Play interactive tour

Edit tour

Analysis Report scan_doc.exe

Overview

General Information

Sample Name:	scan_doc.exe
Analysis ID:	385475
MD5:	a01c6a3db8e862ab85386b6700e941bb
SHA1:	40a1b88e94c9268e7120e48cc0b64f6b20779a24
SHA256:	29859bac1ca73683bf6c9ff17a91d249d0fa9ecb18b6b03ef03cf17545fad2be
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Creates a DirectInput object (often for capturing keystrokes)

Enables debug privileges

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses insecure TLS / SSL version for HTTPS connection

Classification

Startup

System is w10x64

scan_doc.exe (PID: 496 cmdline: 'C:\Users\user\Desktop\scan_doc.exe' MD5: A01C6A3DB8E862AB85386B6700E941BB)

WerFault.exe (PID: 5972 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: scan_doc.exe	Virustotal: Detection: 26%			Perma Link
Source: scan_doc.exe	ReversingLabs: Detection: 29%

Machine Learning detection for sample

Show sources

Source: scan_doc.exe

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 104.21.17.57:443 -> 192.168.2.4:49729 version: TLS 1.0

Source: scan_doc.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: rsaenh.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb( source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: onfiguration.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb][P source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: mskeyprotect.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: profapi.pdb4 source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: winnsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: .ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: clr.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: cryptsp.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: scan_doc.PDBDjP0 source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: System.Configuration.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: schannel.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: urlmon.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdbN source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.Xml.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: i.pdb source: WerFault.exe, 00000004.00000003.662722639.0000000005566000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdber source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: urlmon.pdbc: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: mscoree.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: cryptsp.pdb. source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: jC:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: dnsapi.pdb;=a source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdbl source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdbZ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: nsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: ws2_32.pdb]: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: iertutil.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdberwW source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: rasapi32.pdbH source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: wimm32.pdbf source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: iVisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: msasn1.pdb5={ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDSO* source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: psapi.pdbx source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: ncrypt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: secur32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: rasadhlp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: ml.ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: wwin32u.pdbT source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdbRSDSD source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: diasymreader.pdb_ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: t.VisualBasic.pdb{{ source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: ml.ni.pdb" source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: mscoreei.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: ncrypt.pdbK: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rsaenh.pdbr source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: msvcp_win.pdb~ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: System.Core.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: .pdb# source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: nsi.pdb{ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: dnsapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rasapi32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: iLC:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: diasymreader.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: winhttp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: ntasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdbT3 source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: System.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: powrprof.pdb" source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: rtutils.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbL/3 source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source:	Binary string: oleaut32.pdb` source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: WLDP.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: fwpuclnt.pdbo: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: rtutils.pdbW: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: clrjit.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rasman.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: ncryptsslp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: wmswsock.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: version.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: onfiguration.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source:	Binary string: wintrust.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: ore.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: psapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: fwpuclnt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: System.Core.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: wkernelbase.pdb( source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: mscoreei.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: combase.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: dhcpcsvc6.pdbi: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rasadhlp.pdbE: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdbD source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp

Source: global traffic

HTTP traffic detected: GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html HTTP/1.1UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41Host: bornforthis.mlConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 104.21.17.57 104.21.17.57

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown

HTTPS traffic detected: 104.21.17.57:443 -> 192.168.2.4:49729 version: TLS 1.0

Source: global traffic

Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer\|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer\|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer\|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer\|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher"b equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer\|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer\|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer\|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer\|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher"b equals www.twitter.com (Twitter)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer\|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer\|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer\|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer\|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections & Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: <footer><ul id="section-links"><li><a href="https://www.liverpool.com/liverpool-fc-news/" data-link-tracking="Footer\|Liverpool FC News">Liverpool FC News</a></li><li><a href="https://www.liverpool.com/schedule/" data-link-tracking="Footer\|Schedule">Schedule</a></li><li><a href="https://www.liverpool.com/liverpool-fc-news/features/" data-link-tracking="Footer\|Features">Features</a></li><li><a href="https://www.liverpool.com/all-about/premier-league" data-link-tracking="Footer\|Premier League">Premier League</a></li></ul><div class="social-links"><h4>Follow us<ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|bottom"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|bottom"></a></li></ul></h4></div><div class="kitemarks"><div class="ipso"></div></div><ul id="utility-links"><li><div itemprop="publisher" itemscope="itemscope" itemtype="https://schema.org/NewsMediaOrganization"><meta itemprop="publishingPrinciples" content="https://www.liverpool.com/about-us/"><meta itemprop="name" content="Liverpool.com"><meta itemprop="url" content="https://www.liverpool.com/"><div itemprop="logo" itemscope="itemscope" itemtype="https://schema.org/ImageObject"><meta itemprop="url" content="https://s2-prod.liverpool.com/@trinitymirrordigital/chameleon-branding/publications/liverpool/img/logo-liverpool.png"></div></div><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/rules/">Competition Rules</a></li><li><a href="https://www.liverpool.com/how-to-complain/">How to Complain</a></li><li><a href="https://www.liverpool.com/corrections-clarifications/">Corrections & Clarifications</a></li><li><a href="https://www.liverpool.com/privacy-notice/">Privacy Notice</a></li><li><a href="https://www.liverpool.com"> equals www.twitter.com (Twitter)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header\|MainLogo\|Image\|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header\|DropDown\|Text\|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header\|SectionLabel\|Text\|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: <header class="mod-header" data-mod="header" data-immediate><div class="primary publication-theme-highlight"><a data-link-tracking="Header\|MainLogo\|Image\|liverpool" id="logo" href="/">liverpool</a><a class="icon" id="hamburger" href="#">Load mobile navigation<span></span></a><nav class="primary"><section><ul data-level="1"><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Liverpool FC News" href="https://www.liverpool.com/liverpool-fc-news/">Liverpool FC News</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Latest News" href="https://www.liverpool.com/liverpool-fc-news/">Latest News</a></li><li><a data-link-tracking="Header\|DropDown\|Text\|Transfer News" href="https://www.liverpool.com/liverpool-fc-news/transfer-news/">Transfer News</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li class="has-children"><a data-link-tracking="Header\|SectionLabel\|Text\|Schedule" href="https://www.liverpool.com/schedule/">Schedule</a><ul data-level="2"><li><a data-link-tracking="Header\|DropDown\|Text\|Premier League" href="https://www.liverpool.com/all-about/premier-league">Premier League</a></li></ul><a class="icon toggle" href="#">Expand</a></li><li><a data-link-tracking="Header\|SectionLabel\|Text\|Features" href="https://www.liverpool.com/liverpool-fc-news/features/">Features</a></li></ul></section></nav><profile-icon lr-custom-id="signin" lr-custom-class="header-profile-icon" lr-gtm-label="header" lr-show-account-link></profile-icon><div class="search"><button class="icon icon-search" id="search-icon" type="button" aria-label="Search"></button></div><div class="search-box hidden"><gcse:searchbox-only resultsUrl="https://www.liverpool.com/search/"></gcse:searchbox-only></div><div class="social-sites"><ul><li class="follow hidden"><span class="follow-text publication-theme">Follow us</span></li><li><a class="icon facebook" title="facebook" href="https://www.facebook.com/liverpooldotcom" target="_blank" data-provider="facebook" data-tracking="facebook\|follow\|top"></a></li><li><a class="icon twitter" title="twitter" href="https://twitter.com/liverpoolcom_" target="_blank" data-provider="twitter" data-tracking="twitter\|follow\|top"></a></li></ul></div></div><nav class="secondary" data-smooth-scroll><section><ul class="click-track" data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/advertising/">Advertise with us</a></li></ul></section></nav><nav class="footer"><section><ul data-level="1"><li><a href="https://www.liverpool.com/about-us/">About Us</a></li><li><a href="https://www.liverpool.com/contact-us/">Contact Us</a></li><li><a href="https://www.liverpool.com/rss-feeds/">RSS Feeds</a></li><li><a href="https://www.liverpool.com/terms-conditions/">T&Cs</a></li><li><a href="https://www.liverpool.com/cookie-policy/">Cookie Policy</a></li><li><a href="https://www.liverpool.com/r
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: <meta property="og:site_name" content="Liverpool.com"><meta property="og:language" content="en"><meta property="og:type" content="article"><meta property="og:title" content="The Brewster Experience has underdelivered so far, but that will change"><meta property="og:url" content="https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763"><meta property="og:description" content="Rhian Brewster was hyped up before the start of the season, but was that fair?"><meta property="og:image" content="https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178657262.jpg"><meta property="og:section" content="Features"><meta property="article:tag" content="Rhian Brewster"><meta property="article:author" content="https://www.facebook.com/kristianwalsh1987/"><meta property="article:published_time" content="2019-10-30T16:00:00Z"><meta property="article:modified_time" content="2019-10-30T15:36:53Z"><meta property="article:expiration_time" content="2019-11-29T15:36:53Z"><meta property="article:section" content="Features"><meta property="article:id" content="liverpool-17172763"> equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster's feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle\|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.facebook.com (Facebook)
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: n, Gomez/Lovren, James Milner, Oxlade-Chamberlain, Naby Keita and Divock Origi. An impressive outing against Arsenal could nudge him ahead of Adam Lallana, or even Harvey Elliott, in the fight for that seventh spot.</p> <p>The world is still expected to be at Brewster's feet at Liverpool. It is just a matter of waiting for him to be passed it.</p><!-- Article End--></div><div id="social-follow" data-mod="socialFollow"><div id="social-methods"><div class="facebook-share"><span class="icon facebook large"></span><div class="fb-like" data-href="https://www.facebook.com/liverpooldotcom" data-layout="button_count" data-action="like" data-size="large" data-width="300" data-show-faces="false" data-share="false"></div><span class="page-name">liverpooldotcom</span></div><div class="twitter-share" data-follow-url="https://twitter.com/intent/follow?screen_name=liverpoolcom_"><span class="icon twitter large"></span><a>Follow @<span>liverpoolcom_</span></a></div></div></div><div class="tag-list"><span class="publication-theme-border publication-theme-icon">More On</span><ul><li><a class="publication-theme-button-highlight" href="https://www.liverpool.com/all-about/rhian-brewster" data-link-tracking="EndArticle\|Tag">Rhian Brewster</a></li></ul></div></div><aside class="related-column secondary"></aside></div></article> equals www.twitter.com (Twitter)

Source: unknown

DNS traffic detected: queries for: bornforthis.ml

Source: scan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmp	String found in binary or memory: http://bornforthis.ml
Source: scan_doc.exe	String found in binary or memory: http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B
Source: scan_doc.exe	String found in binary or memory: http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E7E9
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: http://schema.org/BreadcrumbList
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: http://schema.org/ListItem
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: http://schema.org/NewsArticle
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Source: scan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmp, WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
Source: WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: http://www.digicert.com/CPS0v
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js
Source: scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmp	String found in binary or memory: https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358
Source: scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmp	String found in binary or memory: https://bornforthis.ml41k
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://c.amazon-adsystem.com/aax2/apstag.js
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://felix.data.tm-awx.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://felix.data.tm-awx.com/ampconfig.json"
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://felix.data.tm-awx.com/felix.min.js
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/ded/script.js
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article17156435.ece/ALTERNATES/s615/1_GettyImages-1183794835.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s220b/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s180/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s220b/0_Salah-Goal-vs-Leeds.jp
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s180/0_GettyImages-1273716690.
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s615/0_GettyImages-1302496803.
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s615/1_WhatsApp-Image-2021-03-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://mab.data.tm-awx.com/rhs"
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://quantcast.mgr.consensu.org
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://reach-id.orbit.tm-awx.com/analytics.js.gz
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://reachplc.hub.loginradius.com"
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://s2-prod.liverpool.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://s2-prod.liverpool.com/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://s2-prod.mirror.co.uk/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://schema.org/ImageObject
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://schema.org/NewsMediaOrganization
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://trinitymirror.grapeshot.co.uk/
Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M3TH25P
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/about-us/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/andrew-robertson
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/champions-league
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/curtis-user
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/georginio-wijnaldum
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/mohamed-salah
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/ozan-kabak
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/premier-league
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/sadio-mane
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/steven-gerrard
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/all-about/transfers
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/contact-us/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/cookie-policy/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/corrections-clarifications/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/how-to-complain/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-17164868
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-curtis-user-jurgen-klopp-19941053
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/liverpool-sadio-mane-expected-goals-19932676
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/privacy-notice/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/rss-feeds/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/rules/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/schedule/
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154
Source: scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/search/
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	String found in binary or memory: https://www.liverpool.com/terms-conditions/

Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729

Source: scan_doc.exe, 00000000.00000002.745225967.00000000006AA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: scan_doc.exe

Source: C:\Users\user\Desktop\scan_doc.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800

Source: scan_doc.exe, 00000000.00000002.745594560.0000000002390000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dllj% vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.745225967.00000000006AA000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.757528075.0000000006500000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000000.639703786.0000000000016000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamebadenberg.exe4 vs scan_doc.exe
Source: scan_doc.exe, 00000000.00000002.749073972.0000000004980000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs scan_doc.exe
Source: scan_doc.exe	Binary or memory string: OriginalFilenamebadenberg.exe4 vs scan_doc.exe

Source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp

Binary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb][P

Source: classification engine

Classification label: mal56.winEXE@2/5@2/2

Source: C:\Users\user\Desktop\scan_doc.exe

File created: C:\Users\user\WqRbEwRhIiboqTZtUQoyfj

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess496

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D3F.tmp

Jump to behavior

Source: scan_doc.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\scan_doc.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: scan_doc.exe	Virustotal: Detection: 26%
Source: scan_doc.exe	ReversingLabs: Detection: 29%

Source: C:\Users\user\Desktop\scan_doc.exe

File read: C:\Users\user\Desktop\scan_doc.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\scan_doc.exe 'C:\Users\user\Desktop\scan_doc.exe'
Source: C:\Users\user\Desktop\scan_doc.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800

Source: C:\Users\user\Desktop\scan_doc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: scan_doc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: scan_doc.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: rsaenh.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb( source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: bcrypt.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: onfiguration.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb][P source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: mskeyprotect.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: profapi.pdb4 source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: winnsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: .ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: clr.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: cryptsp.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: scan_doc.PDBDjP0 source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: System.Configuration.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: schannel.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: urlmon.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdbN source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.Xml.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: i.pdb source: WerFault.exe, 00000004.00000003.662722639.0000000005566000.00000004.00000001.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdber source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: urlmon.pdbc: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: mscoree.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: cryptsp.pdb. source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: ws2_32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: jC:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: dnsapi.pdb;=a source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdbl source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdbZ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: iphlpapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: nsi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: powrprof.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.Configuration.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: ole32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: ws2_32.pdb]: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: iertutil.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdberwW source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: rasapi32.pdbH source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: msasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: wimm32.pdbf source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb~ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: iVisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: msasn1.pdb5={ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDSO* source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: psapi.pdbx source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: ncrypt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: secur32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: rasadhlp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: ml.ni.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: wwin32u.pdbT source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdbRSDSD source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: dhcpcsvc.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: diasymreader.pdb_ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: t.VisualBasic.pdb{{ source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: ml.ni.pdb" source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: mscorlib.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: mscoreei.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: ncrypt.pdbK: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rsaenh.pdbr source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: t.VisualBasic.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp
Source:	Binary string: msvcp_win.pdb~ source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Core.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: System.Core.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: shell32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: .pdb# source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: nsi.pdb{ source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: dnsapi.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rasapi32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: iLC:\Windows\Microsoft.VisualBasic.pdb source: scan_doc.exe, 00000000.00000002.744425776.00000000001A8000.00000004.00000010.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdbT source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: diasymreader.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: winhttp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: ntasn1.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.ni.pdb% source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdbT3 source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: System.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: powrprof.pdb" source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: rtutils.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbL/3 source: scan_doc.exe, 00000000.00000002.745415089.0000000000775000.00000004.00000020.sdmp
Source:	Binary string: oleaut32.pdb` source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: WLDP.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: fwpuclnt.pdbo: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: \??\C:\Users\user\Desktop\scan_doc.PDB source: scan_doc.exe, 00000000.00000002.745331806.0000000000728000.00000004.00000020.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: rtutils.pdbW: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: clrjit.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdbX source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rasman.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: ncryptsslp.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: wmswsock.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: version.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: onfiguration.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source:	Binary string: wintrust.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: ore.ni.pdb source: WerFault.exe, 00000004.00000003.662663559.0000000005521000.00000004.00000040.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000004.00000003.662856079.0000000005520000.00000004.00000040.sdmp
Source:	Binary string: psapi.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: fwpuclnt.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 00000004.00000003.662702699.0000000005551000.00000004.00000001.sdmp
Source:	Binary string: System.Core.pdbx source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp
Source:	Binary string: wkernelbase.pdb( source: WerFault.exe, 00000004.00000003.654755390.0000000001019000.00000004.00000001.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: mscoreei.pdb source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: System.Core.pdb source: WerFault.exe, 00000004.00000003.662731307.000000000553B000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: combase.pdbk source: WerFault.exe, 00000004.00000003.662810002.0000000005527000.00000004.00000040.sdmp
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: dhcpcsvc6.pdbi: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: rasadhlp.pdbE: source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdbk source: WerFault.exe, 00000004.00000003.662626068.0000000005522000.00000004.00000040.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 00000004.00000003.662692083.000000000552A000.00000004.00000040.sdmp
Source:	Binary string: System.Xml.pdbD source: WER4D3F.tmp.dmp.4.dr
Source:	Binary string: System.ni.pdb source: WerFault.exe, 00000004.00000002.743654438.0000000005840000.00000004.00000001.sdmp, WER4D3F.tmp.dmp.4.dr
Source:	Binary string: crypt32.pdb source: WerFault.exe, 00000004.00000003.662611711.000000000552E000.00000004.00000040.sdmp

Source: scan_doc.exe

Static PE information: 0xDCE3B2C8 [Sun Jun 8 11:26:00 2087 UTC]

Source: C:\Windows\SysWOW64\WerFault.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: WerFault.exe, 00000004.00000002.741703056.0000000005069000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: scan_doc.exe, 00000000.00000002.745259375.00000000006DF000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: scan_doc.exe, 00000000.00000002.748893223.0000000004810000.00000002.00000001.sdmp, WerFault.exe, 00000004.00000002.741870836.0000000005290000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\scan_doc.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe	Queries volume information: C:\Users\user\Desktop\scan_doc.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\scan_doc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\scan_doc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	Input Capture1	Query Registry1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection1	NTDS	Remote System Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Timestomp1	LSA Secrets	System Information Discovery12	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
scan_doc.exe	26%	Virustotal		Browse
scan_doc.exe	29%	ReversingLabs	Win32.Trojan.Generic
scan_doc.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bornforthis.ml	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	0%	URL Reputation	safe
https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358	0%	Avira URL Cloud	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://www.liverpool.com/all-about/premier-league	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	0%	URL Reputation	safe
https://reachplc.hub.loginradius.com"	0%	Avira URL Cloud	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	0%	URL Reputation	safe
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bornforthis.ml	104.21.17.57	true	false	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358	scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://c.amazon-adsystem.com/aax2/apstag.js	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/premier-league	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://schema.org/ImageObject	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/liverpool-fc-news/	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	scan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmp, WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://reachplc.hub.loginradius.com"	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://s2-prod.liverpool.com	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/contact-us/	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://felix.data.tm-awx.com/felix.min.js	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/corrections-clarifications/	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/ozan-kabak	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://s2-prod.mirror.co.uk/	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/privacy-notice/	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/champions-league	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/curtis-user	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/terms-conditions/	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.liverpool.com/all-about/steven-gerrard	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://bornforthis.ml	scan_doc.exe, 00000000.00000002.745620202.00000000023B1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schema.org/NewsArticle	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/schedule/	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schema.org/BreadcrumbList	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false		high
https://securepubads.g.doubleclick.net/tag/js/gpt.js	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false		high
https://www.liverpool.com	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://s2-prod.liverpool.com/	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://felix.data.tm-awx.com/ampconfig.json"	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://bornforthis.ml41k	scan_doc.exe, 00000000.00000002.745649271.00000000023E5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20	WerFault.exe, 00000004.00000003.660974058.00000000058D0000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schema.org/ListItem	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false		high
https://www.liverpool.com/all-about/georginio-wijnaldum	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://mab.data.tm-awx.com/rhs"	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://felix.data.tm-awx.com	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/all-about/andrew-robertson	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp, scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.liverpool.com/cookie-policy/	scan_doc.exe, 00000000.00000002.745712918.0000000002413000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.liverpool.com/all-about/transfers	scan_doc.exe, 00000000.00000003.643965706.00000000033DA000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.17.57	bornforthis.ml	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	385475
Start date:	12.04.2021
Start time:	15:17:17
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	scan_doc.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.winEXE@2/5@2/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 100% (good quality ratio 1.1%) Quality average: 1.2% Quality standard deviation: 7.1%
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 52.147.198.201, 13.88.21.125, 13.64.90.137, 20.50.102.62, 92.122.213.194, 92.122.213.247, 40.88.32.150, 52.155.217.156, 20.54.26.129, 205.185.216.42, 205.185.216.10, 104.42.151.234 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:18:48	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.21.17.57	KHAWATMI CO.IMPORT & EXPORT_PDF.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-7E01452C0469561541C13E621DA21CFA.html
	ieuHgdpuPo.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-B86F8FF0FC5B4DFA84D548466676F331.html
	Payment Slip.doc	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9B8523D461F26385D631D5F620BB8B2E.html
	Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-563A37589B0D2B59C10374B2A5702724.html
	BL2659618800638119374.xls.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-411168C7CB32589BC9FA46F44C581051.html
	Re Confirm#U00ffthe invoice#U00ffthe payment slip.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A354FBFCCC9BAC28AE0C0FFC172C1EF9.html
	GQ5JvPEI6c.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-9B8523D461F26385D631D5F620BB8B2E.html
	COMMERCIAL INVOICE N#U00c2#U00ba 0001792E21.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-217C604161C10233520053A33E0A764C.html
	MINUSCA P01-21.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-A39FCD8B5C8720A97DC432DDA40A393E.html
	P195 NOVO Cinema#2021.exe	Get hash	malicious	Browse	bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5573265BC294D44B8ECD9F019E83F237.html

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
bornforthis.ml	INV_0008434567987.doc	Get hash	malicious	Browse	172.67.222.176
	KHAWATMI CO.IMPORT & EXPORT_PDF.exe	Get hash	malicious	Browse	104.21.17.57
	ieuHgdpuPo.exe	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_0420198202_326828_4985792583130360_300690_8122300886764676459_5190713730838_pdf.exe	Get hash	malicious	Browse	172.67.222.176
	Payment Slip.doc	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exe	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_07223243630_5643594_539661009070075_49874359_5059639084170590400_7272781644_pdf.exe	Get hash	malicious	Browse	172.67.222.176
	BL2659618800638119374.xls.exe	Get hash	malicious	Browse	104.21.17.57
	Purchase order and quote confirmation.exe	Get hash	malicious	Browse	172.67.222.176
	Re Confirm#U00ffthe invoice#U00ffthe payment slip.exe	Get hash	malicious	Browse	104.21.17.57
	GQ5JvPEI6c.exe	Get hash	malicious	Browse	104.21.17.57
	COMMERCIAL INVOICE N#U00c2#U00ba 0001792E21.exe	Get hash	malicious	Browse	104.21.17.57
	9479_pdf.exe	Get hash	malicious	Browse	172.67.222.176
	MINUSCA P01-21.exe	Get hash	malicious	Browse	104.21.17.57
	2EGv1FEjOU.exe	Get hash	malicious	Browse	172.67.222.176
	P195 NOVO Cinema#2021.exe	Get hash	malicious	Browse	104.21.17.57

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	March Financial Reports & Statements.html	Get hash	malicious	Browse	172.67.141.111
	V3kT2daGkz.exe	Get hash	malicious	Browse	104.16.19.94
	SecuriteInfo.com.Trojan.GenericKD.45979987.7892.exe	Get hash	malicious	Browse	172.67.197.219
	Bank Details.xlsx	Get hash	malicious	Browse	104.21.71.76
	RFQ No A'4762QHTECHNICAL DETAILS.exe	Get hash	malicious	Browse	172.67.188.154
	Rechung-2021.12.04.2021.pdf.exe	Get hash	malicious	Browse	162.159.130.233
	INV_0008434567987.doc	Get hash	malicious	Browse	172.67.222.176
	mfalomirm@gentalia.eu.HTM	Get hash	malicious	Browse	104.19.133.58
	KHAWATMI CO.IMPORT & EXPORT_PDF.exe	Get hash	malicious	Browse	104.21.17.57
	YNzE2QUkvaTK7kd.exe	Get hash	malicious	Browse	172.67.148.14
	NdBLyH2h5d.exe	Get hash	malicious	Browse	23.227.38.74
	s6G3ZtvHZg.exe	Get hash	malicious	Browse	172.67.130.43
	4oItdZkNOZ.exe	Get hash	malicious	Browse	23.227.38.74
	ieuHgdpuPo.exe	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_0420198202_326828_4985792583130360_300690_8122300886764676459_5190713730838_pdf.exe	Get hash	malicious	Browse	172.67.222.176
	Payment Slip.doc	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exe	Get hash	malicious	Browse	104.21.17.57
	INQUIRY 1820521 pdf.exe	Get hash	malicious	Browse	104.21.82.58
	PaymentCopy.vbs	Get hash	malicious	Browse	172.67.222.131
	PAYMENT COPY.exe	Get hash	malicious	Browse	104.21.28.135

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	RFQ No A'4762QHTECHNICAL DETAILS.exe	Get hash	malicious	Browse	104.21.17.57
	Rechung-2021.12.04.2021.pdf.exe	Get hash	malicious	Browse	104.21.17.57
	KHAWATMI CO.IMPORT & EXPORT_PDF.exe	Get hash	malicious	Browse	104.21.17.57
	ieuHgdpuPo.exe	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_0420198202_326828_4985792583130360_300690_8122300886764676459_5190713730838_pdf.exe	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_0291662728_7023446_452487041454723_016698_5192136884256735776_2301761820735_pdf.exe	Get hash	malicious	Browse	104.21.17.57
	Cobro Juridico_07223243630_5643594_539661009070075_49874359_5059639084170590400_7272781644_pdf.exe	Get hash	malicious	Browse	104.21.17.57
	BL2659618800638119374.xls.exe	Get hash	malicious	Browse	104.21.17.57
	Purchase order and quote confirmation.exe	Get hash	malicious	Browse	104.21.17.57
	Confirm Order for SK TRIMS & INDUSTRIES_DK4571,pdf.exe	Get hash	malicious	Browse	104.21.17.57
	Re Confirm#U00ffthe invoice#U00ffthe payment slip.exe	Get hash	malicious	Browse	104.21.17.57
	SOA.exe	Get hash	malicious	Browse	104.21.17.57
	RFQ No A'4762GHTECHNICAL DETAILS.exe	Get hash	malicious	Browse	104.21.17.57
	GQ5JvPEI6c.exe	Get hash	malicious	Browse	104.21.17.57
	JSTCG21040600210 xlxs.exe	Get hash	malicious	Browse	104.21.17.57
	PAYMENT RECEIPT.exe	Get hash	malicious	Browse	104.21.17.57
	COMMERCIAL INVOICE N#U00c2#U00ba 0001792E21.exe	Get hash	malicious	Browse	104.21.17.57
	9479_pdf.exe	Get hash	malicious	Browse	104.21.17.57
	fyi.exe	Get hash	malicious	Browse	104.21.17.57
	MINUSCA P01-21.exe	Get hash	malicious	Browse	104.21.17.57

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_scan_doc.exe_7f6cbb862bf213b5a645f615b3146ad992fef2_a4c72f23_1717e2d8\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	15502
Entropy (8bit):	3.757460873141975
Encrypted:	false
SSDEEP:	192:zi6LhikSHBUZMX6aKsUAeZJ/u7sHS274ItQz:++hiJBUZMX6almJ/u7sHX4ItQz
MD5:	00945C0CD5E7E6AEABE10267E229ED71
SHA1:	B6C81FE02D87728CE19DDA61A9D329063F734F26
SHA-256:	99C520250B83E5B12FC35598A713752379E6BEB00FB8EE28952A15273248FA43
SHA-512:	76F8FF2A55FE62E93A2C24DDE0928D741D7366347805A7E18CF0CEF921E7841607A989C00B92BE684C3A6A034C5420038B78C52200F4D69291A386DEF3924B78
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.2.7.0.7.0.9.0.1.1.0.5.6.6.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.2.7.0.7.0.9.5.7.5.1.1.7.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.9.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.8.c.3.9.1.4.-.7.6.8.a.-.4.6.5.b.-.9.2.1.e.-.0.2.2.6.7.1.8.3.6.3.9.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.f.6.8.9.d.6.-.0.8.0.5.-.4.1.0.3.-.8.c.4.4.-.3.c.5.a.6.2.9.3.e.4.6.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.c.a.n._.d.o.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.b.a.d.e.n.b.e.r.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.f.0.-.0.0.0.1.-.0.0.1.b.-.b.c.2.1.-.b.8.4.3.9.e.2.f.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.c.a.c.6.6.c.0.6.8.3.e.a.6.d.0.3.a.5.6.9.d.0.4.f.0.a.e.9.d.a.e.0.0.0.0.0.0.0.0.!.0.0.0.0.4.0.a.1.b.8.8.e.9.4.c.9.2.6.8.e.7.1.2.0.e.4.8.c.c.0.b.6.4.f.6.b.2.0.7.7.9.a.2.4.!.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D3F.tmp.dmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Mon Apr 12 13:18:12 2021, 0x1205a4 type
Category:	dropped
Size (bytes):	269057
Entropy (8bit):	3.7887465108160403
Encrypted:	false
SSDEEP:	3072:ljd+p/XyA+7KI9gIOgF5T07TUCgU/HI+Q7o61KjUkA0WH4:6p/aKI9RpDTWTTjQ3jJ0E4
MD5:	F1C173D8C13B19C28814E0B5EFECE894
SHA1:	9E369D9C9037C56CDEE8C59126F5BB3FA2A5A6A7
SHA-256:	F79FC4695B1A699A7281F2F7B0C90ED34879126EB30B1186C7C52D74669F6038
SHA-512:	CCF8869FD7AEA440728EBC02E56C30BB58E6BCB541D6A242730FDF8CD8CAA0815920A4B3F9511B50416B010059A6072F1D04F445B2DA83ED3C571B272E6E0882
Malicious:	false
Reputation:	low
Preview:	MDMP....... ........Ht`...................U...........B.......+......GenuineIntelW...........T............Ht`.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER57FE.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8388
Entropy (8bit):	3.691392657666039
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiC86K6Yr4SU8LlNgmfZHS2+pry89b9Wsfcfm:RrlsNiB6K6Y0SU8LfgmfZSh91fp
MD5:	7D336EAC90103B0A60C979B6B1005DEA
SHA1:	5E09033CB8141B3D4C7EE756047F287EA67DBB81
SHA-256:	B10ED05DF89CB86042726D3FAA95AE3455452239BA487C3A6601B75366C64EED
SHA-512:	5DE6DBF2B666883136053EC7A9E1B19FE39BF87A3E4DA936029735B3D142661D91C3340BAE510BF21037C3179B563C667A9FF4ED9C89E8325587939A594239CA
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.6.<./.P.i.d.>.........

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A80.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4737
Entropy (8bit):	4.44049776208093
Encrypted:	false
SSDEEP:	48:cvIwSD8zsvJgtWI9h3VWSC8B+8fm8M4JKh+sFD+q8vC+YuxMzx9DGd:uITfRe3kSNxJAKMuSN9DGd
MD5:	8D38F911788CF43996D8835020530AB3
SHA1:	4EF73ABF33E08AD20F876355179E6DC0FBDC5DAC
SHA-256:	7DF41BA5CEDC453D966A46AB8A67E06FCA30A92C37F870520248D3E7FF09105E
SHA-512:	5CC86F886650F9BA073B59041AD50589B2F6D007E12599A51B42E2AB81C5CE06D495C8C50A061D8881A98509A89FB92A2884DB9DF12315BDEE95951028DF03CB
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="943108" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\WqRbEwRhIiboqTZtUQoyfj Download File
Process:	C:\Users\user\Desktop\scan_doc.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1023400
Entropy (8bit):	3.095278840820652
Encrypted:	false
SSDEEP:	12288:XoHiWE0og/v1K/jmNeaFPq0+cggwLU4BCPyniAkfrayCI0vCmw7cXX6V/fhkTKvn:YHEgk6FK1kkANj+8IRFn0B
MD5:	94A7CAB58BBE8E975C78D9F323E751F1
SHA1:	A6B3E2A742329BF6FBD3D950DD832E0D2E6D0809
SHA-256:	47E46FD290331253830A51638BA70FBB9395985CF8BD905B1D0F0E04D7E9ACD5
SHA-512:	E88D4DF49D0382CF4E1D64214EE0DB3520BA4BE694D9CCAB6CF06F1643E318C3A23F9DB83EBA32F18B86827B7FB5FA8A5EFBFEA949DEC3D01E9DB27829D96204
Malicious:	false
Reputation:	low
Preview:	77 90 144 0 3 0 0 0 4 0 0 0 255 255 0 0 184 0 0 0 0 0 0 0 64 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 128 0 0 0 14 31 186 14 0 180 9 205 33 184 1 76 205 33 84 104 105 115 32 112 114 111 103 114 97 109 32 99 97 110 110 111 116 32 98 101 32 114 117 110 32 105 110 32 68 79 83 32 109 111 100 101 46 13 13 10 36 0 0 0 0 0 0 0 80 69 0 0 76 1 3 0 76 142 41 180 0 0 0 0 0 0 0 0 224 0 34 0 11 1 80 0 0 14 5 0 0 6 0 0 0 0 0 0 158 44 5 0 0 32 0 0 0 64 5 0 0 0 0 128 0 32 0 0 0 2 0 0 4 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 128 5 0 0 2 0 0 0 0 0 0 2 0 64 133 0 0 16 0 0 16 0 0 0 0 16 0 0 16 0 0 0 0 0 0 16 0 0 0 0 0 0 0 0 0 0 0 68 44 5 0 87 0 0 0 0 64 5 0 212 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 96 5 0 12 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 32 0 0 8 0 0 0 0 0 0 0 0 0 0 0 8 32 0 0 72 0 0 0 0 0 0 0 0 0 0 0 46 116 101 120 116 0 0 0 164 12 5 0 0 32 0 0 0 14 5 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 32 0 0 96 46 114 115 11

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.0724450501210985
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	scan_doc.exe
File size:	14848
MD5:	a01c6a3db8e862ab85386b6700e941bb
SHA1:	40a1b88e94c9268e7120e48cc0b64f6b20779a24
SHA256:	29859bac1ca73683bf6c9ff17a91d249d0fa9ecb18b6b03ef03cf17545fad2be
SHA512:	6ecf3d22560c660a397c40f919ec69af4fb74a4b30fbcdce06e6cf23c57fc80a98d6023dba0c3a90331898e4bb7b19a4285ffc086f33bb6225178fe1b317a99d
SSDEEP:	384:M87FybegpzmEDTO4jCCNWiElvkr/sV3D0FX0XRno5J:M8pjgxNMZ9SkBnw
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..0...........N... ...`....@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x404e9e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0xDCE3B2C8 [Sun Jun 8 11:26:00 2087 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4e44	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x5a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2ea4	0x3000	False	0.625162760417	data	6.44315164568	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x6000	0x5a8	0x600	False	0.414713541667	data	4.05648932077	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8000	0xc	0x200	False	0.044921875	data	0.0815394123432	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x60a0	0x31c	data
RT_MANIFEST	0x63bc	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2021
Assembly Version	1.0.0.0
InternalName	badenberg.exe
FileVersion	1.0.0.0
CompanyName
LegalTrademarks
Comments
ProductName	badenberg
ProductVersion	1.0.0.0
FileDescription	badenberg
OriginalFilename	badenberg.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 12, 2021 15:18:02.994107008 CEST	49728	80	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.035154104 CEST	80	49728	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.035382986 CEST	49728	80	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.036384106 CEST	49728	80	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.077194929 CEST	80	49728	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.089163065 CEST	80	49728	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.136288881 CEST	49728	80	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.179992914 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.221195936 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.221438885 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.260107040 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.301035881 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.306374073 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.306427002 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.306530952 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.312634945 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.353512049 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.353753090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.418001890 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.458873034 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.637876034 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.637907982 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.637939930 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.637965918 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.638004065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.638041973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.638084888 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.638098001 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.638137102 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.638149023 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.638189077 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.638237000 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.638814926 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.683130980 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.798628092 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.798666000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.798857927 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.798901081 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.798943043 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.799029112 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.799316883 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.799367905 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.799498081 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.801959991 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.802022934 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.802216053 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.803157091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.803211927 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.803251982 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.803289890 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.803339005 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.803399086 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.803402901 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.803493023 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.804120064 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.804167032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.804260015 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.805100918 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.805154085 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.805236101 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.808427095 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.808482885 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.808522940 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.808561087 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.808579922 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.808602095 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.808635950 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.808653116 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.808722973 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.809468985 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.809528112 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.809654951 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.810226917 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.810252905 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.810337067 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.811381102 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.811408043 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.811490059 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.812110901 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.812138081 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.812259912 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.813270092 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.813299894 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.813393116 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.814256907 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.814284086 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.814368010 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.814636946 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.814661980 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.814733982 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.839907885 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.839936972 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.840059996 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.840230942 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.840368032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.840440989 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.841684103 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.841711044 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.841773033 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.843086004 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.843115091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.843205929 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.843940020 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.844065905 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.844135046 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.844410896 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.844562054 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.844626904 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.845423937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.845444918 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.845523119 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.849028111 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849149942 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849220037 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.849306107 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849323988 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849344015 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849361897 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849376917 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.849415064 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.849797010 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849818945 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.849883080 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.850604057 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.850630045 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.850704908 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.851128101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.851288080 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.851351023 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.853765965 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.853791952 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.853884935 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.854758024 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.854784966 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.854866028 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.854890108 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.854908943 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.855119944 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.855526924 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.855549097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.855635881 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.856486082 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.856508970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.856573105 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.857441902 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.857465982 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.857564926 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.858074903 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.858225107 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.858283997 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.859345913 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.859369040 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.859437943 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.859750032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.859924078 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.859985113 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.861393929 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.861418962 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.861501932 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.861663103 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.861783981 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.861835003 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.882415056 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.882447958 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.882463932 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.882482052 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.882596016 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.882637024 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.882837057 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.882855892 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.882910967 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.884382010 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.884402037 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.884512901 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.885009050 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.885029078 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.885107040 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.885118961 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.885135889 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.885183096 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.886029959 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.886169910 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.886249065 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.890306950 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.890332937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.890415907 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.890646935 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.890666962 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.890731096 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.891426086 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.891448975 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.891519070 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.891927004 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.891948938 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.892015934 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.892502069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.892597914 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.892688990 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.893198967 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.893292904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.893347979 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.894551992 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.894632101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.894695044 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.895545959 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.895571947 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.895642996 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.895881891 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.895991087 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.896054029 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.896661997 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.896759987 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.896821022 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.897342920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.897447109 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.897510052 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.898089886 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.898185015 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.898266077 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.898814917 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.898914099 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.898994923 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.899964094 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.900058031 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.900130033 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.900511980 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.900532961 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.900599957 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.902067900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.902092934 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.902199984 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.902390957 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.902420998 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.902477026 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.923666000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.923695087 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.923707008 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.923903942 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.924031973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.924050093 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.924065113 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.924138069 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.925918102 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.925944090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.925961018 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.926065922 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.926090002 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.926109076 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.926126003 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.926213980 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.926284075 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.932980061 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933007002 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933018923 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933029890 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933047056 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933063030 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933079004 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933116913 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933235884 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.933645010 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933665991 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933679104 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.933768988 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.934417009 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.934464931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.934484005 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.934526920 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.934602976 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.936661005 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.936705112 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.936722040 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.936842918 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.937024117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.937041044 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.937083960 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.937119007 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.937169075 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.938317060 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.938339949 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.938359976 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.938456059 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.938457966 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.938510895 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.938524008 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.938539028 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.938606024 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.939377069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.939410925 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.939428091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.939555883 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.940252066 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.940304995 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.940323114 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.940363884 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.940483093 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.941137075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.941190958 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.941206932 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.941308022 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.942038059 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.942081928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.942100048 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.942162991 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.942230940 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.942908049 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.942966938 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.942986012 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.943038940 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.943816900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.943856001 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.943872929 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.943908930 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.943969965 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.944720984 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.944760084 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.944776058 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.944896936 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.945600986 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.945625067 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.945642948 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.945703030 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.945761919 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.946480036 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.946501970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.946532011 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.946638107 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.947388887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.947411060 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.947423935 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.947529078 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.947592020 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.948266983 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.948287964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.948299885 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.948400021 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.949198961 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.949223042 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.949235916 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.949348927 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.964598894 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.964629889 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.964643002 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.964809895 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.964924097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.964958906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.964984894 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.965044975 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.965099096 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.966643095 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.966703892 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.966737032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.966847897 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.967080116 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.967114925 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.967158079 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.967179060 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.967241049 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.973820925 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.973860025 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.973872900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.974181890 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.974226952 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.974250078 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.974266052 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.974347115 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.975120068 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.975145102 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.975159883 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.975249052 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.976030111 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.976052999 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.976069927 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.976131916 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.976231098 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.976897001 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.976918936 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.976938963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.977025032 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.977794886 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.977818012 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.977847099 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.977915049 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.977968931 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.978723049 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.978745937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.978761911 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.978843927 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.979576111 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.979597092 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.979621887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.979732037 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.980454922 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.980475903 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.980492115 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.980566025 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.981323004 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.981342077 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.981355906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.981458902 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.982151985 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.982167006 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.982178926 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.982259989 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.982964993 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.982981920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.982995987 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.983058929 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.983114004 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.983753920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.983769894 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.983787060 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.983866930 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.984553099 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.984575033 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.984586954 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.984687090 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.985341072 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.985362053 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.985378981 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.985464096 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.986124039 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.986141920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.986156940 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.986208916 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.986301899 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.986898899 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.986920118 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.986943960 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.987003088 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.987628937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.987646103 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.987657070 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.987745047 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.988384962 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.988401890 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.988414049 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.988475084 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.989115953 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989137888 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989155054 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989214897 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.989315987 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.989840984 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989860058 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989871979 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989883900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.989990950 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.990837097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.990855932 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.990880966 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.990955114 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.991460085 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.991482973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.991503000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.991523981 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.991559029 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.991647959 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.992396116 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.992417097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.992438078 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.992458105 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.992505074 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.993284941 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.993304968 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.993324995 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.993345976 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.993375063 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.993472099 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.994162083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.994184017 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.994203091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.994224072 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.994271994 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.995044947 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.995065928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.995080948 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.995095968 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.995179892 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.995955944 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.995979071 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.995997906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.996020079 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.996061087 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.996124029 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.996819019 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.996843100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.996864080 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.996887922 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.996941090 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.997046947 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.997699022 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.997725010 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.997746944 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.997766972 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.997797012 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.997874975 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.998594046 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.998615026 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.998644114 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.998665094 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.998693943 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.998764038 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.999505997 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.999598026 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.999687910 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.999710083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.999730110 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.999753952 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:03.999784946 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:03.999878883 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.000698090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.000731945 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.000761032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.000787020 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.000864983 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.000952005 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.001493931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.001522064 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.001548052 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.001576900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.001591921 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.001682043 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.002374887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.002403975 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.002430916 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.002458096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.002531052 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.002616882 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.003277063 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.003305912 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.003334045 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.003360987 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.003400087 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.003494978 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.004164934 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.004201889 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.004229069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.004256964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.004281998 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.004381895 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.005055904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.005081892 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.005114079 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.005145073 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.005183935 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.005240917 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.005932093 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006006956 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006036043 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006062031 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006097078 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.006176949 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.006814957 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006841898 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006875038 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006903887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.006921053 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.006983042 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.007704973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.007734060 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.007761955 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.007785082 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.008025885 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.008519888 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.008548975 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.008574963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.008603096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.008630991 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.008718967 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.008789062 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.014889002 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.014951944 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015028954 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015075922 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.015083075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015120029 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015177965 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.015275002 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.015325069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015360117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015393019 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015424013 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015445948 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.015463114 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.015518904 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.016712904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.016745090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.016784906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.016812086 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.016822100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.016858101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.016872883 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.016973019 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.018485069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.018522978 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.018553972 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.018587112 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.018619061 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.018651009 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.018774986 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.019409895 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.019444942 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.019478083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.019507885 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.019510031 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.019550085 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.019603014 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.019716024 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.021157980 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.021198034 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.021245003 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.021281004 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.021287918 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.021326065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.021397114 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.022840977 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.022880077 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.022918940 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.022959948 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.022979975 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.022996902 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.023042917 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.023118019 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.023655891 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.023700953 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.023739100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.023777008 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.023797035 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.023818016 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.023854971 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.024257898 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024298906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024338007 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024348974 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.024405003 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.024843931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024883986 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024931908 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024975061 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.024981022 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.025012970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.025057077 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.025806904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.025855064 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.025897980 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.025909901 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.025935888 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.025965929 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.025974989 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.026058912 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.026752949 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.026794910 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.026833057 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.026874065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.026911974 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.026930094 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.026998043 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.027755022 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.027797937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.027837992 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.027868032 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.027875900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.027915955 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.027968884 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.028070927 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.028661013 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.028702974 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.028742075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.028779984 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.028820992 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.028827906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.028935909 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.029642105 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.029683113 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.029721022 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.029756069 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.029759884 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.029807091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.029850006 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.029948950 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.030575037 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.030616045 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.030657053 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.030695915 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.030704021 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.030742884 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.030803919 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.031491995 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.031542063 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.031584024 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.031584978 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.031621933 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.031661987 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.031663895 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.031769037 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.032407045 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.032449961 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.032488108 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.032526970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.032547951 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.032565117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.032646894 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.033304930 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033350945 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033422947 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033431053 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.033509970 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.033818960 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033862114 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033900976 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033937931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.033956051 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.033977032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.034001112 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.034740925 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.034790993 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.034832001 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.034832001 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.034869909 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.034909964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.034912109 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.034990072 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.035604954 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.035650015 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.035686970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.035726070 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.035764933 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.035765886 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.035846949 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.036489964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.036533117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.036572933 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.036604881 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.036609888 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.036649942 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.036653042 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.036755085 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.037362099 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.037429094 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.037471056 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.037513971 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.037522078 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.037564993 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.037600994 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.038177013 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.038217068 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.038264990 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.038264990 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.038306952 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.038345098 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.038357019 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.038439989 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.038973093 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.039015055 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.039055109 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.039093018 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.039132118 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.039134026 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.039169073 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.039232016 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.039282084 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.039961100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040009975 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040051937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040088892 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040095091 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.040142059 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040178061 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040209055 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.040288925 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.040931940 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.040970087 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041006088 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041040897 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041075945 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041093111 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.041119099 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041182041 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.041234970 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.041835070 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041872025 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041909933 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041944981 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.041971922 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.041977882 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.042013884 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.042016029 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.042119026 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.042711973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.042748928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.042793036 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.042833090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.042877913 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.042958975 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.043302059 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.043339014 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.043381929 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.043420076 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.043426037 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.043453932 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.043490887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.043503046 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.043593884 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.044177055 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.044215918 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.044250965 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.044286966 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.044322968 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.044347048 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.044367075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.044414997 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.044481039 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.045053959 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045090914 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045126915 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045161963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045196056 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045202017 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.045229912 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045284986 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.045341969 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.045926094 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045963049 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.045999050 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046035051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046053886 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.046068907 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046104908 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046107054 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.046200991 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.046761036 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046797991 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046840906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046880007 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046884060 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.046914101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046950102 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046984911 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.046993017 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.047084093 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.047717094 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047753096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047790051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047811031 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.047825098 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047871113 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047889948 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.047909021 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047944069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.047976971 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.048048019 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.048666000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048705101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048739910 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048774958 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048788071 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.048810959 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048835039 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.048855066 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048893929 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.048984051 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.049622059 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049659014 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049702883 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049715996 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.049741983 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049778938 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.049781084 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049815893 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049850941 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.049863100 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.049952030 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.050553083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050585032 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050612926 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050648928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050678968 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050693035 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.050709009 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050738096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.050775051 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.050831079 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.051255941 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051294088 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051325083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051337004 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.051352024 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051382065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051389933 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.051410913 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051438093 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051470041 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.051506996 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.051928997 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051964045 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.051994085 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052040100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052063942 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052093983 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052124023 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052153111 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052176952 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.052187920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052220106 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052330017 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.052913904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.052946091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053040028 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.053551912 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053584099 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053613901 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053642988 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053658009 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.053672075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053699970 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.053700924 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053724051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053751945 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053781986 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.053829908 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.053880930 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053910017 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053940058 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053956985 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.053968906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.053997040 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054023981 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.054024935 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054054022 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054078102 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.054088116 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054119110 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054140091 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.054147959 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054193020 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.054821014 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054858923 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054888964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054914951 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.054917097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054945946 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054974079 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.054975033 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055001020 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055027008 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055030107 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055058002 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055083036 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055092096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055145025 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055782080 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055813074 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055843115 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055870056 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055871964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055907011 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055919886 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055938959 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055969000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.055988073 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.055999041 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.056051970 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058203936 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058234930 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058269978 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058293104 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058300018 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058329105 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058345079 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058357000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058384895 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058402061 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058412075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058439970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058455944 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058465004 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058510065 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058671951 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058703899 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058732986 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058751106 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058762074 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058792114 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058801889 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058825970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058856964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058871031 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058886051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058914900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058927059 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.058943033 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058970928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.058984995 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.059581041 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059611082 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059647083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059648037 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.059675932 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059704065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059705973 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.059731007 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059758902 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059760094 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.059792995 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059808016 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.059824944 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059853077 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.059871912 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.060467005 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060492039 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060517073 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060523987 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.060547113 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060574055 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.060575008 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060597897 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060622931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060647964 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060651064 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.060671091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060671091 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.060695887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.060719967 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.061573029 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061599016 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061618090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061645985 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061676979 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061676979 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.061702967 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061716080 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.061728001 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061747074 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.061748028 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061773062 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061784983 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.061798096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.061831951 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.062365055 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062391043 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062452078 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.062557936 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062583923 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062611103 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062623024 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.062638044 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062661886 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062666893 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.062686920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062712908 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062726021 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.062741995 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.062762022 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.063299894 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063327074 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063353062 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063369989 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.063380003 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063404083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063421965 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.063429117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063453913 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063462019 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.063483953 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063510895 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063513041 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.063545942 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.063596010 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.064219952 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064246893 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064276934 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064291954 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.064296961 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064316988 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064336061 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064353943 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064374924 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064398050 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064424038 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.064698935 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.065166950 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065193892 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065217018 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065248013 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065274954 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065277100 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.065298080 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065321922 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065346003 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065368891 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065398932 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.065421104 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.065453053 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066088915 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066117048 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066143990 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066168070 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066171885 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066194057 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066209078 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066217899 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066246986 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066252947 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066274881 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066297054 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066853046 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066879988 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066905022 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066929102 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066932917 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066958904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.066971064 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.066987991 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067012072 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067019939 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.067037106 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067060947 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067069054 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.067084074 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067109108 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.067763090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067789078 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067815065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067842007 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067852974 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.067864895 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067889929 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067903042 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.067913055 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067941904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067946911 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.067967892 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067991972 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.067992926 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.068025112 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.068802118 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068830967 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068851948 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068876982 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068886995 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.068897963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068919897 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068922997 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.068945885 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068969011 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.068989038 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069010973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069027901 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069046974 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069070101 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069586039 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069611073 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069638014 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069655895 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069659948 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069681883 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069695950 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069706917 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069729090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069749117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069751978 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069771051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069785118 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.069791079 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.069839001 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.070477962 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070498943 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070524931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070544004 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.070549011 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070569992 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070593119 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070596933 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.070614100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070635080 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070652962 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.070657015 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070677996 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.070692062 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.070729017 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.071382046 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071398973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071417093 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071435928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071445942 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.071451902 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071470976 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071475029 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.071487904 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071510077 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071526051 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.071527958 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071544886 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.071568012 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.072273970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072294950 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072312117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072330952 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072348118 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.072349072 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072367907 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072386026 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072391033 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.072405100 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072426081 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072433949 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.072446108 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072463036 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.072465897 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.072494984 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.072527885 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.073281050 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073299885 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073316097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073333979 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073350906 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073363066 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.073369026 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073400974 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073409081 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.073826075 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073848963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073868990 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073887110 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073890924 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.073913097 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073932886 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073945045 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.073951006 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073968887 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073986053 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.073988914 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.074003935 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074021101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074054003 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.074098110 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.074784040 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074804068 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074822903 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074845076 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074863911 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074867964 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.074882030 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074901104 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074918985 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074919939 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.074935913 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074949026 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.074954033 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074973106 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.074985981 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.075020075 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.075753927 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075773954 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075794935 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075814962 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075831890 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075839043 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.075850010 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075869083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075886965 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075886965 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.075902939 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075922012 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075922966 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.075942039 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.075964928 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.075989008 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.076688051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076711893 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076731920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076749086 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076759100 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.076777935 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076797962 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076816082 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076833963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076837063 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.076848984 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076869965 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076877117 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.076889038 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.076916933 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.077656031 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077677011 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077693939 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077714920 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077730894 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077743053 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.077744961 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077764988 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077783108 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077789068 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.077800989 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077815056 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.077819109 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077836037 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.077852011 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.077904940 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.078560114 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078579903 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078597069 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078614950 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078634024 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078638077 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.078650951 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078681946 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078682899 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.078701973 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078710079 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.078722000 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078738928 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078757048 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.078772068 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.078815937 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.079490900 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079510927 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079528093 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079545975 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079566956 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079580069 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.079586029 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079603910 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079621077 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.079626083 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079643965 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079659939 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079677105 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.079684973 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.079735041 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.080403090 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080423117 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080439091 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080456972 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080468893 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.080483913 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080501080 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.080501080 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080538034 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080557108 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080560923 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.080573082 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080590963 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080605984 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.080606937 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.080631971 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081329107 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081348896 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081370115 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081401110 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081404924 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081459999 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081651926 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081672907 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081691027 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081707001 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081708908 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081749916 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081756115 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081782103 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081794977 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081814051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081831932 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081832886 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081850052 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081866980 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.081875086 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.081933975 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.082571030 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082591057 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082608938 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082632065 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082649946 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.082653046 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082672119 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082684994 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.082690954 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082710028 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082724094 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.082729101 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082746029 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082762957 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.082772017 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.082796097 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.083488941 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083508968 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083527088 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083544970 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083554029 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.083568096 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083586931 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083599091 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.083605051 CEST	443	49729	104.21.17.57	192.168.2.4
Apr 12, 2021 15:18:04.083628893 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:04.083667994 CEST	49729	443	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:57.418746948 CEST	49728	80	192.168.2.4	104.21.17.57
Apr 12, 2021 15:18:57.418850899 CEST	49729	443	192.168.2.4	104.21.17.57

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 12, 2021 15:17:55.462335110 CEST	58028	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:17:55.512383938 CEST	53	58028	8.8.8.8	192.168.2.4
Apr 12, 2021 15:17:56.260565042 CEST	53097	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:17:56.319855928 CEST	53	53097	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:00.738564968 CEST	49257	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:00.787394047 CEST	53	49257	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:02.896759987 CEST	62389	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:02.967135906 CEST	53	62389	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:03.107773066 CEST	49910	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:03.178096056 CEST	53	49910	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:16.752629995 CEST	55854	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:16.804238081 CEST	53	55854	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:20.697263956 CEST	64549	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:20.746068001 CEST	53	64549	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:21.771446943 CEST	63153	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:21.821866989 CEST	53	63153	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:22.982064009 CEST	52991	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:23.044863939 CEST	53	52991	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:24.665678978 CEST	53700	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:24.714654922 CEST	53	53700	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:29.143795967 CEST	51726	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:29.205219030 CEST	53	51726	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:33.796684027 CEST	56794	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:33.848850012 CEST	53	56794	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:34.871316910 CEST	56534	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:34.921916008 CEST	53	56534	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:36.472376108 CEST	56627	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:36.524621964 CEST	53	56627	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:43.981081009 CEST	56621	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:44.029949903 CEST	53	56621	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:44.450367928 CEST	63116	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:44.507607937 CEST	53	63116	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:45.090960026 CEST	64078	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:45.148017883 CEST	53	64078	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:45.727173090 CEST	64801	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:45.775980949 CEST	53	64801	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:45.801820040 CEST	61721	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:45.859163046 CEST	53	61721	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:46.194634914 CEST	51255	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:46.261265993 CEST	53	51255	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:46.884013891 CEST	61522	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:46.935630083 CEST	53	61522	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:47.487596989 CEST	52337	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:47.545852900 CEST	53	52337	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:48.536902905 CEST	55046	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:48.594139099 CEST	53	55046	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:49.549026966 CEST	49612	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:49.606879950 CEST	53	49612	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:49.618057966 CEST	49285	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:49.678318024 CEST	53	49285	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:50.925111055 CEST	50601	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:50.985768080 CEST	53	50601	8.8.8.8	192.168.2.4
Apr 12, 2021 15:18:51.494111061 CEST	60875	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:18:51.559489965 CEST	53	60875	8.8.8.8	192.168.2.4
Apr 12, 2021 15:19:02.951266050 CEST	56448	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:19:03.009776115 CEST	53	56448	8.8.8.8	192.168.2.4
Apr 12, 2021 15:19:16.478255033 CEST	59172	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:19:16.527057886 CEST	53	59172	8.8.8.8	192.168.2.4
Apr 12, 2021 15:19:17.546921015 CEST	62420	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:19:17.604051113 CEST	53	62420	8.8.8.8	192.168.2.4
Apr 12, 2021 15:19:33.298777103 CEST	60579	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:19:33.347456932 CEST	53	60579	8.8.8.8	192.168.2.4
Apr 12, 2021 15:19:35.441929102 CEST	50183	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:19:35.516921997 CEST	53	50183	8.8.8.8	192.168.2.4
Apr 12, 2021 15:19:49.407648087 CEST	61531	53	192.168.2.4	8.8.8.8
Apr 12, 2021 15:19:49.464689970 CEST	53	61531	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 12, 2021 15:18:02.896759987 CEST	192.168.2.4	8.8.8.8	0xf22b	Standard query (0)	bornforthis.ml	A (IP address)	IN (0x0001)
Apr 12, 2021 15:18:03.107773066 CEST	192.168.2.4	8.8.8.8	0x8042	Standard query (0)	bornforthis.ml	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Apr 12, 2021 15:18:02.967135906 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	bornforthis.ml	104.21.17.57	A (IP address)	IN (0x0001)
Apr 12, 2021 15:18:02.967135906 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	bornforthis.ml	172.67.222.176	A (IP address)	IN (0x0001)
Apr 12, 2021 15:18:03.178096056 CEST	8.8.8.8	192.168.2.4	0x8042	No error (0)	bornforthis.ml	104.21.17.57	A (IP address)	IN (0x0001)
Apr 12, 2021 15:18:03.178096056 CEST	8.8.8.8	192.168.2.4	0x8042	No error (0)	bornforthis.ml	172.67.222.176	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

bornforthis.ml

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49728	104.21.17.57	80	C:\Users\user\Desktop\scan_doc.exe

Timestamp	kBytes transferred	Direction	Data
Apr 12, 2021 15:18:03.036384106 CEST	876	OUT	GET /liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html HTTP/1.1 UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 OPR/38.0.2220.41 Host: bornforthis.ml Connection: Keep-Alive
Apr 12, 2021 15:18:03.089163065 CEST	877	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 12 Apr 2021 13:18:03 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Mon, 12 Apr 2021 14:18:03 GMT Location: https://bornforthis.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-358B343CE000A6025E950DB85DC9DF85.html cf-request-id: 0967d4773a0000975a302c2000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ac0Pz3GaDiF15%2FFVtAmWcxNvlY2cQ6Rjft9404BSZhcAprIiuQpQum4bHSgoJbALMQKOxf54izDvVdFzONY6ZQMua8NmJL0q4R2%2FhhWepA%3D%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 63ecbd052ef8975a-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 12, 2021 15:18:03.306427002 CEST	104.21.17.57	443	192.168.2.4	49729	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Sat Apr 03 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Sun Apr 03 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0	54328bd36c14bd82ddaa0c04b25ed9ad
Apr 12, 2021 15:18:03.306427002 CEST	104.21.17.57	443	192.168.2.4	49729	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		54328bd36c14bd82ddaa0c04b25ed9ad

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: scan_doc.exe PID: 496 Parent PID: 6136

General

Start time:	15:18:01
Start date:	12/04/2021
Path:	C:\Users\user\Desktop\scan_doc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\scan_doc.exe'
Imagebase:	0x10000
File size:	14848 bytes
MD5 hash:	A01C6A3DB8E862AB85386B6700E941BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Chronological Activities

Analysis Process: WerFault.exe PID: 5972 Parent PID: 496

General

Start time:	15:18:07
Start date:	12/04/2021
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1800
Imagebase:	0x1200000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report scan_doc.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution