900.htm	Get hash	malicious	Browse	104.16.126.175
	#Ud83d#Udce0-Twc-159.186.10.243.htm	Get hash	malicious	Browse	104.16.122.175
	ARMI Contractors RFQ.xlsx	Get hash	malicious	Browse	104.16.124.175
	ARMI Contractors RFQ.xlsx	Get hash	malicious	Browse	104.16.123.175
	RFQ.xlsx	Get hash	malicious	Browse	104.16.124.175
	RFQ.xlsx	Get hash	malicious	Browse	104.16.125.175
	#Ud83d#Udcde.htm	Get hash	malicious	Browse	104.16.123.175
	#U2261#U0192#U00f4#U20a7.htm.htm	Get hash	malicious	Browse	104.16.126.175
	Phish.htm	Get hash	malicious	Browse	104.16.123.175
	099-563942-59-5095-73208.htm	Get hash	malicious	Browse	104.16.122.175
	#U266b Audio_47720.wavv - - Copy.htm	Get hash	malicious	Browse	104.16.123.175
	_#Ud83d#Udcde_9173.htm	Get hash	malicious	Browse	104.16.125.175

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
FASTLYUS	ghnrope2.dll	Get hash	malicious	Browse	151.101.1.44
	mapdata.dll	Get hash	malicious	Browse	151.101.114.132
	Open Invoice & Statements.htm	Get hash	malicious	Browse	151.101.1.195
	#Ud83d#Udcde.htm	Get hash	malicious	Browse	151.101.65.195
	Fax-Message-4564259.html	Get hash	malicious	Browse	151.101.12.193
	securedmessage.htm	Get hash	malicious	Browse	151.101.1.192
	Three.exe	Get hash	malicious	Browse	151.101.2.217
	Four.exe	Get hash	malicious	Browse	151.101.14.109
	Six.exe	Get hash	malicious	Browse	151.101.2.217
	One.exe	Get hash	malicious	Browse	151.101.2.217
	Five.exe	Get hash	malicious	Browse	151.101.2.217
	Two.exe	Get hash	malicious	Browse	151.101.2.217
	frox0cheats.exe	Get hash	malicious	Browse	185.199.108.154
	PO45937008ADENGY.exe	Get hash	malicious	Browse	185.199.108.153
	PO#560.zip.exe	Get hash	malicious	Browse	151.101.1.211
	Telekom.jar	Get hash	malicious	Browse	185.199.109.154
	Telekom.jar	Get hash	malicious	Browse	185.199.111.154
	Telekom.jar	Get hash	malicious	Browse	185.199.108.154
	Telekom.jar	Get hash	malicious	Browse	185.199.110.154
	nicoleta.fagaras-DHL_TRACKING_1394942.html	Get hash	malicious	Browse	151.101.12.193
CLOUDFLARENETUS	ghnrope2.dll	Get hash	malicious	Browse	104.20.185.68
	mail_6512365134_7863_202104108.html	Get hash	malicious	Browse	104.18.10.207
	Copia bancaria de swift.exe	Get hash	malicious	Browse	162.159.135.233
	Production list.exe	Get hash	malicious	Browse	172.67.206.110
	EJ000.exe	Get hash	malicious	Browse	172.67.188.154
	Payment_Advice Pdf10375200148940150.doc	Get hash	malicious	Browse	104.21.82.210
	hemEUcQ610.exe	Get hash	malicious	Browse	172.67.222.53
	mapdata.dll	Get hash	malicious	Browse	104.20.184.68
	SecuriteInfo.com.Trojan.GenericKD.36659493.29456.exe	Get hash	malicious	Browse	104.17.62.50
	SecuriteInfo.com.Trojan.Siggen12.64197.30705.exe	Get hash	malicious	Browse	104.17.63.50
	PRC-20-518 ORIGINAL.xlsx	Get hash	malicious	Browse	104.25.233.53
	CNTR-NO-GLDU7267089.xlsx	Get hash	malicious	Browse	104.25.234.53
	SwiftMT103.xlsx	Get hash	malicious	Browse	172.67.83.132
	Purchase Order.xlsx	Get hash	malicious	Browse	172.67.83.132
	SPARE PARTS drawing.xlsx	Get hash	malicious	Browse	172.67.83.132
	IN18663Q0031139I.xlsx	Get hash	malicious	Browse	23.227.38.74
	ShipDoc_CI_PL_INV_.xlsx	Get hash	malicious	Browse	172.67.83.132
	PROFORMA INVOICE.xlsx	Get hash	malicious	Browse	172.67.83.132
	#Ud83d#Udcde973.htm	Get hash	malicious	Browse	104.16.18.94
	PN 601310-02_pdf A (1).vbs	Get hash	malicious	Browse	104.23.98.190
AKAMAI-ASUS	2730.sh	Get hash	malicious	Browse	2.20.214.243
	msals.pumpl.dll	Get hash	malicious	Browse	2.22.155.145
	606d810b8ff92.pdf.dll	Get hash	malicious	Browse	2.22.155.145
	DropDll.dll	Get hash	malicious	Browse	23.57.80.37
	msals.pumpl.dll	Get hash	malicious	Browse	184.30.24.22
	nnrlOwKZlc.exe	Get hash	malicious	Browse	184.30.20.56
	145440a7c1067bacfcd4d07078040b67c3753e589501b.dll	Get hash	malicious	Browse	96.16.108.27
	PJ1OTtgIlo.dll	Get hash	malicious	Browse	104.79.88.129
	4BRIjOEYNf.dll	Get hash	malicious	Browse	104.80.28.24
	LCoqf24H7e.dll	Get hash	malicious	Browse	184.30.24.22
	ACHWIREPAYMENTINFORMATION.xlsx	Get hash	malicious	Browse	104.83.87.109
	BsFMy70EjG.dll	Get hash	malicious	Browse	2.22.155.145
	k9NSoUT2pd.dll	Get hash	malicious	Browse	2.22.155.145
	NocSbjtb9r.exe	Get hash	malicious	Browse	104.83.121.112
	redwirespace-invoice-982323_xls.HtMl	Get hash	malicious	Browse	23.211.149.25
	pkmo.exe	Get hash	malicious	Browse	172.227.96.120
	SecuriteInfo.com.ML.PE-A.2715.dll	Get hash	malicious	Browse	104.73.164.23
	SecuriteInfo.com.Win32.Kryptik.HJSQ.12709.dll	Get hash	malicious	Browse	2.17.154.103
	#Ud83d#Udd04bvoneida- empirix.com iPhone 8 104 OKeep.htm	Get hash	malicious	Browse	95.100.55.95
	register.dll	Get hash	malicious	Browse	184.30.24.22

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
3e4e87dda5a3162306609b7e330441d2	fonedog-powermymac.dmg	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	diskdrill.dmg	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	Remittance.html	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	xSf	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	1ELOG8UQ4M.htm	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	BetterTouchTool.zip	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	https://billychemr324.github.io/santipxzic/index1.html?bbre=aod9435	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	http://help-servicee.ml	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	http://owauth1tadsoh1itndereql1nysa1ier1rnrhnthaesinlp.us-east-2.elasticbeanstalk.com/#jdiaz@eversheds-sutherland.es	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	http://test.kunmiskincare.com/index.php	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195
	http://protesidenext.com/16dbc8c14acdb8703b.js	Get hash	malicious	Browse	104.16.124.175 17.248.145.229 104.16.18.94 172.67.176.224 151.101.1.195

Dropped Files

No context

Runtime Messages

Command:	open "/Users/berri/Desktop/#Ud83d#Udcde.htm" --args
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Created / dropped Files

/Users/berri/Library/Safari/.dat.nosync023d.KFEApc Download File
Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1963
Entropy (8bit):	7.4143084009938045
Encrypted:	false
SSDEEP:	48:E3NmrW2oTlg9VeQWRLYDBLrZPiM/bu9ueXy:zWzA4vklLrZPJbuVy
MD5:	06F4A3A2CB895C9EA8A403FD55C13908
SHA1:	7F6C2100E1017075620FF26B7D0096989EA971A7
SHA-256:	947C782B0F384BDD7C8E4BAE00ED62DA9652BBA6B6B13C631AD7DAF76B335E35
SHA-512:	B312DC8DF4B1B8CBC8180EC369758A34ECC740D880099A97154698F5F044C9551081E7C63E1D873C115D7096C9B0A02FD690E2151DCF25512C277B84C473C219
Malicious:	false
Reputation:	low
Preview:	bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A..b........S2.0_.$F69F955A-BC0A-4F87-99FC-6161B46B9DBA_..{{0, 52}, {1024, 693}}.... !."#.$%&'().,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O...]8.J..DE:..jd.5}7..yM..:N`C....t.. ..&.}......h.#..s..%.s _:_"@<,....@..NUNRA..g.@......A#..{...;.*E}V..._=.$..JgY.:...N)...N..z....C"........#..........6..R..).x..N..1.s...I.:.kY..7......}.:...9L.b:H.Q\.f.!...Zn.<Z##K\|`..........W.....A...<8w...l."P.6...@Q..f..o.\.$..k..vz]..a[.3.S'c.l..H.Y+...q.. Q\.?...43n.a.s..VN.....E....Zj..`......M...O..M^.....U..Q.i.'1..!..U...)[.^...$...

/Users/berri/Library/Safari/.dat.nosync023d.M2fcej Download File
Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1012
Entropy (8bit):	5.286991847916908
Encrypted:	false
SSDEEP:	24:2dfyiwHuG5Ku3hu65juqVrTrmuGoTxR1F1xW:cfyP5Z/5PrUon1F1xW
MD5:	0C29425555C7FF0CA114B1FD0DC39C50
SHA1:	D7D808E8BE92462F4C3CEBA66734F0E9BB26ACDD
SHA-256:	52826AFEEC974BB7BACB85BDC01DC4F23BF917D65E04773D7CAD393F7866F3FD
SHA-512:	D9C8364A85F4B4A96CAAC1409F32F9D6B2F8AE19201E0ABD2D449A3EEDADD471E99E44BC92DEB5D8FB60287DA64A88E61B45F759E7B9A383A9BBE5F5FD242F95
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>SingleDeviceSaveChangesThrottlingPolicy</key>..<string>1:1440</string>..<key>MultipleDeviceSaveChangesThrottlingPolicy</key>..<string>50:1 \| 10:2 \| 10:5 \| 10:30 \| 9:40 \| 1:510</string>..<key>SingleDeviceFetchChangesThrottlingPolicy</key>..<string>11:15 \| 1:1275</string>..<key>MultipleDeviceFetchChangesThrottlingPolicy</key>..<string>50:1 \| 50:3 \| 20:4 \| 20:5 \| 20:15 \| 20:18 \| 20:20</string>..<key>SyncCircleSizeRetrievalThrottlingPolicy</key>..<string>1:1440</string>..<key>MaximumRequestLimitCharacterCount</key>..<integer>100000</integer>..<key>SyncWindow</key>..<real>1209600</real>..<key>HistoryModificationIdleDelayBeforeSyncAttemptKey</key>..<integer>90</integer>..<key>HistoryRemovalIdleDelayBeforeSyncAttempt</key>..<integer>6</integer>..<key>SaveChangesBeforeTerminationTimeout</key>..<integer>1</integer>.</dic

/dev/null Download File
Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.8180438460722765
Encrypted:	false
SSDEEP:	3:tUI7ocFzf4HzS9df3WOv:mMHw2dfmA
MD5:	65E1634E610E84BA9B63730E3F05D1D4
SHA1:	BBD299FC69A69AEB4EDB05D2D30909723E7B8984
SHA-256:	7DF386B0D056240755D8A6A63B5D824CA4306AAA9584C9FAA87A74B8BD2F5063
SHA-512:	F2230B7A613A1B7B4D9C357372A059AC09B1E5D0A9481997D4107779625333D8A3FDB653543526C3D604AB03226E181C92EBB7EDBDC8E7012728A26B69BA2DE3
Malicious:	false
Reputation:	low
Preview:	2021-04-09 19:19:30.570 Safari[573:5815] ApplePersistence=NO.

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync023d.coDlpE Download File
Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.9370658315190226
Encrypted:	false
SSDEEP:	3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
MD5:	CDC65B5F112547EAFAE0F16F9C149426
SHA1:	AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
SHA-256:	1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
SHA-512:	E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	bplist00..._..ExtensionArchivesExtracted...(...............................)

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_ Download File
Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mac OS X Keychain File
Category:	dropped
Size (bytes):	48908
Entropy (8bit):	3.533948990143748
Encrypted:	false
SSDEEP:	384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/
MD5:	09070E01FA6ED1973D94FAD50C35E3ED
SHA1:	7546663E66F9889EE3365A7A0BE372300C6022CA
SHA-256:	2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F
SHA-512:	621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_ Download File
Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mac OS X Keychain File
Category:	dropped
Size (bytes):	4404
Entropy (8bit):	3.5113078915037033
Encrypted:	false
SSDEEP:	48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX
MD5:	D487F899A14AE98519B46D51BC810F1B
SHA1:	64877ECFBE47ED66EED545B2449BBE8B22B775D0
SHA-256:	4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D
SHA-512:	EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....

Static File Info

General
File type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Entropy (8bit):	6.001485823782198
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	#Ud83d#Udcde.htm
File size:	5008
MD5:	5d44cee8d28cebf028ac3afc7c4309d0
SHA1:	b53e4a9f2a2efe93ca896cd6a56af26bf861cf0f
SHA256:	c77e9dbffd377fe486c902715fd1d5587c2c7ef58cfb2839284d109a72a6a645
SHA512:	5b780cf8fe3e3ae18ef82c5ce00cdcbc21a591bd4283a2169446c2fff5d5728f9730f9382f093760e44d7734940cc599d954cc3f0b7fde04fa4e4b599215f32a
SSDEEP:	96:RPCt3y7Xc3CXZXXbFn+jk2EYi3hmU3ZVrkqsnQaKA9jhGZxTc0hLat:gt3y7XfXZXEk2EYi3hV3ZPSUrZxXg
File Content Preview:	<!DOCTYPE html><html><head><script>var mizzs="Y2hlcnJ5cEB1d2diLmVkdQ=="</script>..<script>var paso1="@!&wAV9fCcXIbQnz4oSp@&!OehA8igcfspk3JE5MoTRF1DZPdwS6&@!";if(window.location.href.indexOf("bbre=")==-1) window.location.href = document.location.pathname+"

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2021 17:19:32.535933018 CEST	49238	443	192.168.11.11	17.171.27.65
Apr 9, 2021 17:19:32.536343098 CEST	49238	443	192.168.11.11	17.171.27.65
Apr 9, 2021 17:19:32.650939941 CEST	443	49238	17.171.27.65	192.168.11.11
Apr 9, 2021 17:19:32.651020050 CEST	443	49238	17.171.27.65	192.168.11.11
Apr 9, 2021 17:19:32.651314020 CEST	443	49238	17.171.27.65	192.168.11.11
Apr 9, 2021 17:19:32.651379108 CEST	49238	443	192.168.11.11	17.171.27.65
Apr 9, 2021 17:19:32.651622057 CEST	49238	443	192.168.11.11	17.171.27.65
Apr 9, 2021 17:19:33.086085081 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.096748114 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.097279072 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.214241028 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.224672079 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.224699020 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.224723101 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.225224018 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.225619078 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.225753069 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.226325035 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.226422071 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.226455927 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.226986885 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.579688072 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.590023041 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.590037107 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.590548038 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.590557098 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.597820044 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.620028019 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.620635986 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.620969057 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.643023968 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.647778034 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.647840023 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.647876024 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.648421049 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.648494005 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.648504019 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.686259031 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.708630085 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.708677053 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.708929062 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.709264994 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.709314108 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.710834026 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.710880995 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.710891008 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.710899115 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.710994959 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.732975006 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.732992887 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.733004093 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.733016014 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.733027935 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.733038902 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:33.734304905 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:33.742094994 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.742125988 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.742130041 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.742132902 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.742640972 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.752580881 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.752599001 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.752610922 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.753124952 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.754245996 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.754415989 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.754985094 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.755019903 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.755105972 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.755250931 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.755707026 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.755723953 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.755738020 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.755945921 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.756382942 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.756437063 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.756455898 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.756536961 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.757034063 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.757052898 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.757128954 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:33.757639885 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.871489048 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:33.882014036 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:34.353782892 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.353871107 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.353969097 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.354010105 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.354089975 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.354132891 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.354182005 CEST	443	49256	172.67.176.224	192.168.11.11
Apr 9, 2021 17:19:34.354271889 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:34.354477882 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:34.354549885 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:34.354563951 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:34.354574919 CEST	49256	443	192.168.11.11	172.67.176.224
Apr 9, 2021 17:19:34.968669891 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:34.977731943 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:34.978085995 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:34.978554964 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:34.987796068 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:34.988847971 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:34.988919973 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:34.988966942 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:34.989409924 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:34.989495993 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:34.989507914 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:34.997256041 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.007587910 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.008212090 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.008898973 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.008984089 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.008995056 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.009004116 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.018174887 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.018229008 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.018265009 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.018696070 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.018783092 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.018794060 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.065483093 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.073369980 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.074789047 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.271516085 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.271997929 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.644320011 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.652122974 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:35.652214050 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:35.652317047 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:35.653495073 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.663211107 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:35.663271904 CEST	443	49254	17.248.145.229	192.168.11.11
Apr 9, 2021 17:19:35.663829088 CEST	49254	443	192.168.11.11	17.248.145.229
Apr 9, 2021 17:19:35.925782919 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.925913095 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.925978899 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926038980 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926098108 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926156998 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926214933 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926273108 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926332951 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926388979 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:35.926693916 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.926784992 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.926798105 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.926808119 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.926852942 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:35.927006006 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:36.568228960 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.574882984 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.575419903 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.575738907 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.584209919 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.585474014 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.585541964 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.585578918 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.585998058 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.586082935 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.586095095 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.594816923 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.600296021 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.600363970 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.600403070 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.600897074 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.600984097 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.601528883 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.601612091 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.601623058 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.601630926 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.601639986 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.606961966 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.607016087 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.607049942 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.607085943 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.607117891 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.609049082 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.609597921 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633023977 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633147001 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633200884 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633253098 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633290052 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633339882 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633390903 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633443117 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633480072 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633527040 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633533001 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633585930 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633625031 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633660078 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:36.633721113 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633790016 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633802891 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633810997 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633961916 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.633980036 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.634006023 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:36.641135931 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.274604082 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.284238100 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.545933962 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546063900 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546124935 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546220064 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546307087 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546366930 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546427965 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546487093 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546545029 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546603918 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.546750069 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.547086000 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.547214031 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.547451019 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.547586918 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.547702074 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.547806025 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.548157930 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.548224926 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.548276901 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.548321009 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:37.548485994 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.548831940 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.548881054 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.548892021 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:37.921201944 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.926590919 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.960927010 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961050034 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961111069 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961226940 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961298943 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961359978 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961419106 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961488962 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961546898 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961556911 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.961628914 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961690903 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961749077 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961873055 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.961972952 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962032080 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962152004 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962203979 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962256908 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962294102 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962343931 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962394953 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962445021 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962495089 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962519884 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.962562084 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962615967 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962666035 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962716103 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962766886 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962819099 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.962867975 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:37.964832067 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964917898 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964929104 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964937925 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964946032 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964953899 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964962006 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964971066 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964978933 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964987040 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.964994907 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.965003014 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.965010881 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.965076923 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.965092897 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:37.965220928 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.688328981 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.709661007 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.709722996 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.709829092 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.709918976 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.709974051 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.710025072 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.710076094 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.710127115 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.710165024 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.710199118 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:38.710530043 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.710618019 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.710629940 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.710639000 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.710654020 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.710663080 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:38.710671902 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:39.303620100 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.309323072 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.309973001 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.310301065 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.315534115 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.316679955 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.316752911 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.316791058 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.317342043 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.317430019 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.317440987 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.331542969 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.336805105 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.336880922 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.337214947 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.337292910 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.337750912 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.344820023 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.344903946 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.344916105 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.344923973 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.344933033 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.350187063 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.350239992 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.350272894 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.350307941 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.350339890 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.350373030 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.351543903 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.360943079 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.360999107 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.361053944 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.361088991 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.361140013 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.361175060 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.362299919 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.362386942 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.362399101 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.362406969 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.362626076 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.972067118 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.977232933 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989497900 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989590883 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989640951 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989672899 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989747047 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989823103 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989896059 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989943981 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.989989042 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990032911 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990065098 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990108967 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990139008 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990183115 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990190029 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.990221024 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:39.990252018 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.990379095 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.990472078 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.990825891 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.991542101 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.991612911 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.991622925 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.991630077 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:39.992394924 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.321788073 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.336559057 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.336615086 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.336668968 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.336704969 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.336755991 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.336800098 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.336834908 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:40.337210894 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.337299109 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.337310076 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.337318897 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.341522932 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:40.660811901 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.692276001 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692379951 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692444086 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692488909 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692574978 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692635059 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692692995 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.692737103 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693149090 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693233013 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693332911 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693393946 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693480968 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693540096 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693589926 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693684101 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693742990 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693902016 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.693958044 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.693958044 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.693969011 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694021940 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.694081068 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.694089890 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694127083 CEST	443	49258	104.16.124.175	192.168.11.11
Apr 9, 2021 17:19:40.694133997 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694145918 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694154978 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694175959 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694185972 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694325924 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694369078 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:40.694545031 CEST	49258	443	192.168.11.11	104.16.124.175
Apr 9, 2021 17:19:41.042920113 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.056812048 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.056914091 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.056981087 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057064056 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057123899 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057182074 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057225943 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057286024 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057343960 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057401896 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057461977 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057506084 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057564974 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057622910 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057662964 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057701111 CEST	443	49259	104.16.18.94	192.168.11.11
Apr 9, 2021 17:19:41.057785988 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.058201075 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059037924 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059128046 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059140921 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059150934 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059159994 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059170008 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059180021 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059190035 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.059482098 CEST	49259	443	192.168.11.11	104.16.18.94
Apr 9, 2021 17:19:41.344691038 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.353794098 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941036940 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941148043 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941210032 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941298008 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941369057 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941427946 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941509008 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.941567898 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.942030907 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.942123890 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.942137003 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.942154884 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.942354918 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.942440033 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.942509890 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.942576885 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.942959070 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.943007946 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.943095922 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.943196058 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.943259954 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.943319082 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.943841934 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.943912029 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.944163084 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.944243908 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.944307089 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.944365978 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.944796085 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.944849014 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.944891930 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.944993973 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.945076942 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.945127964 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.945388079 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.945513010 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.945831060 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.946002007 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.946074009 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.946130991 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.946454048 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.946505070 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.946721077 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.946836948 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.946866035 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.947182894 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.947344065 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.948836088 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.951802969 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.951911926 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.951968908 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952020884 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952105045 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952157974 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952208042 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952260971 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952311993 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952363014 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952414989 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952424049 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.952471018 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952476025 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.952524900 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952574968 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952603102 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.952625990 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952779055 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.952804089 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.952820063 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.952955008 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.952994108 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.953006029 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.953059912 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.953110933 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.953130960 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.953161955 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.953208923 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.953428030 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.953443050 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.953453064 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.953778982 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.958122969 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958211899 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958586931 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958655119 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958729982 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958781004 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958832979 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958910942 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.958983898 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959038019 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959117889 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959187984 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959244967 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959276915 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959310055 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959362984 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959414005 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959455967 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959465027 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959496021 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959518909 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959570885 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959630966 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959672928 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959825993 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.959927082 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959969044 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959980011 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959988117 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.959995985 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.960004091 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.960011959 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.960045099 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.960124969 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.960189104 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.960232019 CEST	443	49257	151.101.1.195	192.168.11.11
Apr 9, 2021 17:19:41.960455894 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.960465908 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.960475922 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:41.960685968 CEST	49257	443	192.168.11.11	151.101.1.195
Apr 9, 2021 17:19:56.363673925 CEST	49247	80	192.168.11.11	17.253.109.201
Apr 9, 2021 17:19:56.363780975 CEST	49248	80	192.168.11.11	2.20.214.243
Apr 9, 2021 17:19:56.369024992 CEST	80	49248	2.20.214.243	192.168.11.11
Apr 9, 2021 17:19:56.369632006 CEST	49248	80	192.168.11.11	2.20.214.243
Apr 9, 2021 17:19:56.386324883 CEST	80	49247	17.253.109.201	192.168.11.11
Apr 9, 2021 17:19:56.386909962 CEST	49247	80	192.168.11.11	17.253.109.201

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2021 17:19:31.411304951 CEST	58839	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:31.417310953 CEST	53	58839	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:31.791662931 CEST	59836	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:31.797373056 CEST	53	59836	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:31.839692116 CEST	55116	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:31.845232964 CEST	53	55116	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:32.360006094 CEST	50873	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:32.365539074 CEST	53	50873	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:33.077423096 CEST	49971	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:33.083138943 CEST	53	49971	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:33.332688093 CEST	54472	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:33.401144981 CEST	53	54472	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:33.569308043 CEST	56733	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:33.596271038 CEST	53	56733	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:34.934686899 CEST	61723	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:34.967339039 CEST	53	61723	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:36.559148073 CEST	65426	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:36.566097975 CEST	53	65426	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:39.295890093 CEST	65255	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:39.302208900 CEST	53	65255	1.1.1.1	192.168.11.11
Apr 9, 2021 17:19:39.632014990 CEST	55831	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:19:39.639265060 CEST	53	55831	1.1.1.1	192.168.11.11
Apr 9, 2021 17:20:00.310832024 CEST	57325	53	192.168.11.11	1.1.1.1
Apr 9, 2021 17:20:00.321017027 CEST	53	57325	1.1.1.1	192.168.11.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 9, 2021 17:19:33.569308043 CEST	192.168.11.11	1.1.1.1	0xa2dd	Standard query (0)	sslcnd.aioecoin.org	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:34.934686899 CEST	192.168.11.11	1.1.1.1	0xf7cf	Standard query (0)	mamodmiappscn.firebaseapp.com	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:36.559148073 CEST	192.168.11.11	1.1.1.1	0xeea5	Standard query (0)	unpkg.com	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:39.295890093 CEST	192.168.11.11	1.1.1.1	0x379c	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.229	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.207	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.234	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.241	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.100	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.141	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.73	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.083138943 CEST	1.1.1.1	192.168.11.11	0x6ba0	No error (0)	gateway.fe.apple-dns.net	17.248.145.237	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.596271038 CEST	1.1.1.1	192.168.11.11	0xa2dd	No error (0)	sslcnd.aioecoin.org	172.67.176.224	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:33.596271038 CEST	1.1.1.1	192.168.11.11	0xa2dd	No error (0)	sslcnd.aioecoin.org	104.21.91.175	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:34.967339039 CEST	1.1.1.1	192.168.11.11	0xf7cf	No error (0)	mamodmiappscn.firebaseapp.com	151.101.1.195	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:34.967339039 CEST	1.1.1.1	192.168.11.11	0xf7cf	No error (0)	mamodmiappscn.firebaseapp.com	151.101.65.195	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:36.566097975 CEST	1.1.1.1	192.168.11.11	0xeea5	No error (0)	unpkg.com	104.16.124.175	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:36.566097975 CEST	1.1.1.1	192.168.11.11	0xeea5	No error (0)	unpkg.com	104.16.126.175	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:36.566097975 CEST	1.1.1.1	192.168.11.11	0xeea5	No error (0)	unpkg.com	104.16.122.175	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:36.566097975 CEST	1.1.1.1	192.168.11.11	0xeea5	No error (0)	unpkg.com	104.16.123.175	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:36.566097975 CEST	1.1.1.1	192.168.11.11	0xeea5	No error (0)	unpkg.com	104.16.125.175	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:39.302208900 CEST	1.1.1.1	192.168.11.11	0x379c	No error (0)	cdnjs.cloudflare.com	104.16.18.94	A (IP address)	IN (0x0001)
Apr 9, 2021 17:19:39.302208900 CEST	1.1.1.1	192.168.11.11	0x379c	No error (0)	cdnjs.cloudflare.com	104.16.19.94	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 9, 2021 17:19:33.225753069 CEST	17.248.145.229	443	192.168.11.11	49254	C=US, ST=California, O=Apple Inc., CN=gateway.icloud.com C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=GeoTrust Global CA, O=GeoTrust Inc., C=US	Mon Jul 20 19:41:36 CEST 2020 Wed Dec 12 13:00:00 CET 2018 Mon Jun 16 17:42:02 CEST 2014	Thu Aug 19 19:51:00 CEST 2021 Wed May 07 14:00:00 CEST 2025 Fri May 20 17:42:02 CEST 2022	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,0	3e4e87dda5a3162306609b7e330441d2
					C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Dec 12 13:00:00 CET 2018	Wed May 07 14:00:00 CEST 2025
					C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	CN=GeoTrust Global CA, O=GeoTrust Inc., C=US	Mon Jun 16 17:42:02 CEST 2014	Fri May 20 17:42:02 CEST 2022
Apr 9, 2021 17:19:33.647840023 CEST	172.67.176.224	443	192.168.11.11	49256	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sun Aug 02 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Mon Aug 02 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,0	3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:33.647840023 CEST	172.67.176.224	443	192.168.11.11	49256	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:34.988966942 CEST	151.101.1.195	443	192.168.11.11	49257	CN=firebaseapp.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Wed Oct 21 19:55:39 CEST 2020 Thu Jun 15 02:00:42 CEST 2017	Wed Oct 20 19:55:39 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,0	3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:34.988966942 CEST	151.101.1.195	443	192.168.11.11	49257	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:36.585541964 CEST	104.16.124.175	443	192.168.11.11	49258	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sun Aug 02 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Mon Aug 02 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,0	3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:36.585541964 CEST	104.16.124.175	443	192.168.11.11	49258	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:39.316752911 CEST	104.16.18.94	443	192.168.11.11	49259	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,0	3e4e87dda5a3162306609b7e330441d2
Apr 9, 2021 17:19:39.316752911 CEST	104.16.18.94	443	192.168.11.11	49259	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		3e4e87dda5a3162306609b7e330441d2

System Behavior

Analysis Process: xpcproxy PID: 573 Parent PID: 1

General

Start time:	17:19:30
Start date:	09/04/2021
Path:	/usr/libexec/xpcproxy
Arguments:	n/a
File size:	43488 bytes
MD5 hash:	d1bb9a4899f0af921e8188218b20d744

Chronological Activities

Analysis Process: Safari PID: 573 Parent PID: 1

General

Start time:	17:19:30
Start date:	09/04/2021
Path:	/Applications/Safari.app/Contents/MacOS/Safari
Arguments:	/Applications/Safari.app/Contents/MacOS/Safari
File size:	20896 bytes
MD5 hash:	8e18be737fe87f19fe7a97b4821e2005

Description:	Adversaries may modify plist files to run a program during system boot or user login. Property list (plist) files contain all of the information that macOS and OS X uses to configure applications and services. These files are UTF-8 encoded and formatted like XML documents via a series of keys surrounded by < >. They detail when programs should execute, file paths to the executables, program arguments, required OS permissions, and many others. plists are located in certain locations depending on their purpose such as `/Library/Preferences` (which execute with elevated privileges) and `~/Library/Preferences` (which execute with a user's privileges).
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	macOS
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report #Ud83d#Udcde.htm

Overview

General Information

Detection

Signatures

Classification

Startup

Yara Overview

Initial Sample

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

General Information

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Runtime Messages

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

System Behavior

Analysis Process: xpcproxy PID: 573 Parent PID: 1

General

Chronological Activities

Analysis Process: Safari PID: 573 Parent PID: 1

General

Chronological Activities