ID: Cookbook: browseurl.jbs Time: 19:59:33 Date: 23/03/2018 Version:

ID: 51608 Cookbook: browseurl.jbs Time: 19:59:33 Date: 23/03/2018 Version: 22.0.0

Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Networking: System Summary: Hooking and other Techniques for Hiding and Protection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets ICMP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets HTTPS Packets Code Manipulations Statistics Table of Contents Copyright Joe Security LLC 2018 Page 2 of 34 2 4 4 4 4 5 5 6 6 6 6 6 6 7 7 7 7 7 7 7 8 8 8 8 8 8 8 8 8 8 8 8 9 9 14 14 14 14 14 14 14 15 20 24 24 24 25 25 25 31 31

Behavior System Behavior Analysis iexplore.exe PID: 3332 Parent PID: 548 General File Activities Registry Activities Analysis iexplore.exe PID: 3420 Parent PID: 3332 General File Activities Registry Activities Analysis ssvagent.exe PID: 3484 Parent PID: 3420 General Registry Activities Disassembly Code Analysis 31 32 32 32 32 32 33 33 33 33 33 33 33 33 34 Copyright Joe Security LLC 2018 Page 3 of 34

Analysis Report Overview General Information Joe Sandbox Version: 22.0.0 Analysis ID: 51608 Start time: 19:59:33 Joe Sandbox Product: CloudBasic Start date: 23.03.2018 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 8m 41s light browseurl.jbs http://x.co/6noc7 Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 4 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: HCA enabled EGA enabled HDC enabled Timeout CLEAN clean1.win@5/20@10/3 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: HDC Information: Cookbook Comments: Warnings: Failed Failed Adjust boot time Correcting counters for adjusted boot time Show All Exclude process from analysis (whitelisted): dllhost.exe Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Detection Strategy Score Range Reporting Detection Threshold 1 0-100 Report FP / FN Copyright Joe Security LLC 2018 Page 4 of 34

Confidence Strategy Score Range Further Analysis Required? Threshold 3 0-5 true Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Copyright Joe Security LLC 2018 Page 5 of 34

Analysis Advice Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Signature Overview Networking System Summary Hooking and other Techniques for Hiding and Protection Click to jump to signature section Networking: Social media urls found in memory data Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Urls found in memory or binary data Uses HTTPS System Summary: Searches the installation path of Mozilla Firefox Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Found graphical window changes (likely an installer) Uses new MSVCR Dlls Binary contains paths to debug symbols Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Behavior Graph Copyright Joe Security LLC 2018 Page 6 of 34

Behavior Graph ID: 51608 URL: http://x.co/6noc7 Startdate: 23/03/2018 Architecture: WINDOWS Score: 1 Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend started Number of created Registry Values iexplore.exe 35 59 started iexplore.exe Number of created Files Visual Basic Delphi Java.Net C# or VB.NET C, C++ or other language Is malicious 11 8.8.8.8, 49408, 50323, 50900 GOOGLE-GoogleIncUS United States unilil.bid 104.27.181.183, 443, 49171, 49172 CLOUDFLARENET-CloudFlareIncUS United States 2 other IPs or domains started ssvagent.exe 6 Simulations Behavior and APIs Time Type Description 20:00:00 API Interceptor 3671x Sleep call for process: iexplore.exe modified 20:00:01 API Interceptor 1x Sleep call for process: ssvagent.exe modified Antivirus Detection Initial Sample Detection Scanner Label Link http://x.co/6noc7 1% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Detection Scanner Label Link ocsp.comodoca4.com 0% virustotal Browse Copyright Joe Security LLC 2018 Page 7 of 34

Detection Scanner Label Link x.co 0% virustotal Browse unilil.bid 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshots Copyright Joe Security LLC 2018 Page 8 of 34

Startup System is w7 cleanup iexplore.exe (PID: 3332 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3420 cmdline: '' SCODEF:3332 CREDAT:275457 /prefetch:2 CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 3484 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new 0953A0264879FD1E655B75B63B9083B7) Created / dropped Files C:\Users\HERBBL~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): 4.3520304443200954 F613B7E50E67878150BB0A2AF294E5E5 D45B8CFC9068270FD8C70D7FE254293737FA6AE4 0F5679A3D33386280C8E2B92E8B73B1459EA8F50FB441410A8AF8F72708BD0A1 86F7173137B2BB3C6B5E19C5D7FF2F2A11BE91F106FFE0BB1B3900E1F9D6517536C3E110636EBEC5B975D35E32 7DD1DCCAA94C6233788DACB2C853AFE3756E96 Copyright Joe Security LLC 2018 Page 9 of 34

C:\Users\HERBBL~1\AppData\Local\Temp\~DF19A446DF34CDFFD2.TMP data Size (bytes): 38761 Entropy (8bit): 1.0966405020103382 2DA6790B066B58715CFB4C69124384A0 0087FA1D69EACECB7C0E7CFE1D7E46E7F2D2C909 D47A956A01094BC29F0803B5CFC76EB07D08E84F0BB6E25556E63D8FDAB62F0F 90BA88AAF6298B2E428A6AF7818D5D1A508645FD810DFB810494CDD2E63A34802FB846F4D5B2BFB84A6DA4578D 3AE164B3FF27EB1A62FE4C29DC63768A7522CE C:\Users\HERBBL~1\AppData\Local\Temp\~DF2C3E2BFDF23C3DE9.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 13109 Entropy (8bit): 0.5706001209794903 3F5066AD29EF5422EFC055A11528CFAF 6E73CDDFF3BB69AEB3751B7DEE449F87774521E4 E3F30C9301760583E478FBE33EA10EBC0ADBD835940E8488A67C848A272BBB97 FA95A24449CCB7396FC4C432C3F4AE22A6291953995EBCF1581AB52EC7E337A9601C749EE06A485A2CE042DC20 9FD04AB57CDA881151840EFDA296A0C5BB18DA C:\Users\HERBBL~1\AppData\Local\Temp\~DF523AB0337BE8D73D.TMP data Size (bytes): 29745 Entropy (8bit): 1.955994907182217 EC72F777E1383B78B44D87FE520F63C5 A79148EC578421DFE35D746828B3D0343559E393 6D502A36777CF5B0DFEDD20DD02E9949296D907B950456C4E896BB97FFC57E23 8A7D708CA7088EFE3AC6E511483E2FF35144D31F5525072B8EE61AAE8541C955479FD0CD24814B1C33C809FDF9E D10DDBF0D57D2FF13CA3FC184D446431C501C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Size (bytes): 54018 Entropy (8bit): 7.995641550109988 Microsoft Cabinet archive data, 54018 bytes, 1 file true 06ED9A39AC55EB00DD78E416E1A804F6 270464D1618197D86FF89184BA5ED45708D38BD9 298BBA62CAA0B61A402F715BB5B8D1D28ECD0B58D9A9B6B8AE7947B39DA8B1EB 6A3A747BB754D9BFB78D18E37CD9806015E00EEE85C59E16E3FCB6263024B422BE94A83D4FD447912CC516A77B 2D17A38689303857A40B75C2831A6548D63287 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 340 Entropy (8bit): 3.4002235280624262 4C047974C96697F8B46E5D837B0C50B2 D6FA4F73870EE82FA431ECC7547F52A618DC90C7 89379E845BD6E8E0F80D1E606939C23B32DF69C3548A98AD040AEF7143C4EBF6 60F61B585EE7BB0C1042C1B7EA59B71BA89576F57EBFCC7143640E28D08EC9B9CAB1F2079AE842516707E60E7B 38BA67D0873604B98DAA6AA6A5AEDE77FB2AAA Copyright Joe Security LLC 2018 Page 10 of 34

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 data Size (bytes): 330 Entropy (8bit): 3.1400527259188067 7E6977D06F472824406531EA20C6B1A4 ABD48F206126A7E2F796283257273F5AA13A6D97 DD9DE1D4E3832B187399544E50B4B8C569A4FBD66948E295A5AC39BA1F5A9467 90B2FC036E716CB51774091345BEB8C808CD06377B56BC4017FD8EF8CE10BAB843504421D3AD99F33C42A3AA6E B526E6E7C5F6B2B4429F605FB07DF5FB1A49B9 C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Size (bytes): 237 Entropy (8bit): 6.1480026084285395 PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A691078558E77D6848202F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE520395234D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1 data Size (bytes): 18176 Entropy (8bit): 5.525633053475079 5A34CB996293FDE2CB7A4AC89587393A 3C96C993500690D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A6 09B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml Size (bytes): 113540780 Entropy (8bit): 5.131857655804881 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators CD92626B9D868BA5417FF14EB9EF62E4 4FCD235DD7E53CB77B6A2A75D7ECA328F4C59640 F9B944E6B740889361927F3FB14890F2E53DF240D46EEDB7FA06A3A4E9AF78A1 485C66EA2AD29B0A4DDC8FEF912F5C67895C1EAC0DDDC71930B180205B629CAAF841738E33231FCD72E802994E 088FEB729127E67E568CE7DA3959D45AC714BA C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{623319D1-2ECC-11E8-B7AC-B2C276BF9C88}.dat Microsoft Word Document Size (bytes): 46680 Entropy (8bit): 1.9218323916914333 120B176EF39BB1ABBA4C9389BED606CE Copyright Joe Security LLC 2018 Page 11 of 34

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{623319D1-2ECC-11E8-B7AC-B2C276BF9C88}.dat E3B4D43A026D7ECCFC175E7483AE46A2CB877452 199243A6C0AB4C901F5634B2D42B23E10E6C62FFC2960AC8118A95024740AFB6 B58CC9C30F2F4D2976D813193D58938F396F8DEB7077BED43E6CD1D4CC774E68770E7A195D5BFE5278003926E3 BA31965A981B166401878FD1131FACE85AF45 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{623319D3-2ECC-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): 26248 Microsoft Word Document Entropy (8bit): 1.6694540036602306 4180AE43019F33D1E555A16CB40860BB 770BB006AAD852B9A690542A29A06C21D2918E53 11358E80DF82D0B87B8B3B5D9438C365C430BEE28347B2BCE2486AF5A91E9877 9D6049EEA4B3BED4D84244C87BA44DED3862F0317E10A8F42144A4FD926EAE646FDCE4E40A6D92BE726DF0A56 AB5400BA8C6770342D24E1BA7AF4218A6651DC1 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6BF0EBD0-2ECC-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): 19032 Microsoft Word Document Entropy (8bit): 1.5880835029998914 511D9B22A230D51275139BBDD7A9B0F0 54FDF7581C900CA761CCF08F99C7818682ED20CE 3ADDD0ADF947429E4BCD1224095799C2FB606028D481912F86776D4EB0B6A1D0 872F006BBFDB02EB7C655F42E5051FEF428B234BEB9586326603417716EB9B69F65106F2A52E69D8880E4636F6B7 A93834FAF7F9478E9E0577D2FB90A807398F C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver87D0.tmp Size (bytes): 15845 Entropy (8bit): 5.061709702572858 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators 095C72688DE7D90E6526DC0D8878F3F6 A1CAE182FB7E86C74FB5467C0014B2A27472BE37 8684403DA59628039E9B4B0D245C5B7E1FAC1242A087DED44EAF3B792E4A231E AB7FD229A6F532AE11E4CCEB01F823810B33D5C740BC9F290C79646C422AFFC27DDB8476C931D6E4A9686EED97 0E219B6CEBBF68F9A12B6C629B6816CDE1615C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\favicon[1].ico Size (bytes): 237 Entropy (8bit): 6.1480026084285395 PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A691078558E77D6848202F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE520395234D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\iecompatviewlist[1].xml XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Copyright Joe Security LLC 2018 Page 12 of 34

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\iecompatviewlist[1].xml Size (bytes): 384884 Entropy (8bit): 5.131857655804881 E5C53C3634365B5941145F1D541D440B 81EC7166362E699A0BFA191B2AE1B74320D316CE 7DA1E84B3EE4D8FAD40B8A2B775F2CE1D8C38931D6B403294AE4EE8426FAFB7F 8094EA2119B2D321EB62916CD5584A8DF20A9990606BCDBF2E9F20D5EEB5306D1F30A8607B61175934EFF3F2E31 6F3634DAF3EEADFDC9909628CB1C961644A92 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\suggestions[1].en-US data Size (bytes): 18176 Entropy (8bit): 5.525633053475079 5A34CB996293FDE2CB7A4AC89587393A 3C96C993500690D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A6 09B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\A0HY48A1.txt Size (bytes): 111 ASCII text Entropy (8bit): 4.288326888632299 1DA1F34763F88424581ECC966ED50028 51E1D65F9CEFAB3F1171338FE75929CB07F1C740 A487DEC03A68F5FB419D7CDAFA0E03B809BE6181455326476EB00ABBE699C473 D85AB2CE993D11DE4CE032EF43AAB316C19D871B0E7FA67BEB7D4978DB52F5D8A574FF2F548E1F12E4B47455B 697B332EBCA363AA449CFC2F95D88681A70EF98 C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GCNQ98VWFEFN0WC4104M.temp data Size (bytes): 3358 Entropy (8bit): 3.1018064610355456 04FAC9D9DF81098D4CFC3A00E844AE4D 1572B17D9786B266A60E479375904E9891EE9875 9D076565D2A2A9C64AC58EF30EDF19A64E6A22C212499266580772EA76CABC35 08F02591A17D9256F8B5C394AC081024C40B459A1B3CECC33EAB71811AA432C796213F0FD62C43021A2132B9AB3 D336473A41C419F46882AE2755237E6738FDC \samr Size (bytes): 116 Entropy (8bit): 4.053374040827533 Hitachi SH big-endian COFF object, not stripped 080E701E8B8E2E9C68203C150AC7C6B7 4EF041621388B805758AE1D3B122F9D364705223 FE129AE2A7C96708754F6F51091E6E512C9FEACA1042A1E9DB914C651FEB344D C11D88B8E355B7B922B985802464B693F75BA4C2A62F9137A15842CA82F9B6B3ED13059EDC0DF1C04E7DE43719 D892B4C0D22BB67BE0D57EAB368BA1BC057E79 Copyright Joe Security LLC 2018 Page 13 of 34

Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation ocsp.comodoca4.com 80.97.209.171 true 0%, virustotal, Browse unknown x.co 184.168.131.241 true 0%, virustotal, Browse unilil.bid 104.27.181.183 true 0%, virustotal, Browse unknown Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious 8.8.8.8 United States 15169 GOOGLE-GoogleIncUS 184.168.131.241 United States 26496 AS-26496-GO-DADDY-COM-LLC- GoDaddycomLLCUS 104.27.181.183 United States 13335 CLOUDFLARENET- CloudFlareIncUS Static File Info No static file info Network Behavior Network Port Distribution Copyright Joe Security LLC 2018 Page 14 of 34

Total Packets: 287 443 (HTTPS) 80 (HTTP) 53 (DNS) TCP Packets Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:27.086288929 59605 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:27.235400915 50900 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:27.244822979 51075 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:27.913419008 53 59605 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:27.943972111 49163 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:27.944025993 80 49163 184.168.131.241 192.168.2.2 Mar 23, 2018 20:00:27.944169998 49163 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:27.945497990 49164 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:27.945534945 80 49164 184.168.131.241 192.168.2.2 Mar 23, 2018 20:00:27.945662975 49164 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:27.947329044 49163 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:27.947357893 80 49163 184.168.131.241 192.168.2.2 Mar 23, 2018 20:00:28.229490042 50900 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:28.239948988 51075 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:28.314109087 53 50900 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:28.390997887 53 51075 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:29.318133116 61674 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.322104931 59291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.334556103 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.341078043 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.343203068 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.345393896 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.994039059 53 50900 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.051204920 53 51075 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.312352896 61674 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.321983099 59291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.332072973 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.342057943 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.342164040 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.342257023 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.424015999 53 59291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.456535101 53 61674 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.543472052 53 61674 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.597186089 53 59291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:31.333563089 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.343569994 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.343663931 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.343765020 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.596252918 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:32.595280886 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.337116003 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.347212076 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.347655058 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.348062992 60812 53 192.168.2.2 8.8.8.8 Copyright Joe Security LLC 2018 Page 15 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:33.597007036 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:35.599874020 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:36.192341089 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315769911 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315812111 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315834045 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315854073 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315879107 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315900087 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315922976 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340369940 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340415955 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340437889 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340460062 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340481043 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340507030 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340528965 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340590954 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359133005 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359172106 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359191895 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359211922 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:39.037364006 80 49163 184.168.131.241 192.168.2.2 Mar 23, 2018 20:00:39.037405014 80 49163 184.168.131.241 192.168.2.2 Mar 23, 2018 20:00:39.037646055 49163 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:39.094712019 49163 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:00:39.094747066 80 49163 184.168.131.241 192.168.2.2 Mar 23, 2018 20:00:39.145472050 57729 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:40.147059917 57729 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:40.509255886 53 57729 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:40.511147022 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:40.511185884 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:40.511280060 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:40.512320042 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:40.512348890 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:40.512437105 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:40.653147936 53 57729 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:40.920089006 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:40.920111895 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:40.920713902 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:40.920728922 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.117403984 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.117424011 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.117434025 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.117530107 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.147866011 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.147984028 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.169682026 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.169704914 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.169713974 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.169867039 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.217870951 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.217983007 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.225016117 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.225028038 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.241094112 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.241106033 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.444726944 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.444849014 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:41.510005951 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:41.510158062 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:42.470603943 65311 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:42.519543886 50323 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:42.900232077 53 50323 8.8.8.8 192.168.2.2 Copyright Joe Security LLC 2018 Page 16 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:42.982172012 53 65311 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.283859968 64115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.349656105 59195 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.351249933 58138 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.482306004 53 64115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.598274946 60708 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.623174906 53 59195 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.707115889 53 58138 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.807104111 53 60708 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.854342937 65034 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.980372906 58653 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.030806065 57327 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.068037987 56352 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.114373922 62091 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.186609030 63509 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.209952116 51492 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.210391998 62750 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.232808113 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:44.232822895 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:44.257846117 58913 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.266427040 63309 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.281888008 52316 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.852952957 65034 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.952817917 53 65034 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:44.957838058 65236 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.973715067 58653 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.023572922 57327 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.063292980 56352 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.113715887 62091 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.183731079 63509 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.214765072 62750 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.214948893 51492 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.253973007 58913 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.263998032 63309 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.283442974 52316 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.946554899 53 58653 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.954974890 65236 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.960124016 53 57327 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.960175037 53 56352 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.960199118 53 51492 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.960220098 53 62750 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.960293055 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:45.960377932 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:45.968517065 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:45.968548059 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:45.968590975 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:45.975986958 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.981662989 53 63309 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981699944 53 52316 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981729031 53 65034 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981750965 53 65236 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981771946 53 63509 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981792927 53 62091 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981821060 53 58913 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.988600016 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.004009008 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.010282993 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.012871981 49172 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.012883902 443 49172 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.160051107 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.161660910 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.216370106 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.218044043 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.330022097 49171 443 192.168.2.2 104.27.181.183 Copyright Joe Security LLC 2018 Page 17 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:46.330037117 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.330863953 49178 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.330882072 443 49178 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.330971003 49178 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.331521988 49179 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.331536055 443 49179 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.331582069 49179 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.332120895 49180 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.332134962 443 49180 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.332226992 49180 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.332870960 49178 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.332882881 443 49178 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.333571911 49179 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.333583117 443 49179 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.334305048 49180 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:00:46.334316015 443 49180 104.27.181.183 192.168.2.2 Mar 23, 2018 20:00:46.975888968 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.985913038 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.996016026 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.006025076 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.156738043 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.156913996 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.237503052 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.238290071 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.977766037 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.987873077 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.998100996 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.008189917 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.159286976 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.159683943 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.243576050 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.243855000 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:49.490914106 53 58653 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:49.980808973 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:49.991059065 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.001087904 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.010380983 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.161706924 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.162034035 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.241039991 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.242131948 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:51.047863960 53 57327 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:51.047909021 53 56352 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721184015 53 62091 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721232891 53 63509 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721256971 53 62750 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721277952 53 51492 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:53.986675024 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:53.996170044 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.006213903 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.016191959 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.167035103 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.167337894 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.246901035 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.247884989 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:55.341626883 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:56.090429068 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:56.343476057 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:57.091495037 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:57.341870070 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:58.092869043 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:59.347971916 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:00.095983982 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:03.351840973 57291 53 192.168.2.2 8.8.8.8 Copyright Joe Security LLC 2018 Page 18 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:01:04.101792097 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:09.063460112 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:01:09.063502073 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:01:09.063596010 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:09.063805103 49171 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:09.063823938 443 49171 104.27.181.183 192.168.2.2 Mar 23, 2018 20:01:09.068422079 49181 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:09.068449020 443 49181 104.27.181.183 192.168.2.2 Mar 23, 2018 20:01:09.068515062 49181 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:09.069787979 49181 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:09.069806099 443 49181 104.27.181.183 192.168.2.2 Mar 23, 2018 20:01:12.322227955 53 65236 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:12.322277069 53 58913 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:12.322304964 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:12.334528923 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:13.334769011 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:14.265851974 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.265897036 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.265918970 53 63309 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.265938997 53 52316 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.335953951 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:15.321284056 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321301937 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321336985 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321360111 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321382999 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.339020967 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:16.358534098 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358577967 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358598948 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358619928 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358644962 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358669043 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358695984 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:17.378684998 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:17.378737926 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:18.366471052 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:18.366518974 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391308069 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391355991 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391380072 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391402960 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391429901 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391458035 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391482115 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:20.344705105 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:20.804313898 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:32.395262957 49164 80 192.168.2.2 184.168.131.241 Mar 23, 2018 20:01:32.395382881 49181 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:32.395484924 49179 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:32.395708084 49178 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:32.395852089 49180 443 192.168.2.2 104.27.181.183 Mar 23, 2018 20:01:47.039309025 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081753969 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081794977 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081816912 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081835985 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081861019 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081883907 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081911087 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130767107 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130809069 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130830050 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130858898 53 49408 8.8.8.8 192.168.2.2 Copyright Joe Security LLC 2018 Page 19 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:01:47.130883932 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130906105 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150648117 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150691032 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150713921 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150736094 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150758982 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150780916 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150804996 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.180301905 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.180340052 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920603037 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920648098 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920669079 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920694113 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920721054 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:02:24.539488077 64225 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:02:25.537630081 64225 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:02:26.539522886 64225 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:02:28.542185068 64225 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:02:32.548209906 64225 53 192.168.2.2 8.8.8.8 UDP Packets Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:27.086288929 59605 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:27.235400915 50900 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:27.244822979 51075 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:27.913419008 53 59605 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:28.229490042 50900 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:28.239948988 51075 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:28.314109087 53 50900 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:28.390997887 53 51075 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:29.318133116 61674 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.322104931 59291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.334556103 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.341078043 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.343203068 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.345393896 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:29.994039059 53 50900 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.051204920 53 51075 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.312352896 61674 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.321983099 59291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.332072973 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.342057943 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.342164040 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.342257023 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:30.424015999 53 59291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.456535101 53 61674 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.543472052 53 61674 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:30.597186089 53 59291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:31.333563089 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.343569994 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.343663931 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.343765020 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:31.596252918 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:32.595280886 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.337116003 63053 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.347212076 65490 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.347655058 58523 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.348062992 60812 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:33.597007036 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:35.599874020 60652 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:36.192341089 53 60652 8.8.8.8 192.168.2.2 Copyright Joe Security LLC 2018 Page 20 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:36.315769911 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315812111 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315834045 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315854073 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315879107 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315900087 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.315922976 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340369940 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340415955 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340437889 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340460062 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340481043 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340507030 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340528965 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.340590954 53 65490 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359133005 53 58523 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359172106 53 60812 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359191895 53 63053 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:36.359211922 53 60652 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:39.145472050 57729 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:40.147059917 57729 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:40.509255886 53 57729 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:40.653147936 53 57729 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:42.470603943 65311 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:42.519543886 50323 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:42.900232077 53 50323 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:42.982172012 53 65311 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.283859968 64115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.349656105 59195 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.351249933 58138 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.482306004 53 64115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.598274946 60708 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.623174906 53 59195 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.707115889 53 58138 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.807104111 53 60708 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:43.854342937 65034 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:43.980372906 58653 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.030806065 57327 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.068037987 56352 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.114373922 62091 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.186609030 63509 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.209952116 51492 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.210391998 62750 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.257846117 58913 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.266427040 63309 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.281888008 52316 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.852952957 65034 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.952817917 53 65034 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:44.957838058 65236 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:44.973715067 58653 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.023572922 57327 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.063292980 56352 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.113715887 62091 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.183731079 63509 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.214765072 62750 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.214948893 51492 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.253973007 58913 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.263998032 63309 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.283442974 52316 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.946554899 53 58653 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.954974890 65236 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.960124016 53 57327 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.960175037 53 56352 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.960199118 53 51492 8.8.8.8 192.168.2.2 Copyright Joe Security LLC 2018 Page 21 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:00:45.960220098 53 62750 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.975986958 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:45.981662989 53 63309 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981699944 53 52316 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981729031 53 65034 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981750965 53 65236 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981771946 53 63509 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981792927 53 62091 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.981821060 53 58913 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:45.988600016 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.004009008 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.010282993 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.160051107 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.161660910 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.216370106 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.218044043 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.975888968 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.985913038 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:46.996016026 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.006025076 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.156738043 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.156913996 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.237503052 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.238290071 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.977766037 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.987873077 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:47.998100996 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.008189917 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.159286976 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.159683943 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.243576050 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:48.243855000 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:49.490914106 53 58653 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:49.980808973 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:49.991059065 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.001087904 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.010380983 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.161706924 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.162034035 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.241039991 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:50.242131948 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:51.047863960 53 57327 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:51.047909021 53 56352 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721184015 53 62091 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721232891 53 63509 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721256971 53 62750 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:52.721277952 53 51492 8.8.8.8 192.168.2.2 Mar 23, 2018 20:00:53.986675024 55904 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:53.996170044 55581 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.006213903 57178 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.016191959 62406 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.167035103 49408 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.167337894 58563 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.246901035 61609 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:54.247884989 59433 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:55.341626883 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:56.090429068 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:56.343476057 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:57.091495037 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:57.341870070 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:58.092869043 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:00:59.347971916 57291 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:00.095983982 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:03.351840973 57291 53 192.168.2.2 8.8.8.8 Copyright Joe Security LLC 2018 Page 22 of 34

Timestamp Port Dest Port IP Dest IP Mar 23, 2018 20:01:04.101792097 52245 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:12.322227955 53 65236 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:12.322277069 53 58913 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:12.322304964 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:12.334528923 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:13.334769011 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:14.265851974 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.265897036 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.265918970 53 63309 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.265938997 53 52316 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:14.335953951 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:15.321284056 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321301937 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321336985 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321360111 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:15.321382999 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.339020967 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:16.358534098 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358577967 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358598948 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358619928 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358644962 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358669043 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:16.358695984 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:17.378684998 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:17.378737926 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:18.366471052 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:18.366518974 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391308069 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391355991 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391380072 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391402960 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391429901 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391458035 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:19.391482115 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:20.344705105 56115 53 192.168.2.2 8.8.8.8 Mar 23, 2018 20:01:20.804313898 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.039309025 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081753969 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081794977 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081816912 53 57291 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081835985 53 52245 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081861019 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081883907 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.081911087 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130767107 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130809069 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130830050 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130858898 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130883932 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.130906105 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150648117 53 55904 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150691032 53 55581 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150713921 53 57178 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150736094 53 61609 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150758982 53 59433 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150780916 53 49408 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.150804996 53 58563 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.180301905 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.180340052 53 62406 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920603037 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920648098 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920669079 53 56115 8.8.8.8 192.168.2.2 Mar 23, 2018 20:01:47.920694113 53 56115 8.8.8.8 192.168.2.2 Copyright Joe Security LLC 2018 Page 23 of 34