Edit tour

Windows Analysis Report
ClientAny.exe

Overview

General Information

Sample name:	ClientAny.exe
Analysis ID:	1463770
MD5:	48865d6cc53e8a2fc637da9f1ee5e353
SHA1:	d655c548c01f91438d20f80bd9acab9f94073cef
SHA256:	243107799d46411f4a919d7117eef4b5f1718dc997bf9ef316ed822ea93b29e8
Tags:	exeVenomRAT
Infos:

Detection

AsyncRAT, VenomRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AsyncRAT

Yara detected VenomRAT

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Connects to a pastebin service (likely for C&C)

Contains functionality to log keystrokes (.Net Source)

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

ClientAny.exe (PID: 2924 cmdline: "C:\Users\user\Desktop\ClientAny.exe" MD5: 48865D6CC53E8A2FC637DA9F1EE5E353)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Malware Configuration

Threatname: AsyncRAT

{"Mutex": "kjllrkvvfowjke", "Certificate": "MIICOTCCAaKgAwIBAgIVAOKDrSxDeihR97mkL/wGgcYXFgDXMA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDkxMzE3MDc1MloXDTM0MDYyMjE3MDc1MlowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM6+BHD5YSBXmj+LBViw7/wi1FCn3ElBgGsHD3Di19KWY41cdKsZnPsbR30UIzckGdtzO/yRdAZ180cy7FuicChFppQv1og4PKQ0gxeGoVDUiQfNskGQOZL8UwIcwjkdqgaID+ZtwL2LG1GTkQFy/aBT/7Pe2d2JlePbxZ/adXsBAgMBAAGjMjAwMB0GA1UdDgQWBBR3cvVskRXmmRclKT/dsQ+t5w7FpzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAMgF5G2yBeeonmt3qNxlNzlbnjgkbTWYWnRQxLHTFGICrH1ggJwcIw44zGlqdDLxxrb50dTDvf6HXyqBaXACWVib4gGrWRg0hnBf3Ca7FAjtqZ2iDIUkiKwuaAmeBrKMYtAB6hDB4FMXk9NcWtK3CW7IJkr0OLr++o6kRLTOArsU", "Server Signature": "H9d3BeQEHW4ysxgQSlbGSAImYJWzOHHpMiD6JwGZ147lgA7XLQq/XFrrUXqdThLZ1+gKq6/FaIMblMK6u3lLQl3W314fRurCLxteS0p9jhyKyNKOjF/6lszQ5JntiPllLq0BQOaH4oJItdsCi37Eqx+JXFToOTkfsSBuJ2qbveo=", "External_config_on_Pastebin": "https://pastebin.com/raw/zAGEXn7M"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ClientAny.exe	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
ClientAny.exe	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf8b0:$q1: Select * from Win32_CacheMemory 0xf8f0:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf93e:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf98c:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Process Memory Space: ClientAny.exe PID: 2924	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.ClientAny.exe.860000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0.0.ClientAny.exe.860000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf8b0:$q1: Select * from Win32_CacheMemory 0xf8f0:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf93e:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf98c:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ClientAny.exe

Avira: detected

Found malware configuration

Source: ClientAny.exe

Malware Configuration Extractor: AsyncRAT {"Mutex": "kjllrkvvfowjke", "Certificate": "MIICOTCCAaKgAwIBAgIVAOKDrSxDeihR97mkL/wGgcYXFgDXMA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDkxMzE3MDc1MloXDTM0MDYyMjE3MDc1MlowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM6+BHD5YSBXmj+LBViw7/wi1FCn3ElBgGsHD3Di19KWY41cdKsZnPsbR30UIzckGdtzO/yRdAZ180cy7FuicChFppQv1og4PKQ0gxeGoVDUiQfNskGQOZL8UwIcwjkdqgaID+ZtwL2LG1GTkQFy/aBT/7Pe2d2JlePbxZ/adXsBAgMBAAGjMjAwMB0GA1UdDgQWBBR3cvVskRXmmRclKT/dsQ+t5w7FpzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAMgF5G2yBeeonmt3qNxlNzlbnjgkbTWYWnRQxLHTFGICrH1ggJwcIw44zGlqdDLxxrb50dTDvf6HXyqBaXACWVib4gGrWRg0hnBf3Ca7FAjtqZ2iDIUkiKwuaAmeBrKMYtAB6hDB4FMXk9NcWtK3CW7IJkr0OLr++o6kRLTOArsU", "Server Signature": "H9d3BeQEHW4ysxgQSlbGSAImYJWzOHHpMiD6JwGZ147lgA7XLQq/XFrrUXqdThLZ1+gKq6/FaIMblMK6u3lLQl3W314fRurCLxteS0p9jhyKyNKOjF/6lszQ5JntiPllLq0BQOaH4oJItdsCi37Eqx+JXFToOTkfsSBuJ2qbveo=", "External_config_on_Pastebin": "https://pastebin.com/raw/zAGEXn7M"}

Multi AV Scanner detection for submitted file

Source: ClientAny.exe

ReversingLabs: Detection: 81%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: ClientAny.exe

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: ClientAny.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Connects to a pastebin service (likely for C&C)

Source: unknown	DNS query: name: pastebin.com
Source: unknown	DNS query: name: pastebin.com
Source: unknown	DNS query: name: pastebin.com
Source: unknown	DNS query: name: pastebin.com

Source: global traffic	TCP traffic: 192.168.2.6:49712 -> 3.69.115.178:11492
Source: global traffic	TCP traffic: 192.168.2.6:55138 -> 3.69.157.220:11492
Source: global traffic	TCP traffic: 192.168.2.6:55175 -> 3.66.38.117:11492

Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.20.3.235 104.20.3.235
Source: Joe Sandbox View	IP Address: 3.66.38.117 3.66.38.117
Source: Joe Sandbox View	IP Address: 3.69.115.178 3.69.115.178
Source: Joe Sandbox View	IP Address: 3.69.157.220 3.69.157.220

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.com
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /raw/zAGEXn7M HTTP/1.1Host: pastebin.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: pastebin.com
Source: global traffic	DNS traffic detected: DNS query: 6.tcp.eu.ngrok.io

Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000030EF000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002DD7000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003136000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003232000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002F76000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003071000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pastebin.com
Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pastebin.com0n
Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002B21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003136000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003232000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002F76000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003071000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com
Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002B21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/zAGEXn7M
Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com0n
Source: ClientAny.exe, 00000000.00000002.4586809009.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.comhB

Source: unknown	Network traffic detected: HTTP traffic on port 55208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55227
Source: unknown	Network traffic detected: HTTP traffic on port 55157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55224
Source: unknown	Network traffic detected: HTTP traffic on port 55243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55198
Source: unknown	Network traffic detected: HTTP traffic on port 55220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55231
Source: unknown	Network traffic detected: HTTP traffic on port 55163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55192
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55235
Source: unknown	Network traffic detected: HTTP traffic on port 55249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55237
Source: unknown	Network traffic detected: HTTP traffic on port 55263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55123
Source: unknown	Network traffic detected: HTTP traffic on port 55200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55249
Source: unknown	Network traffic detected: HTTP traffic on port 55202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55133
Source: unknown	Network traffic detected: HTTP traffic on port 55222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55255
Source: unknown	Network traffic detected: HTTP traffic on port 55165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 55142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 55198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55135
Source: unknown	Network traffic detected: HTTP traffic on port 55261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55137
Source: unknown	Network traffic detected: HTTP traffic on port 55247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55265
Source: unknown	Network traffic detected: HTTP traffic on port 55159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55261
Source: unknown	Network traffic detected: HTTP traffic on port 55216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55146
Source: unknown	Network traffic detected: HTTP traffic on port 55153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55267
Source: unknown	Network traffic detected: HTTP traffic on port 55130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55150
Source: unknown	Network traffic detected: HTTP traffic on port 55167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55157
Source: unknown	Network traffic detected: HTTP traffic on port 55224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55163
Source: unknown	Network traffic detected: HTTP traffic on port 55218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55206
Source: unknown	Network traffic detected: HTTP traffic on port 55155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55208
Source: unknown	Network traffic detected: HTTP traffic on port 55116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55204
Source: unknown	Network traffic detected: HTTP traffic on port 55245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55174
Source: unknown	Network traffic detected: HTTP traffic on port 55188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55212
Source: unknown	Network traffic detected: HTTP traffic on port 55135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55214
Source: unknown	Network traffic detected: HTTP traffic on port 55265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55180
Source: unknown	Network traffic detected: HTTP traffic on port 55237 -> 443

Source: unknown

HTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.6:49711 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: ClientAny.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ClientAny.exe.860000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: ClientAny.exe PID: 2924, type: MEMORYSTR

Contains functionality to log keystrokes (.Net Source)

Source: ClientAny.exe, Keylogger.cs

.Net Code: KeyboardLayout

System Summary

Malicious sample detected (through community Yara rule)

Source: ClientAny.exe, type: SAMPLE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.0.ClientAny.exe.860000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen

Source: C:\Users\user\Desktop\ClientAny.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\ClientAny.exe

Code function: 0_2_00007FFD34653D0E NtProtectVirtualMemory,

0_2_00007FFD34653D0E

Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD34650E5D	0_2_00007FFD34650E5D
Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD34653D0E	0_2_00007FFD34653D0E
Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD346529E0	0_2_00007FFD346529E0
Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD34650E70	0_2_00007FFD34650E70
Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD34653D88	0_2_00007FFD34653D88

Source: ClientAny.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.0.ClientAny.exe.860000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI

Source: ClientAny.exe, Settings.cs

Base64 encoded string: '//jgS7vBsMOCZ0xrGORyo2K4wk27oEX7AcAUPs5vs3uGSMEwcNlLkHv14UHouf1951yd3XmjfzadOySfx8SrAw==', 'uvEisyYuZD3pK4i2Lk61enOuPhsS13yLc/F4ng6PHXnMKM9txNQzlrWzycvnNFZBTa/F8IY+9xwr9Lss3ho4pg==', 'rvmC6mriI2serRAyZRR41rNO53Cb1LhaH4d+HMhXrwSW8tc+e1xNknISkDqsCSbUvaRJRo/X9+b20ncFDSWtAaBdQOc8TbeIvXg5dA/WXb518N+Zk3yuWp9FVYX+eaNN', 'yl6q0G1J6hecPIuP4YWrDFezXB+FbGthdfFI1JLkHzczTRD0ncoK0j1tAmmhWHzGeS1QpdGVR/pLBLAcBgsBoQ==', 'XLHnogfeIbuiOnsgkxNPLrP6Ccw44KoOtirsSjjQqEV+pq9QZDPTIyut0oQZyq/xKJf/DjYkzt10t4tJcO8irA==', 'iRzz07j2lqCVDSyC5c1jKoPqfw+LIQLeB0F7GRVET0oGmmVbdL03D5SAKKWCsW3YTJVLkkTslhmJRbNK7Jg0o3yzjY8VzVoTKz9Lw5TqndPhLXdyDzP2OWftJjlMv9ozmzPWWdt4FGXr4kEhJmM3qjjzY9NV5i99GQ8Z0+z6OZXawbFva3G88QLK2N+amFBU7FrbFVf3GfNDd8ad+byYnG/m04dZX5uYjPKY5ZCwf5qFdFXdmWCAjC7jh5EJ/rJ81hRyQkXKoNG1hCYCP6GzqtYS2/AUaZhFTuwa+URQSqU=', 'wGXnIZzD926vVL2XI9Yv7k8sQP5Uk3maqZW38q1w9T+oI7s1zLhbLN3oMsF00r5R9gc6IFTYpB8BmZYC2WfTJQ==', 'vhH6GqH+4/nczfEOU4qxhvGKi+W4PjLioRYTXGGrvqgipj4O4d0/PmgZDz/y9ZLXiGutTFyGbuRw7KnXbT1XHw==', 'zny+gzc8QYF7ey1lmor4qUwJvZshpeY+GVsLwOTIt7aW7OlofXZ60TbCa87nEeGEDelGF69y3K+kHyiqZ4mHtA=='

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/1@9/4

Source: C:\Users\user\Desktop\ClientAny.exe

File created: C:\Users\user\AppData\Roaming\MyData

Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\ClientAny.exe	Mutant created: \Sessions\1\BaseNamedObjects\kjllrkvvfowjke

Source: ClientAny.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ClientAny.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\ClientAny.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ClientAny.exe

ReversingLabs: Detection: 81%

Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Section loaded: gpapi.dll	Jump to behavior

Source: ClientAny.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ClientAny.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: ClientAny.exe, ClientSocket.cs

.Net Code: Invoke System.AppDomain.Load(byte[])

Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD346500BD pushad ; iretd		0_2_00007FFD346500C1
Source: C:\Users\user\Desktop\ClientAny.exe	Code function: 0_2_00007FFD34656565 push ebx; ret		0_2_00007FFD3465658A

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: ClientAny.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ClientAny.exe.860000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: ClientAny.exe PID: 2924, type: MEMORYSTR

Source: C:\Users\user\Desktop\ClientAny.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match	File source: ClientAny.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ClientAny.exe.860000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: ClientAny.exe PID: 2924, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: ClientAny.exe

Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Source: C:\Users\user\Desktop\ClientAny.exe	Memory allocated: DC0000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Memory allocated: 1AB20000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599782	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599657	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599438	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598594	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598485	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598360	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596985	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596735	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596363	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596232	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596125	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596016	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595907	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595782	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595657	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595532	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595422	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595313	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595188	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595063	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594938	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594813	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594701	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594594	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594469	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594357	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594250	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594141	Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe	Window / User API: threadDelayed 8514			Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Window / User API: threadDelayed 1312			Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 2960	Thread sleep count: 8514 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599782s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 2960	Thread sleep count: 1312 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599657s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -599063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -598110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -597110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596363s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596232s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -596016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595907s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595782s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595657s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -595063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594701s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594357s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe TID: 1336	Thread sleep time: -594141s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599782	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599657	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599438	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598594	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598485	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598360	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596985	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596735	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596363	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596232	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596125	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 596016	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595907	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595782	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595657	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595532	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595422	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595313	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595188	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 595063	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594938	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594813	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594701	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594594	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594469	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594357	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594250	Jump to behavior
Source: C:\Users\user\Desktop\ClientAny.exe	Thread delayed: delay time: 594141	Jump to behavior

Source: ClientAny.exe, 00000000.00000002.4589932106.000000001B493000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\ClientAny.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: ClientAny.exe, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)
Source: ClientAny.exe, DInvokeCore.cs	Reference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
Source: ClientAny.exe, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)

Source: C:\Users\user\Desktop\ClientAny.exe

Queries volume information: C:\Users\user\Desktop\ClientAny.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\ClientAny.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: ClientAny.exe, type: SAMPLE
Source: Yara match	File source: 0.0.ClientAny.exe.860000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: ClientAny.exe PID: 2924, type: MEMORYSTR

Source: ClientAny.exe, 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: MSASCui.exe
Source: ClientAny.exe, 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: procexp.exe
Source: ClientAny.exe, 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Scheduled Task/Job	2 Scheduled Task/Job	2 Scheduled Task/Job	1 Masquerading	1 Input Capture	1 Query Registry	Remote Services	1 Input Capture	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	211 Obfuscated Files or Information	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	2 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	3 Application Layer Protocol	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
ClientAny.exe	81%	ReversingLabs	ByteCode-MSIL.Backdoor.AsyncRAT
ClientAny.exe	100%	Avira	HEUR/AGEN.1307453
ClientAny.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://pastebin.com	0%	Avira URL Cloud	safe
https://pastebin.com	0%	Avira URL Cloud	safe
https://pastebin.com/raw/zAGEXn7M	0%	Avira URL Cloud	safe
https://pastebin.com0n	0%	Avira URL Cloud	safe
https://pastebin.comhB	0%	Avira URL Cloud	safe
http://pastebin.com0n	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
6.tcp.eu.ngrok.io	3.69.115.178	true	false		unknown
pastebin.com	104.20.3.235	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pastebin.com/raw/zAGEXn7M	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://pastebin.com0n	ClientAny.exe, 00000000.00000002.4586809009.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ClientAny.exe, 00000000.00000002.4586809009.0000000002B21000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pastebin.com	ClientAny.exe, 00000000.00000002.4586809009.0000000002FF4000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000030EF000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002E7B000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002DD7000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003136000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003232000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002F76000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003071000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pastebin.com	ClientAny.exe, 00000000.00000002.4586809009.0000000002BD1000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003136000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003232000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002F76000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000003071000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp, ClientAny.exe, 00000000.00000002.4586809009.00000000032B0000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://pastebin.com0n	ClientAny.exe, 00000000.00000002.4586809009.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pastebin.comhB	ClientAny.exe, 00000000.00000002.4586809009.0000000002CAA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.20.3.235	pastebin.com	United States	13335	CLOUDFLARENETUS	true
3.66.38.117	unknown	United States	16509	AMAZON-02US	false
3.69.115.178	6.tcp.eu.ngrok.io	United States	16509	AMAZON-02US	false
3.69.157.220	unknown	United States	16509	AMAZON-02US	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1463770
Start date and time:	2024-06-27 19:35:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ClientAny.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/1@9/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 5 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: ClientAny.exe

Simulations

Behavior and APIs

Time	Type	Description
13:36:06	API Interceptor	15046395x Sleep call for process: ClientAny.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.20.3.235	New Voicemail Invoice 64746w .js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	Invoice-883973938.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	2024 12_59_31 a.m..js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
	PendingInvoiceBankDetails.JS.js	Get hash	malicious	WSHRAT	Browse	pastebin.com/raw/NsQ5qTHr
3.66.38.117	mhYCwt8wBz.exe	Get hash	malicious	Njrat	Browse
	592CDAD0A5B0AE90E0C812AECB2677096AF06CF941CE2.exe	Get hash	malicious	Njrat	Browse
	U22p1GcCSb.exe	Get hash	malicious	Njrat	Browse
	NfJ0jC2dPr.exe	Get hash	malicious	Njrat	Browse
	ziTLBa3N50.exe	Get hash	malicious	Njrat	Browse
	1.exe	Get hash	malicious	Njrat	Browse
	226dVJ2zRZ.exe	Get hash	malicious	Njrat	Browse
	IsJb5hB84q.exe	Get hash	malicious	Njrat	Browse
	Terraria.exe	Get hash	malicious	Njrat	Browse
	rkIcS0Y2WY.exe	Get hash	malicious	Njrat	Browse
3.69.115.178	1iZH7aeO5F.exe	Get hash	malicious	Njrat	Browse
	YTYyFVemXR.exe	Get hash	malicious	Njrat	Browse
	zyx3qItgQK.exe	Get hash	malicious	Njrat	Browse
	ziTLBa3N50.exe	Get hash	malicious	Njrat	Browse
	IsJb5hB84q.exe	Get hash	malicious	Njrat	Browse
	myidJB8lDL.exe	Get hash	malicious	Njrat	Browse
	rkIcS0Y2WY.exe	Get hash	malicious	Njrat	Browse
	30b4CoDmKk.exe	Get hash	malicious	Njrat	Browse
	QsKtlzYaKF.exe	Get hash	malicious	Njrat	Browse
	xZLQ8X9Cxo.exe	Get hash	malicious	Njrat	Browse
3.69.157.220	mhYCwt8wBz.exe	Get hash	malicious	Njrat	Browse
	Client.exe	Get hash	malicious	AsyncRAT, DcRat	Browse
	YTYyFVemXR.exe	Get hash	malicious	Njrat	Browse
	NfJ0jC2dPr.exe	Get hash	malicious	Njrat	Browse
	ziTLBa3N50.exe	Get hash	malicious	Njrat	Browse
	1.exe	Get hash	malicious	Njrat	Browse
	226dVJ2zRZ.exe	Get hash	malicious	Njrat	Browse
	myidJB8lDL.exe	Get hash	malicious	Njrat	Browse
	QsKtlzYaKF.exe	Get hash	malicious	Njrat	Browse
	xZLQ8X9Cxo.exe	Get hash	malicious	Njrat	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pastebin.com	qHYHgANDmm.exe	Get hash	malicious	RedLine, Xmrig	Browse	172.67.19.24
	MzMXVPEjdy.exe	Get hash	malicious	DCRat	Browse	104.20.3.235
	Resolucion Juridica Bloqueo Cuentas y servicios SRI.vbs.xz	Get hash	malicious	Unknown	Browse	172.67.19.24
	ubes6SC7Vd.exe	Get hash	malicious	Unknown	Browse	172.67.19.24
	d43YUxXAW7.exe	Get hash	malicious	DCRat	Browse	104.20.4.235
	IlWPStOFHj.rtf	Get hash	malicious	Remcos	Browse	104.20.4.235
	V8ZnJcPOUY.rtf	Get hash	malicious	HTMLPhisher	Browse	104.20.4.235
	A24-00342B139336 #TW_Inquiry.xls	Get hash	malicious	SmokeLoader	Browse	104.20.4.235
	LgTFM1JlJu.rtf	Get hash	malicious	AgentTesla	Browse	104.20.4.235
	invoice.exe	Get hash	malicious	MinerDownloader, RedLine, Xmrig	Browse	172.67.19.24
6.tcp.eu.ngrok.io	1iZH7aeO5F.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	mhYCwt8wBz.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	592CDAD0A5B0AE90E0C812AECB2677096AF06CF941CE2.exe	Get hash	malicious	Njrat	Browse	52.28.247.255
	U22p1GcCSb.exe	Get hash	malicious	Njrat	Browse	3.66.38.117
	Client.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	3.69.157.220
	M5vARlA2c4.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	YTYyFVemXR.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	zyx3qItgQK.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	NfJ0jC2dPr.exe	Get hash	malicious	Njrat	Browse	3.69.157.220
	ziTLBa3N50.exe	Get hash	malicious	Njrat	Browse	3.69.157.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://uploads-ssl.webflow.com/64f19dbeb7bd18d4e09517f8/656158fdb0748ff4745b2553_11416187425.pdf	Get hash	malicious	Unknown	Browse	65.9.86.55
	http://blogairmasonwp.wpuserpowered.com	Get hash	malicious	Unknown	Browse	13.33.187.110
	https://fhdqc8.fi59.fdske.com/ec/gAAAAABmfG_ZE-m-29eaWUjMA3HaXqLuhn-zof_RAI8F9SnEsJeBrxXbFJ_QyKr-fWTPK6l8cRHC0FXaTbZtMgoxRLBsIq4e9-AHLtzINSbe15rLoZE8Cb975_4haed_mV9vidJGYwisJR_GR8EhBzJwfP_N3S4RgD7jWdZhnZMVDtyD16gXyz2Pjd3Ml6hCv_tNEXq0M57qqh817pHT5mU65FFGFV-_qoF70dHtIRVCYgS5uPH1UDawJgY7AzCEGNJDN4td9fBROSwJFmjNsWpyWMu6Czs_GYjlVy-m8tGRKfzvqsTtrCYnz-yzqvKS9CKTBpG4osObCdFr01h3Jf9tbecJOyduEezSP5gUjlPkt2M3D6lYas0a22byVoXWFDxqXMsEo5eC	Get hash	malicious	Unknown	Browse	13.35.58.105
	PO #4148137338.html	Get hash	malicious	HTMLPhisher	Browse	13.32.99.97
	call_Playback_gelita.com.html	Get hash	malicious	HTMLPhisher	Browse	63.35.89.131
	Briles Law Office.pdf	Get hash	malicious	Unknown	Browse	13.33.187.118
	KEMPER NORTH AMERICA WIRE REMITTANCE.xlsx	Get hash	malicious	HTMLPhisher	Browse	18.238.248.7
	Electronic Slip_nhbpi.com.html	Get hash	malicious	HTMLPhisher	Browse	13.32.99.97
	Confirmation For-Certara.pdf	Get hash	malicious	HTMLPhisher	Browse	13.227.219.47
	https://forms.office.com/e/mV7Vn4rBF1	Get hash	malicious	Unknown	Browse	54.73.146.43
CLOUDFLARENETUS	am.exe	Get hash	malicious	Amadey	Browse	188.114.96.3
	https://uploads-ssl.webflow.com/64f19dbeb7bd18d4e09517f8/656158fdb0748ff4745b2553_11416187425.pdf	Get hash	malicious	Unknown	Browse	104.17.2.184
	http://blogairmasonwp.wpuserpowered.com	Get hash	malicious	Unknown	Browse	172.66.41.8
	https://fhdqc8.fi59.fdske.com/ec/gAAAAABmfG_ZE-m-29eaWUjMA3HaXqLuhn-zof_RAI8F9SnEsJeBrxXbFJ_QyKr-fWTPK6l8cRHC0FXaTbZtMgoxRLBsIq4e9-AHLtzINSbe15rLoZE8Cb975_4haed_mV9vidJGYwisJR_GR8EhBzJwfP_N3S4RgD7jWdZhnZMVDtyD16gXyz2Pjd3Ml6hCv_tNEXq0M57qqh817pHT5mU65FFGFV-_qoF70dHtIRVCYgS5uPH1UDawJgY7AzCEGNJDN4td9fBROSwJFmjNsWpyWMu6Czs_GYjlVy-m8tGRKfzvqsTtrCYnz-yzqvKS9CKTBpG4osObCdFr01h3Jf9tbecJOyduEezSP5gUjlPkt2M3D6lYas0a22byVoXWFDxqXMsEo5eC	Get hash	malicious	Unknown	Browse	188.114.96.3
	PO #4148137338.html	Get hash	malicious	HTMLPhisher	Browse	104.21.11.185
	call_Playback_gelita.com.html	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	REMITTANCE 83-For-Dot.pdf	Get hash	malicious	Unknown	Browse	104.17.2.184
	Briles Law Office.pdf	Get hash	malicious	Unknown	Browse	172.64.153.27
	JQhvrKfKRE.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	172.67.160.107
	Electronic Slip_nhbpi.com.html	Get hash	malicious	HTMLPhisher	Browse	172.67.216.215
AMAZON-02US	https://uploads-ssl.webflow.com/64f19dbeb7bd18d4e09517f8/656158fdb0748ff4745b2553_11416187425.pdf	Get hash	malicious	Unknown	Browse	65.9.86.55
	http://blogairmasonwp.wpuserpowered.com	Get hash	malicious	Unknown	Browse	13.33.187.110
	https://fhdqc8.fi59.fdske.com/ec/gAAAAABmfG_ZE-m-29eaWUjMA3HaXqLuhn-zof_RAI8F9SnEsJeBrxXbFJ_QyKr-fWTPK6l8cRHC0FXaTbZtMgoxRLBsIq4e9-AHLtzINSbe15rLoZE8Cb975_4haed_mV9vidJGYwisJR_GR8EhBzJwfP_N3S4RgD7jWdZhnZMVDtyD16gXyz2Pjd3Ml6hCv_tNEXq0M57qqh817pHT5mU65FFGFV-_qoF70dHtIRVCYgS5uPH1UDawJgY7AzCEGNJDN4td9fBROSwJFmjNsWpyWMu6Czs_GYjlVy-m8tGRKfzvqsTtrCYnz-yzqvKS9CKTBpG4osObCdFr01h3Jf9tbecJOyduEezSP5gUjlPkt2M3D6lYas0a22byVoXWFDxqXMsEo5eC	Get hash	malicious	Unknown	Browse	13.35.58.105
	PO #4148137338.html	Get hash	malicious	HTMLPhisher	Browse	13.32.99.97
	call_Playback_gelita.com.html	Get hash	malicious	HTMLPhisher	Browse	63.35.89.131
	Briles Law Office.pdf	Get hash	malicious	Unknown	Browse	13.33.187.118
	KEMPER NORTH AMERICA WIRE REMITTANCE.xlsx	Get hash	malicious	HTMLPhisher	Browse	18.238.248.7
	Electronic Slip_nhbpi.com.html	Get hash	malicious	HTMLPhisher	Browse	13.32.99.97
	Confirmation For-Certara.pdf	Get hash	malicious	HTMLPhisher	Browse	13.227.219.47
	https://forms.office.com/e/mV7Vn4rBF1	Get hash	malicious	Unknown	Browse	54.73.146.43
AMAZON-02US	https://uploads-ssl.webflow.com/64f19dbeb7bd18d4e09517f8/656158fdb0748ff4745b2553_11416187425.pdf	Get hash	malicious	Unknown	Browse	65.9.86.55
	http://blogairmasonwp.wpuserpowered.com	Get hash	malicious	Unknown	Browse	13.33.187.110
	https://fhdqc8.fi59.fdske.com/ec/gAAAAABmfG_ZE-m-29eaWUjMA3HaXqLuhn-zof_RAI8F9SnEsJeBrxXbFJ_QyKr-fWTPK6l8cRHC0FXaTbZtMgoxRLBsIq4e9-AHLtzINSbe15rLoZE8Cb975_4haed_mV9vidJGYwisJR_GR8EhBzJwfP_N3S4RgD7jWdZhnZMVDtyD16gXyz2Pjd3Ml6hCv_tNEXq0M57qqh817pHT5mU65FFGFV-_qoF70dHtIRVCYgS5uPH1UDawJgY7AzCEGNJDN4td9fBROSwJFmjNsWpyWMu6Czs_GYjlVy-m8tGRKfzvqsTtrCYnz-yzqvKS9CKTBpG4osObCdFr01h3Jf9tbecJOyduEezSP5gUjlPkt2M3D6lYas0a22byVoXWFDxqXMsEo5eC	Get hash	malicious	Unknown	Browse	13.35.58.105
	PO #4148137338.html	Get hash	malicious	HTMLPhisher	Browse	13.32.99.97
	call_Playback_gelita.com.html	Get hash	malicious	HTMLPhisher	Browse	63.35.89.131
	Briles Law Office.pdf	Get hash	malicious	Unknown	Browse	13.33.187.118
	KEMPER NORTH AMERICA WIRE REMITTANCE.xlsx	Get hash	malicious	HTMLPhisher	Browse	18.238.248.7
	Electronic Slip_nhbpi.com.html	Get hash	malicious	HTMLPhisher	Browse	13.32.99.97
	Confirmation For-Certara.pdf	Get hash	malicious	HTMLPhisher	Browse	13.227.219.47
	https://forms.office.com/e/mV7Vn4rBF1	Get hash	malicious	Unknown	Browse	54.73.146.43

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Sales Contract 3987420240619.vbs	Get hash	malicious	Unknown	Browse	104.20.3.235
	http://blogairmasonwp.wpuserpowered.com	Get hash	malicious	Unknown	Browse	104.20.3.235
	Briles Law Office.pdf	Get hash	malicious	Unknown	Browse	104.20.3.235
	2024po.exe	Get hash	malicious	GhostRat	Browse	104.20.3.235
	Jsh2L2erLulfKPd.exe	Get hash	malicious	AgentTesla	Browse	104.20.3.235
	2024po.exe	Get hash	malicious	GhostRat	Browse	104.20.3.235
	CONFIRM BANK DETAILS.exe	Get hash	malicious	AgentTesla	Browse	104.20.3.235
	Payment Confirmation june 27.svg	Get hash	malicious	Unknown	Browse	104.20.3.235
	https://docs.google.com/presentation/d/e/2PACX-1vR8m0bqEQuaukshU6LC7P5N5_654KM13DpeGexrMzbqKZH9Wo0dhdSlUCDfjp0nXFsXwEAbARUSUKpH/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	104.20.3.235
	Purchase Order.exe	Get hash	malicious	AgentTesla	Browse	104.20.3.235

Process:	C:\Users\user\Desktop\ClientAny.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.5.False

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.798923900996252
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	ClientAny.exe
File size:	75'776 bytes
MD5:	48865d6cc53e8a2fc637da9f1ee5e353
SHA1:	d655c548c01f91438d20f80bd9acab9f94073cef
SHA256:	243107799d46411f4a919d7117eef4b5f1718dc997bf9ef316ed822ea93b29e8
SHA512:	acd3920bbb859c8e27334977cf7b5ec1bb035c38e1203cf40aea4caf33e4dcf8b3ac5e754d7a63973ec56186f3f2484530e897e58b4da169df34b1e469f78940
SSDEEP:	1536:LUk0cxVGlCBiPMVQ0JpsIyb1bu/MIomRQzc+LVclN:LURcxVMWiPMVz/4b1bukIo+QXBY
TLSH:	DF734A013BE88D26F2AE47B9ACF251074EF4D1576512CE9E3CC450CD6A67BC58A037EA
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c............................~4... ...@....@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x41347e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x63E41DD4 [Wed Feb 8 22:10:28 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x13424	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x14000	0xdf7	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x16000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x11484	0x11600	b7a9870c964af82bee3b238a8a16cf34	False	0.4831384892086331	data	5.826010861427022	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x14000	0xdf7	0xe00	50d51c0d62880c66f3cf5bb9b910b038	False	0.40318080357142855	data	5.114037721217549	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x16000	0xc	0x200	e00605145d8e954818113d40af9e9488	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x140a0	0x2d4	data			0.4447513812154696
RT_MANIFEST	0x14374	0xa83	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.40245261984392416

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 27, 2024 19:36:00.850564003 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:00.850586891 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:00.850719929 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:00.861368895 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:00.861388922 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.353071928 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.353370905 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:01.358359098 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:01.358369112 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.358654976 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.402493954 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:01.404371977 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:01.448493004 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.924981117 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.925108910 CEST	443	49711	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:01.925179958 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:01.967135906 CEST	49711	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:02.002317905 CEST	49712	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:02.007349968 CEST	11492	49712	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:02.007438898 CEST	49712	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:02.023842096 CEST	49712	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:02.030255079 CEST	11492	49712	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:03.684279919 CEST	11492	49712	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:03.684398890 CEST	49712	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:06.702096939 CEST	49712	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:06.705033064 CEST	49714	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:06.705056906 CEST	443	49714	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:06.705142021 CEST	49714	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:06.705537081 CEST	49714	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:06.705550909 CEST	443	49714	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:06.707838058 CEST	11492	49712	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:07.173810005 CEST	443	49714	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:07.175327063 CEST	49714	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:07.175338984 CEST	443	49714	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:07.611646891 CEST	443	49714	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:07.611789942 CEST	443	49714	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:07.611849070 CEST	49714	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:07.612462997 CEST	49714	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:07.613382101 CEST	49715	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:07.618200064 CEST	11492	49715	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:07.618293047 CEST	49715	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:07.618617058 CEST	49715	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:07.623418093 CEST	11492	49715	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:09.326778889 CEST	11492	49715	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:09.326874018 CEST	49715	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:12.346344948 CEST	49715	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:12.347559929 CEST	49717	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:12.347608089 CEST	443	49717	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:12.347721100 CEST	49717	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:12.348062992 CEST	49717	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:12.348078966 CEST	443	49717	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:12.351239920 CEST	11492	49715	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:13.049107075 CEST	443	49717	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:13.050817013 CEST	49717	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:13.050832987 CEST	443	49717	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:13.467199087 CEST	443	49717	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:13.467328072 CEST	443	49717	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:13.467417955 CEST	49717	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:13.468012094 CEST	49717	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:13.468996048 CEST	49718	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:13.474004984 CEST	11492	49718	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:13.474112034 CEST	49718	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:13.474484921 CEST	49718	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:13.479361057 CEST	11492	49718	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:15.126559019 CEST	11492	49718	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:15.126723051 CEST	49718	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:18.170726061 CEST	49718	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:18.171901941 CEST	55116	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:18.171931982 CEST	443	55116	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:18.172000885 CEST	55116	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:18.172416925 CEST	55116	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:18.172435999 CEST	443	55116	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:18.177139044 CEST	11492	49718	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:18.652169943 CEST	443	55116	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:18.664288044 CEST	55116	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:18.664320946 CEST	443	55116	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:18.799559116 CEST	443	55116	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:18.799664021 CEST	443	55116	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:18.799721956 CEST	55116	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:18.800240040 CEST	55116	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:18.801094055 CEST	55117	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:18.805953979 CEST	11492	55117	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:18.806041002 CEST	55117	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:18.806291103 CEST	55117	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:18.811111927 CEST	11492	55117	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:20.449971914 CEST	11492	55117	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:20.450059891 CEST	55117	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:23.467900991 CEST	55117	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:23.469188929 CEST	55119	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:23.469223022 CEST	443	55119	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:23.469321012 CEST	55119	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:23.469619036 CEST	55119	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:23.469630957 CEST	443	55119	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:23.472810984 CEST	11492	55117	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:23.932478905 CEST	443	55119	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:23.939352036 CEST	55119	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:23.939415932 CEST	443	55119	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:24.114664078 CEST	443	55119	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:24.114773989 CEST	443	55119	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:24.114907026 CEST	55119	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:24.115453959 CEST	55119	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:24.116127968 CEST	55120	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:24.121282101 CEST	11492	55120	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:24.121371031 CEST	55120	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:24.121690035 CEST	55120	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:24.126538992 CEST	11492	55120	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:25.795258045 CEST	11492	55120	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:25.795383930 CEST	55120	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:28.811213970 CEST	55120	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:28.812102079 CEST	55121	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:28.812161922 CEST	443	55121	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:28.812247992 CEST	55121	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:28.812608004 CEST	55121	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:28.812643051 CEST	443	55121	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:28.816142082 CEST	11492	55120	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:29.287055016 CEST	443	55121	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:29.288949966 CEST	55121	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:29.289007902 CEST	443	55121	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:29.435015917 CEST	443	55121	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:29.435091019 CEST	443	55121	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:29.435175896 CEST	55121	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:29.435493946 CEST	55121	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:29.436297894 CEST	55122	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:29.441138983 CEST	11492	55122	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:29.441226006 CEST	55122	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:29.441401958 CEST	55122	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:29.446180105 CEST	11492	55122	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:31.108655930 CEST	11492	55122	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:31.108750105 CEST	55122	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:34.123159885 CEST	55122	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:34.124140024 CEST	55123	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:34.124169111 CEST	443	55123	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:34.124232054 CEST	55123	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:34.124502897 CEST	55123	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:34.124515057 CEST	443	55123	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:34.128463030 CEST	11492	55122	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:34.603673935 CEST	443	55123	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:34.616909027 CEST	55123	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:34.616925955 CEST	443	55123	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:34.739870071 CEST	443	55123	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:34.739945889 CEST	443	55123	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:34.740000010 CEST	55123	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:34.740566015 CEST	55123	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:34.741353035 CEST	55124	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:34.747098923 CEST	11492	55124	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:34.747216940 CEST	55124	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:34.747498035 CEST	55124	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:34.752557039 CEST	11492	55124	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:36.390007973 CEST	11492	55124	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:36.390108109 CEST	55124	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:39.405045033 CEST	55124	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:39.406306982 CEST	55125	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:39.406337023 CEST	443	55125	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:39.406438112 CEST	55125	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:39.406766891 CEST	55125	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:39.406779051 CEST	443	55125	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:39.410217047 CEST	11492	55124	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:39.873703957 CEST	443	55125	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:39.881932020 CEST	55125	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:39.881947041 CEST	443	55125	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:40.024631023 CEST	443	55125	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:40.024712086 CEST	443	55125	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:40.024776936 CEST	55125	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:40.025285006 CEST	55125	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:40.026024103 CEST	55126	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:40.030916929 CEST	11492	55126	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:40.031017065 CEST	55126	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:40.031267881 CEST	55126	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:40.036144018 CEST	11492	55126	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:41.670299053 CEST	11492	55126	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:41.670377016 CEST	55126	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:44.686332941 CEST	55126	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:44.687304020 CEST	55128	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:44.687339067 CEST	443	55128	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:44.687443972 CEST	55128	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:44.688287973 CEST	55128	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:44.688303947 CEST	443	55128	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:44.691518068 CEST	11492	55126	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:45.155906916 CEST	443	55128	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:45.157227039 CEST	55128	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:45.157253981 CEST	443	55128	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:45.299150944 CEST	443	55128	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:45.299237013 CEST	443	55128	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:45.299299955 CEST	55128	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:45.299789906 CEST	55128	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:45.300432920 CEST	55129	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:45.305422068 CEST	11492	55129	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:45.305548906 CEST	55129	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:45.305803061 CEST	55129	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:45.310677052 CEST	11492	55129	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:46.970001936 CEST	11492	55129	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:46.970088959 CEST	55129	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:49.983683109 CEST	55129	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:49.984997034 CEST	55130	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:49.985054016 CEST	443	55130	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:49.985145092 CEST	55130	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:49.985472918 CEST	55130	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:49.985490084 CEST	443	55130	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:49.988656044 CEST	11492	55129	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:50.480123043 CEST	443	55130	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:50.481961012 CEST	55130	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:50.481980085 CEST	443	55130	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:50.628206015 CEST	443	55130	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:50.628289938 CEST	443	55130	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:50.628338099 CEST	55130	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:50.628844976 CEST	55130	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:50.629575968 CEST	55131	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:50.635987043 CEST	11492	55131	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:50.636068106 CEST	55131	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:50.636313915 CEST	55131	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:50.644618988 CEST	11492	55131	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:52.376012087 CEST	11492	55131	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:52.376152992 CEST	55131	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:55.388837099 CEST	55131	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:55.389918089 CEST	55133	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:55.390017986 CEST	443	55133	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:55.390106916 CEST	55133	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:55.390386105 CEST	55133	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:55.390424013 CEST	443	55133	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:55.394629002 CEST	11492	55131	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:55.862267971 CEST	443	55133	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:55.863521099 CEST	55133	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:55.863548040 CEST	443	55133	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:56.039954901 CEST	443	55133	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:56.040071011 CEST	443	55133	104.20.3.235	192.168.2.6
Jun 27, 2024 19:36:56.040268898 CEST	55133	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:56.040693998 CEST	55133	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:36:56.041332006 CEST	55134	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:56.046288013 CEST	11492	55134	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:56.048538923 CEST	55134	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:56.048780918 CEST	55134	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:36:56.055012941 CEST	11492	55134	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:57.702642918 CEST	11492	55134	3.69.115.178	192.168.2.6
Jun 27, 2024 19:36:57.702900887 CEST	55134	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:00.717480898 CEST	55134	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:00.718616009 CEST	55135	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:00.718642950 CEST	443	55135	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:00.718775034 CEST	55135	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:00.718998909 CEST	55135	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:00.719010115 CEST	443	55135	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:00.722435951 CEST	11492	55134	3.69.115.178	192.168.2.6
Jun 27, 2024 19:37:01.183981895 CEST	443	55135	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:01.185024977 CEST	55135	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:01.185040951 CEST	443	55135	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:01.333018064 CEST	443	55135	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:01.333121061 CEST	443	55135	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:01.333216906 CEST	55135	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:01.333714008 CEST	55135	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:01.334494114 CEST	55136	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:01.339576006 CEST	11492	55136	3.69.115.178	192.168.2.6
Jun 27, 2024 19:37:01.339662075 CEST	55136	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:01.339895010 CEST	55136	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:01.347553015 CEST	11492	55136	3.69.115.178	192.168.2.6
Jun 27, 2024 19:37:03.000263929 CEST	11492	55136	3.69.115.178	192.168.2.6
Jun 27, 2024 19:37:03.000504017 CEST	55136	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:06.015656948 CEST	55136	11492	192.168.2.6	3.69.115.178
Jun 27, 2024 19:37:06.022018909 CEST	11492	55136	3.69.115.178	192.168.2.6
Jun 27, 2024 19:37:06.037591934 CEST	55137	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:06.037658930 CEST	443	55137	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:06.037736893 CEST	55137	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:06.038005114 CEST	55137	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:06.038054943 CEST	443	55137	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:06.694068909 CEST	443	55137	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:06.695259094 CEST	55137	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:06.695302010 CEST	443	55137	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:06.853332996 CEST	443	55137	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:06.853430986 CEST	443	55137	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:06.853523970 CEST	55137	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:06.854006052 CEST	55137	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:06.866023064 CEST	55138	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:06.870928049 CEST	11492	55138	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:06.871016979 CEST	55138	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:06.871267080 CEST	55138	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:06.876288891 CEST	11492	55138	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:08.512871027 CEST	11492	55138	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:08.515495062 CEST	55138	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:11.217353106 CEST	55138	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:11.218605995 CEST	55140	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:11.218673944 CEST	443	55140	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:11.218764067 CEST	55140	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:11.219001055 CEST	55140	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:11.219013929 CEST	443	55140	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:11.222584963 CEST	11492	55138	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:11.728956938 CEST	443	55140	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:11.730268955 CEST	55140	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:11.730300903 CEST	443	55140	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:11.882261992 CEST	443	55140	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:11.882365942 CEST	443	55140	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:11.882425070 CEST	55140	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:11.882875919 CEST	55140	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:11.883657932 CEST	55141	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:11.888571978 CEST	11492	55141	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:11.888665915 CEST	55141	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:11.888936043 CEST	55141	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:11.894931078 CEST	11492	55141	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:13.530869961 CEST	11492	55141	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:13.530956984 CEST	55141	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:15.967259884 CEST	55141	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:15.968369961 CEST	55142	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:15.968430996 CEST	443	55142	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:15.968516111 CEST	55142	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:15.968760014 CEST	55142	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:15.968775034 CEST	443	55142	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:15.972256899 CEST	11492	55141	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:16.437453032 CEST	443	55142	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:16.440160036 CEST	55142	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:16.440195084 CEST	443	55142	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:16.568965912 CEST	443	55142	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:16.569092035 CEST	443	55142	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:16.569371939 CEST	55142	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:16.569649935 CEST	55142	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:16.570513010 CEST	55143	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:16.575361013 CEST	11492	55143	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:16.575458050 CEST	55143	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:16.575680971 CEST	55143	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:16.581116915 CEST	11492	55143	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:18.243351936 CEST	11492	55143	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:18.243422031 CEST	55143	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:20.436026096 CEST	55143	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:20.436973095 CEST	55144	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:20.437032938 CEST	443	55144	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:20.440574884 CEST	55144	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:20.440865040 CEST	55144	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:20.440876007 CEST	443	55144	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:20.441062927 CEST	11492	55143	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:20.939064026 CEST	443	55144	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:20.941723108 CEST	55144	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:20.941775084 CEST	443	55144	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:21.098498106 CEST	443	55144	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:21.098622084 CEST	443	55144	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:21.098686934 CEST	55144	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:21.099097967 CEST	55144	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:21.099993944 CEST	55145	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:21.105043888 CEST	11492	55145	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:21.105154991 CEST	55145	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:21.105487108 CEST	55145	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:21.110765934 CEST	11492	55145	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:22.770936966 CEST	11492	55145	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:22.771022081 CEST	55145	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:24.748789072 CEST	55145	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:24.750006914 CEST	55146	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:24.750061035 CEST	443	55146	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:24.750138044 CEST	55146	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:24.750406981 CEST	55146	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:24.750423908 CEST	443	55146	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:24.753876925 CEST	11492	55145	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:25.217144012 CEST	443	55146	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:25.221064091 CEST	55146	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:25.221095085 CEST	443	55146	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:25.369915009 CEST	443	55146	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:25.370021105 CEST	443	55146	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:25.370317936 CEST	55146	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:25.370647907 CEST	55146	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:25.371490955 CEST	55147	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:25.377083063 CEST	11492	55147	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:25.380595922 CEST	55147	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:25.380855083 CEST	55147	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:25.385991096 CEST	11492	55147	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:27.064260960 CEST	11492	55147	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:27.064604998 CEST	55147	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:28.842271090 CEST	55147	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:28.843405008 CEST	55148	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:28.843446016 CEST	443	55148	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:28.843570948 CEST	55148	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:28.843811989 CEST	55148	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:28.843826056 CEST	443	55148	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:28.847162008 CEST	11492	55147	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:29.308101892 CEST	443	55148	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:29.309273005 CEST	55148	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:29.309303999 CEST	443	55148	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:29.438069105 CEST	443	55148	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:29.438265085 CEST	443	55148	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:29.438538074 CEST	55148	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:29.438924074 CEST	55148	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:29.439939976 CEST	55149	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:29.444756031 CEST	11492	55149	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:29.444912910 CEST	55149	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:29.445139885 CEST	55149	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:29.450514078 CEST	11492	55149	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:31.094356060 CEST	11492	55149	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:31.094736099 CEST	55149	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:32.701090097 CEST	55149	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:32.702112913 CEST	55150	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:32.702167034 CEST	443	55150	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:32.702241898 CEST	55150	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:32.702498913 CEST	55150	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:32.702507973 CEST	443	55150	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:32.706079960 CEST	11492	55149	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:33.234775066 CEST	443	55150	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:33.236344099 CEST	55150	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:33.236378908 CEST	443	55150	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:33.389632940 CEST	443	55150	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:33.389739990 CEST	443	55150	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:33.389789104 CEST	55150	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:33.390429974 CEST	55150	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:33.391309977 CEST	55152	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:33.396159887 CEST	11492	55152	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:33.396239996 CEST	55152	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:33.396486998 CEST	55152	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:33.401462078 CEST	11492	55152	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:35.063143969 CEST	11492	55152	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:35.064703941 CEST	55152	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:36.514013052 CEST	55152	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:36.515033960 CEST	55153	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:36.515078068 CEST	443	55153	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:36.516604900 CEST	55153	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:36.516839027 CEST	55153	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:36.516854048 CEST	443	55153	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:36.519370079 CEST	11492	55152	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:36.993837118 CEST	443	55153	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:36.994999886 CEST	55153	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:36.995023966 CEST	443	55153	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:37.143317938 CEST	443	55153	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:37.143423080 CEST	443	55153	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:37.143596888 CEST	55153	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:37.144058943 CEST	55153	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:37.148606062 CEST	55154	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:37.153552055 CEST	11492	55154	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:37.153726101 CEST	55154	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:37.153985977 CEST	55154	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:37.158740997 CEST	11492	55154	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:38.812222004 CEST	11492	55154	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:38.812314987 CEST	55154	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:40.108270884 CEST	55154	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:40.114228010 CEST	11492	55154	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:40.116894960 CEST	55155	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:40.116997957 CEST	443	55155	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:40.117083073 CEST	55155	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:40.117336988 CEST	55155	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:40.117376089 CEST	443	55155	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:40.586303949 CEST	443	55155	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:40.587950945 CEST	55155	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:40.588000059 CEST	443	55155	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:40.737535954 CEST	443	55155	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:40.737664938 CEST	443	55155	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:40.737735033 CEST	55155	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:40.738183975 CEST	55155	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:40.756246090 CEST	55156	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:40.761460066 CEST	11492	55156	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:40.761553049 CEST	55156	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:40.761853933 CEST	55156	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:40.767091036 CEST	11492	55156	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:42.429395914 CEST	11492	55156	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:42.429474115 CEST	55156	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:43.608243942 CEST	55156	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:43.608247042 CEST	55157	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:43.608349085 CEST	443	55157	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:43.608519077 CEST	55157	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:43.608736038 CEST	55157	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:43.608766079 CEST	443	55157	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:43.613275051 CEST	11492	55156	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:44.107146978 CEST	443	55157	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:44.108649969 CEST	55157	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:44.108706951 CEST	443	55157	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:44.244673967 CEST	443	55157	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:44.244934082 CEST	443	55157	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:44.245012999 CEST	55157	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:44.245311022 CEST	55157	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:44.246082067 CEST	55158	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:44.251621962 CEST	11492	55158	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:44.251709938 CEST	55158	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:44.251930952 CEST	55158	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:44.256690979 CEST	11492	55158	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:45.936830997 CEST	11492	55158	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:45.942501068 CEST	55158	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:47.004781008 CEST	55158	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:47.005656958 CEST	55159	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:47.005712986 CEST	443	55159	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:47.006036997 CEST	55159	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:47.006036997 CEST	55159	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:47.006073952 CEST	443	55159	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:47.013216972 CEST	11492	55158	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:47.492396116 CEST	443	55159	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:47.493743896 CEST	55159	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:47.493771076 CEST	443	55159	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:47.644110918 CEST	443	55159	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:47.644381046 CEST	443	55159	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:47.644649982 CEST	55159	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:47.645517111 CEST	55159	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:47.645523071 CEST	55160	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:47.650316954 CEST	11492	55160	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:47.652977943 CEST	55160	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:47.656590939 CEST	55160	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:47.661859035 CEST	11492	55160	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:49.295578957 CEST	11492	55160	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:49.296792984 CEST	55160	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:50.249532938 CEST	55160	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:50.250947952 CEST	55161	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:50.251003027 CEST	443	55161	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:50.251065969 CEST	55161	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:50.251382113 CEST	55161	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:50.251396894 CEST	443	55161	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:50.256314993 CEST	11492	55160	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:50.724102020 CEST	443	55161	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:50.725490093 CEST	55161	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:50.725560904 CEST	443	55161	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:50.877470016 CEST	443	55161	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:50.877580881 CEST	443	55161	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:50.877639055 CEST	55161	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:50.878190041 CEST	55161	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:50.879014015 CEST	55162	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:50.883862019 CEST	11492	55162	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:50.883925915 CEST	55162	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:50.884265900 CEST	55162	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:50.889712095 CEST	11492	55162	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:52.568316936 CEST	11492	55162	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:52.568417072 CEST	55162	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:53.420316935 CEST	55162	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:53.422600031 CEST	55163	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:53.422653913 CEST	443	55163	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:53.425250053 CEST	11492	55162	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:53.425446987 CEST	55163	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:53.425612926 CEST	55163	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:53.425625086 CEST	443	55163	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:53.895719051 CEST	443	55163	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:53.897669077 CEST	55163	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:53.897686005 CEST	443	55163	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:54.010994911 CEST	443	55163	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:54.011075974 CEST	443	55163	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:54.012671947 CEST	55163	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:54.013777018 CEST	55163	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:54.013782978 CEST	55164	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:54.020303011 CEST	11492	55164	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:54.020680904 CEST	55164	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:54.024594069 CEST	55164	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:54.029422998 CEST	11492	55164	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:55.676942110 CEST	11492	55164	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:55.677045107 CEST	55164	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:56.452099085 CEST	55164	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:56.453349113 CEST	55165	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:56.453408003 CEST	443	55165	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:56.453459024 CEST	55165	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:56.453751087 CEST	55165	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:56.453763008 CEST	443	55165	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:56.457456112 CEST	11492	55164	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:57.053467989 CEST	443	55165	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:57.054712057 CEST	55165	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:57.054730892 CEST	443	55165	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:57.219526052 CEST	443	55165	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:57.219624996 CEST	443	55165	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:57.219836950 CEST	55165	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:57.220227957 CEST	55165	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:57.220885038 CEST	55166	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:57.226388931 CEST	11492	55166	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:57.226510048 CEST	55166	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:57.228585005 CEST	55166	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:57.233659983 CEST	11492	55166	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:58.896429062 CEST	11492	55166	3.69.157.220	192.168.2.6
Jun 27, 2024 19:37:58.896517038 CEST	55166	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:59.593250990 CEST	55167	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:59.593257904 CEST	55166	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:37:59.593300104 CEST	443	55167	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:59.593480110 CEST	55167	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:59.593671083 CEST	55167	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:37:59.593688965 CEST	443	55167	104.20.3.235	192.168.2.6
Jun 27, 2024 19:37:59.598890066 CEST	11492	55166	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:00.084407091 CEST	443	55167	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:00.090806007 CEST	55167	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:00.090893030 CEST	443	55167	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:00.219971895 CEST	443	55167	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:00.224317074 CEST	443	55167	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:00.224396944 CEST	55167	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:00.228574038 CEST	55167	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:00.236314058 CEST	55168	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:00.241688013 CEST	11492	55168	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:00.241785049 CEST	55168	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:00.244081974 CEST	55168	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:00.248951912 CEST	11492	55168	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:01.959342957 CEST	11492	55168	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:01.959547997 CEST	55168	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:02.610371113 CEST	55168	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:02.611699104 CEST	55169	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:02.611809969 CEST	443	55169	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:02.611888885 CEST	55169	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:02.612303019 CEST	55169	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:02.612339020 CEST	443	55169	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:02.615385056 CEST	11492	55168	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:03.082859993 CEST	443	55169	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:03.084474087 CEST	55169	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:03.084573030 CEST	443	55169	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:03.258186102 CEST	443	55169	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:03.258671045 CEST	443	55169	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:03.258817911 CEST	55169	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:03.259884119 CEST	55170	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:03.259890079 CEST	55169	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:03.264718056 CEST	11492	55170	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:03.264988899 CEST	55170	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:03.265240908 CEST	55170	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:03.270843029 CEST	11492	55170	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:04.924369097 CEST	11492	55170	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:04.924434900 CEST	55170	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:05.498959064 CEST	55170	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:05.498970032 CEST	55172	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:05.499063015 CEST	443	55172	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:05.499238014 CEST	55172	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:05.499402046 CEST	55172	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:05.499439001 CEST	443	55172	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:05.503803968 CEST	11492	55170	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:06.119136095 CEST	443	55172	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:06.122098923 CEST	55172	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:06.122167110 CEST	443	55172	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:06.267993927 CEST	443	55172	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:06.268114090 CEST	443	55172	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:06.268157005 CEST	55172	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:06.268677950 CEST	55172	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:06.269593000 CEST	55173	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:06.274414062 CEST	11492	55173	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:06.274483919 CEST	55173	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:06.274816036 CEST	55173	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:06.280056000 CEST	11492	55173	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:07.924624920 CEST	11492	55173	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:07.924804926 CEST	55173	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:08.435705900 CEST	55173	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:38:08.436862946 CEST	55174	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:08.436913013 CEST	443	55174	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:08.436971903 CEST	55174	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:08.437223911 CEST	55174	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:08.437237024 CEST	443	55174	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:08.441176891 CEST	11492	55173	3.69.157.220	192.168.2.6
Jun 27, 2024 19:38:09.064780951 CEST	443	55174	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:09.066092968 CEST	55174	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:09.066107988 CEST	443	55174	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:09.218312979 CEST	443	55174	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:09.218391895 CEST	443	55174	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:09.220757008 CEST	55174	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:09.221721888 CEST	55174	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:09.233328104 CEST	55175	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:09.239082098 CEST	11492	55175	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:09.240788937 CEST	55175	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:09.241089106 CEST	55175	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:09.245965004 CEST	11492	55175	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:10.917227983 CEST	11492	55175	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:10.917301893 CEST	55175	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:11.378294945 CEST	55175	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:11.379615068 CEST	55176	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:11.379659891 CEST	443	55176	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:11.382863045 CEST	55176	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:11.383158922 CEST	11492	55175	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:11.383194923 CEST	55176	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:11.383210897 CEST	443	55176	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:11.856072903 CEST	443	55176	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:11.859991074 CEST	55176	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:11.860009909 CEST	443	55176	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:11.986787081 CEST	443	55176	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:11.987010002 CEST	443	55176	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:11.990758896 CEST	55176	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:11.991851091 CEST	55176	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:11.991871119 CEST	55177	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:11.996892929 CEST	11492	55177	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:11.998882055 CEST	55177	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:12.002638102 CEST	55177	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:12.007538080 CEST	11492	55177	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:13.751398087 CEST	11492	55177	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:13.751696110 CEST	55177	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:14.170236111 CEST	55177	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:14.171677113 CEST	55178	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:14.171717882 CEST	443	55178	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:14.171777964 CEST	55178	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:14.172101021 CEST	55178	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:14.172113895 CEST	443	55178	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:14.175113916 CEST	11492	55177	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:14.653876066 CEST	443	55178	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:14.655380964 CEST	55178	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:14.655421972 CEST	443	55178	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:14.814032078 CEST	443	55178	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:14.814285994 CEST	443	55178	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:14.814363956 CEST	55178	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:14.817783117 CEST	55178	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:14.818659067 CEST	55179	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:14.823553085 CEST	11492	55179	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:14.823618889 CEST	55179	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:14.824093103 CEST	55179	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:14.828860998 CEST	11492	55179	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:16.501724005 CEST	11492	55179	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:16.502058029 CEST	55179	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:16.899589062 CEST	55179	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:16.901283026 CEST	55180	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:16.901388884 CEST	443	55180	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:16.901465893 CEST	55180	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:16.901762009 CEST	55180	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:16.901801109 CEST	443	55180	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:16.904597044 CEST	11492	55179	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:17.389775991 CEST	443	55180	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:17.391299963 CEST	55180	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:17.391338110 CEST	443	55180	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:17.537686110 CEST	443	55180	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:17.538006067 CEST	443	55180	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:17.538105011 CEST	55180	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:17.538424969 CEST	55180	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:17.539366961 CEST	55181	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:17.544169903 CEST	11492	55181	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:17.544254065 CEST	55181	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:17.544531107 CEST	55181	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:17.549313068 CEST	11492	55181	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:19.187865973 CEST	11492	55181	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:19.187941074 CEST	55181	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:19.530471087 CEST	55181	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:19.530473948 CEST	55182	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:19.530517101 CEST	443	55182	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:19.530673981 CEST	55182	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:19.530888081 CEST	55182	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:19.530900955 CEST	443	55182	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:19.535542965 CEST	11492	55181	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:19.997854948 CEST	443	55182	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:20.001765013 CEST	55182	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:20.001792908 CEST	443	55182	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:20.218076944 CEST	443	55182	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:20.218199015 CEST	443	55182	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:20.218246937 CEST	55182	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:20.220243931 CEST	55182	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:20.221678972 CEST	55183	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:20.226620913 CEST	11492	55183	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:20.226711988 CEST	55183	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:20.227031946 CEST	55183	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:20.231950998 CEST	11492	55183	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:21.891628027 CEST	11492	55183	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:21.894743919 CEST	55183	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:22.201314926 CEST	55183	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:22.202449083 CEST	55184	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:22.202483892 CEST	443	55184	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:22.202579021 CEST	55184	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:22.202848911 CEST	55184	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:22.202860117 CEST	443	55184	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:22.206340075 CEST	11492	55183	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:22.815622091 CEST	443	55184	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:22.817154884 CEST	55184	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:22.817171097 CEST	443	55184	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:22.943428993 CEST	443	55184	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:22.943551064 CEST	443	55184	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:22.943602085 CEST	55184	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:22.944123030 CEST	55184	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:22.945050001 CEST	55185	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:22.949954033 CEST	11492	55185	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:22.950026989 CEST	55185	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:22.950347900 CEST	55185	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:22.955176115 CEST	11492	55185	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:24.597546101 CEST	11492	55185	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:24.597605944 CEST	55185	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:24.874413013 CEST	55185	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:24.875848055 CEST	55186	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:24.875889063 CEST	443	55186	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:24.875947952 CEST	55186	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:24.876255989 CEST	55186	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:24.876269102 CEST	443	55186	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:24.879376888 CEST	11492	55185	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:25.351682901 CEST	443	55186	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:25.353770018 CEST	55186	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:25.353811026 CEST	443	55186	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:25.493155956 CEST	443	55186	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:25.493283987 CEST	443	55186	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:25.493453979 CEST	55186	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:25.493900061 CEST	55186	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:25.494606972 CEST	55187	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:25.499458075 CEST	11492	55187	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:25.500715017 CEST	55187	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:25.500919104 CEST	55187	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:25.505716085 CEST	11492	55187	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:27.140608072 CEST	11492	55187	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:27.140692949 CEST	55187	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:27.390007019 CEST	55188	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:27.390011072 CEST	55187	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:27.390036106 CEST	443	55188	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:27.390189886 CEST	55188	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:27.392632961 CEST	55188	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:27.392653942 CEST	443	55188	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:27.394849062 CEST	11492	55187	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:27.863588095 CEST	443	55188	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:27.865725040 CEST	55188	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:27.865755081 CEST	443	55188	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:28.010613918 CEST	443	55188	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:28.010911942 CEST	443	55188	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:28.012737989 CEST	55188	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:28.013792992 CEST	55188	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:28.013812065 CEST	55189	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:28.019313097 CEST	11492	55189	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:28.020731926 CEST	55189	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:28.023358107 CEST	55189	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:28.028295994 CEST	11492	55189	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:29.751291037 CEST	11492	55189	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:29.751390934 CEST	55189	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:29.982841969 CEST	55189	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:29.984654903 CEST	55190	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:29.984699011 CEST	443	55190	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:29.988732100 CEST	55190	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:29.989409924 CEST	11492	55189	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:29.989440918 CEST	55190	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:29.989451885 CEST	443	55190	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:30.467381001 CEST	443	55190	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:30.468919039 CEST	55190	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:30.468935966 CEST	443	55190	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:30.628772974 CEST	443	55190	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:30.628916979 CEST	443	55190	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:30.629026890 CEST	55190	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:30.629915953 CEST	55190	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:30.630747080 CEST	55191	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:30.635705948 CEST	11492	55191	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:30.635776043 CEST	55191	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:30.636058092 CEST	55191	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:30.640849113 CEST	11492	55191	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:32.295418978 CEST	11492	55191	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:32.295501947 CEST	55191	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:32.498539925 CEST	55191	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:32.499664068 CEST	55192	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:32.499694109 CEST	443	55192	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:32.499759912 CEST	55192	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:32.500077963 CEST	55192	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:32.500092030 CEST	443	55192	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:32.503686905 CEST	11492	55191	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:33.130018950 CEST	443	55192	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:33.131407022 CEST	55192	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:33.131438971 CEST	443	55192	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:33.304768085 CEST	443	55192	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:33.304868937 CEST	443	55192	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:33.305031061 CEST	55192	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:33.306164980 CEST	55192	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:33.306169033 CEST	55193	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:33.311472893 CEST	11492	55193	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:33.314908981 CEST	55193	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:33.314908981 CEST	55193	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:33.319792032 CEST	11492	55193	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:35.023049116 CEST	11492	55193	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:35.023145914 CEST	55193	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:35.203144073 CEST	55194	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:35.203161001 CEST	55193	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:35.203180075 CEST	443	55194	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:35.203567982 CEST	55194	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:35.203567982 CEST	55194	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:35.203597069 CEST	443	55194	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:35.208143950 CEST	11492	55193	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:35.683518887 CEST	443	55194	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:35.685107946 CEST	55194	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:35.685118914 CEST	443	55194	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:35.843333960 CEST	443	55194	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:35.843688011 CEST	443	55194	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:35.844126940 CEST	55194	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:35.844466925 CEST	55194	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:35.844877958 CEST	55195	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:35.849931955 CEST	11492	55195	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:35.853022099 CEST	55195	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:35.853022099 CEST	55195	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:35.858177900 CEST	11492	55195	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:37.521786928 CEST	11492	55195	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:37.521924019 CEST	55195	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:37.685782909 CEST	55195	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:37.688750029 CEST	55196	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:37.688792944 CEST	443	55196	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:37.691040039 CEST	11492	55195	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:37.692749023 CEST	55196	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:37.696682930 CEST	55196	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:37.696697950 CEST	443	55196	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:38.168329000 CEST	443	55196	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:38.172696114 CEST	55196	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:38.172705889 CEST	443	55196	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:38.305510044 CEST	443	55196	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:38.305596113 CEST	443	55196	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:38.305636883 CEST	55196	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:38.306164026 CEST	55196	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:38.307100058 CEST	55197	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:38.312048912 CEST	11492	55197	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:38.312124968 CEST	55197	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:38.312498093 CEST	55197	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:38.317780972 CEST	11492	55197	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:40.031713963 CEST	11492	55197	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:40.031848907 CEST	55197	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:40.186104059 CEST	55197	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:40.187222958 CEST	55198	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:40.187261105 CEST	443	55198	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:40.187315941 CEST	55198	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:40.187772989 CEST	55198	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:40.187797070 CEST	443	55198	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:40.191184044 CEST	11492	55197	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:40.673893929 CEST	443	55198	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:40.675318003 CEST	55198	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:40.675357103 CEST	443	55198	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:40.849414110 CEST	443	55198	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:40.849509954 CEST	443	55198	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:40.849560976 CEST	55198	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:40.850095034 CEST	55198	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:40.850954056 CEST	55199	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:40.855961084 CEST	11492	55199	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:40.856050968 CEST	55199	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:40.856357098 CEST	55199	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:40.861361027 CEST	11492	55199	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:42.537285089 CEST	11492	55199	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:42.537374973 CEST	55199	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:42.670945883 CEST	55199	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:42.671901941 CEST	55200	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:42.671962023 CEST	443	55200	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:42.672039032 CEST	55200	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:42.672306061 CEST	55200	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:42.672338963 CEST	443	55200	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:42.675944090 CEST	11492	55199	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:43.137868881 CEST	443	55200	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:43.139012098 CEST	55200	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:43.139060974 CEST	443	55200	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:43.273627043 CEST	443	55200	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:43.273724079 CEST	443	55200	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:43.276743889 CEST	55200	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:43.277062893 CEST	55200	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:43.277962923 CEST	55201	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:43.282871008 CEST	11492	55201	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:43.283026934 CEST	55201	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:43.283265114 CEST	55201	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:43.288125992 CEST	11492	55201	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:44.942267895 CEST	11492	55201	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:44.942327976 CEST	55201	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:45.061345100 CEST	55201	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:45.062475920 CEST	55202	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:45.062587976 CEST	443	55202	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:45.062670946 CEST	55202	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:45.063061953 CEST	55202	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:45.063091993 CEST	443	55202	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:45.066694975 CEST	11492	55201	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:45.524770975 CEST	443	55202	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:45.526740074 CEST	55202	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:45.526782036 CEST	443	55202	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:45.665801048 CEST	443	55202	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:45.665865898 CEST	443	55202	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:45.666004896 CEST	55202	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:45.666796923 CEST	55202	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:45.667066097 CEST	55203	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:45.672075033 CEST	11492	55203	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:45.675405025 CEST	55203	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:45.678731918 CEST	55203	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:45.683645964 CEST	11492	55203	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:47.329061985 CEST	11492	55203	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:47.331610918 CEST	55203	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:47.452568054 CEST	55203	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:47.452574968 CEST	55204	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:47.452627897 CEST	443	55204	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:47.456752062 CEST	55204	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:47.457842112 CEST	11492	55203	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:47.457911015 CEST	55204	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:47.457964897 CEST	443	55204	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:47.943691015 CEST	443	55204	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:47.945779085 CEST	55204	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:47.945820093 CEST	443	55204	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:48.096280098 CEST	443	55204	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:48.096386909 CEST	443	55204	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:48.099766970 CEST	55204	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:48.100866079 CEST	55204	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:48.100873947 CEST	55205	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:48.105660915 CEST	11492	55205	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:48.108777046 CEST	55205	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:48.109021902 CEST	55205	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:48.113985062 CEST	11492	55205	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:49.800383091 CEST	11492	55205	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:49.800633907 CEST	55205	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:49.904652119 CEST	55205	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:49.905636072 CEST	55206	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:49.905687094 CEST	443	55206	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:49.905777931 CEST	55206	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:49.908664942 CEST	55206	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:49.908685923 CEST	443	55206	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:49.909466982 CEST	11492	55205	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:50.393001080 CEST	443	55206	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:50.394687891 CEST	55206	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:50.394759893 CEST	443	55206	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:50.539158106 CEST	443	55206	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:50.539272070 CEST	443	55206	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:50.539334059 CEST	55206	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:50.539993048 CEST	55206	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:50.540980101 CEST	55207	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:50.545821905 CEST	11492	55207	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:50.545896053 CEST	55207	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:50.546339035 CEST	55207	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:50.551187038 CEST	11492	55207	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:52.269414902 CEST	11492	55207	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:52.269491911 CEST	55207	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:52.358253956 CEST	55207	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:52.359162092 CEST	55208	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:52.359215021 CEST	443	55208	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:52.359355927 CEST	55208	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:52.359631062 CEST	55208	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:52.359653950 CEST	443	55208	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:52.363850117 CEST	11492	55207	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:52.890908957 CEST	443	55208	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:52.892296076 CEST	55208	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:52.892354965 CEST	443	55208	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:53.026978016 CEST	443	55208	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:53.027084112 CEST	443	55208	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:53.027146101 CEST	55208	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:53.028898001 CEST	55208	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:53.029759884 CEST	55209	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:53.034532070 CEST	11492	55209	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:53.034660101 CEST	55209	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:53.034854889 CEST	55209	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:53.039829016 CEST	11492	55209	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:54.688699007 CEST	11492	55209	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:54.691365004 CEST	55209	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:54.780653954 CEST	55209	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:54.780666113 CEST	55210	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:54.780709982 CEST	443	55210	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:54.780934095 CEST	55210	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:54.781181097 CEST	55210	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:54.781199932 CEST	443	55210	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:54.785454035 CEST	11492	55209	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:55.249515057 CEST	443	55210	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:55.250890970 CEST	55210	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:55.250941038 CEST	443	55210	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:55.378978968 CEST	443	55210	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:55.379086971 CEST	443	55210	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:55.379149914 CEST	55210	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:55.379760027 CEST	55210	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:55.380589008 CEST	55211	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:55.385469913 CEST	11492	55211	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:55.385545015 CEST	55211	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:55.385926008 CEST	55211	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:55.391932011 CEST	11492	55211	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:57.148135900 CEST	11492	55211	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:57.148722887 CEST	55211	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:57.232419014 CEST	55211	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:57.233712912 CEST	55212	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:57.233798027 CEST	443	55212	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:57.233902931 CEST	55212	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:57.234251022 CEST	55212	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:57.234287024 CEST	443	55212	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:57.237720013 CEST	11492	55211	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:57.728960991 CEST	443	55212	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:57.730673075 CEST	55212	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:57.730760098 CEST	443	55212	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:57.887310982 CEST	443	55212	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:57.887399912 CEST	443	55212	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:57.887465954 CEST	55212	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:57.888083935 CEST	55212	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:57.888981104 CEST	55213	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:57.894992113 CEST	11492	55213	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:57.895050049 CEST	55213	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:57.895386934 CEST	55213	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:57.901456118 CEST	11492	55213	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:59.567436934 CEST	11492	55213	3.66.38.117	192.168.2.6
Jun 27, 2024 19:38:59.567517996 CEST	55213	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:59.639386892 CEST	55213	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:38:59.640494108 CEST	55214	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:59.640537977 CEST	443	55214	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:59.640589952 CEST	55214	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:59.640861034 CEST	55214	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:38:59.640881062 CEST	443	55214	104.20.3.235	192.168.2.6
Jun 27, 2024 19:38:59.645325899 CEST	11492	55213	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:00.138217926 CEST	443	55214	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:00.139569044 CEST	55214	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:00.139611959 CEST	443	55214	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:00.472544909 CEST	443	55214	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:00.472649097 CEST	443	55214	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:00.472811937 CEST	55214	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:00.473216057 CEST	55214	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:00.476685047 CEST	55215	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:00.481554985 CEST	11492	55215	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:00.481688023 CEST	55215	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:00.482017040 CEST	55215	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:00.486876965 CEST	11492	55215	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:02.192502975 CEST	11492	55215	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:02.192553043 CEST	55215	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:02.263947010 CEST	55215	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:02.266838074 CEST	55216	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:02.266895056 CEST	443	55216	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:02.268809080 CEST	11492	55215	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:02.268963099 CEST	55216	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:02.271096945 CEST	55216	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:02.271117926 CEST	443	55216	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:02.749061108 CEST	443	55216	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:02.753757000 CEST	55216	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:02.753783941 CEST	443	55216	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:02.877794027 CEST	443	55216	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:02.877895117 CEST	443	55216	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:02.880793095 CEST	55216	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:02.881900072 CEST	55216	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:02.881899118 CEST	55217	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:02.886924982 CEST	11492	55217	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:02.888818026 CEST	55217	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:02.892680883 CEST	55217	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:02.897911072 CEST	11492	55217	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:04.548060894 CEST	11492	55217	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:04.548737049 CEST	55217	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:04.608566046 CEST	55218	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:04.608566999 CEST	55217	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:04.608627081 CEST	443	55218	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:04.608712912 CEST	55218	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:04.612689972 CEST	55218	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:04.612701893 CEST	443	55218	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:04.613550901 CEST	11492	55217	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:05.096750021 CEST	443	55218	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:05.101840973 CEST	55218	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:05.101860046 CEST	443	55218	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:05.245429039 CEST	443	55218	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:05.245532036 CEST	443	55218	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:05.245574951 CEST	55218	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:05.246268988 CEST	55218	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:05.247020006 CEST	55219	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:05.252139091 CEST	11492	55219	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:05.252221107 CEST	55219	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:05.252652884 CEST	55219	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:05.257612944 CEST	11492	55219	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:06.928298950 CEST	11492	55219	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:06.928399086 CEST	55219	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:06.983232975 CEST	55219	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:06.983352900 CEST	55220	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:06.983385086 CEST	443	55220	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:06.983522892 CEST	55220	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:06.983752966 CEST	55220	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:06.983761072 CEST	443	55220	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:06.988188028 CEST	11492	55219	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:07.496093988 CEST	443	55220	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:07.497872114 CEST	55220	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:07.497890949 CEST	443	55220	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:07.649606943 CEST	443	55220	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:07.649698973 CEST	443	55220	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:07.649745941 CEST	55220	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:07.650295973 CEST	55220	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:07.651196003 CEST	55221	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:07.656414032 CEST	11492	55221	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:07.656514883 CEST	55221	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:07.656829119 CEST	55221	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:07.662015915 CEST	11492	55221	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:09.298437119 CEST	11492	55221	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:09.298530102 CEST	55221	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:09.342371941 CEST	55221	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:39:09.343411922 CEST	55222	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:09.343466043 CEST	443	55222	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:09.343533039 CEST	55222	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:09.343763113 CEST	55222	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:09.343782902 CEST	443	55222	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:09.347234011 CEST	11492	55221	3.66.38.117	192.168.2.6
Jun 27, 2024 19:39:09.816811085 CEST	443	55222	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:09.818427086 CEST	55222	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:09.818464994 CEST	443	55222	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:09.968588114 CEST	443	55222	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:09.968682051 CEST	443	55222	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:09.968749046 CEST	55222	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:09.969538927 CEST	55222	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:09.981347084 CEST	55223	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:09.986226082 CEST	11492	55223	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:09.986294031 CEST	55223	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:09.986618996 CEST	55223	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:09.991360903 CEST	11492	55223	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:11.674626112 CEST	11492	55223	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:11.674715042 CEST	55223	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:11.717933893 CEST	55223	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:11.719181061 CEST	55224	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:11.719233990 CEST	443	55224	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:11.719289064 CEST	55224	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:11.719635010 CEST	55224	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:11.719645023 CEST	443	55224	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:11.722796917 CEST	11492	55223	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:12.186281919 CEST	443	55224	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:12.187922001 CEST	55224	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:12.187942028 CEST	443	55224	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:12.333156109 CEST	443	55224	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:12.333275080 CEST	443	55224	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:12.335128069 CEST	55224	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:12.336190939 CEST	55224	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:12.336210966 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:12.341017962 CEST	11492	55225	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:12.344755888 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:12.345012903 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:12.349704027 CEST	11492	55225	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:14.823111057 CEST	11492	55225	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:14.823245049 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:14.823515892 CEST	11492	55225	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:14.823920965 CEST	11492	55225	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:14.824019909 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:14.824019909 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:14.860517979 CEST	55225	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:14.860647917 CEST	55227	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:14.860672951 CEST	443	55227	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:14.864908934 CEST	55227	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:14.864908934 CEST	55227	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:14.864936113 CEST	443	55227	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:14.865248919 CEST	11492	55225	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:15.338210106 CEST	443	55227	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:15.341505051 CEST	55227	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:15.341523886 CEST	443	55227	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:15.478909969 CEST	443	55227	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:15.478996038 CEST	443	55227	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:15.479151011 CEST	55227	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:15.479687929 CEST	55227	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:15.480242014 CEST	55228	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:15.485610008 CEST	11492	55228	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:15.485682964 CEST	55228	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:15.485939026 CEST	55228	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:15.490741014 CEST	11492	55228	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:17.161097050 CEST	11492	55228	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:17.164750099 CEST	55228	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:17.204674006 CEST	55228	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:17.204721928 CEST	55229	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:17.204751015 CEST	443	55229	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:17.204858065 CEST	55229	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:17.208674908 CEST	55229	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:17.208686113 CEST	443	55229	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:17.209574938 CEST	11492	55228	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:17.685815096 CEST	443	55229	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:17.687911034 CEST	55229	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:17.687928915 CEST	443	55229	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:17.816840887 CEST	443	55229	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:17.816953897 CEST	443	55229	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:17.816993952 CEST	55229	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:17.817513943 CEST	55229	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:17.818365097 CEST	55230	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:17.823514938 CEST	11492	55230	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:17.823585033 CEST	55230	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:17.823942900 CEST	55230	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:17.829365015 CEST	11492	55230	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:19.502110004 CEST	11492	55230	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:19.502183914 CEST	55230	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:19.545660019 CEST	55230	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:19.546899080 CEST	55231	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:19.547022104 CEST	443	55231	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:19.547106028 CEST	55231	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:19.547408104 CEST	55231	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:19.547444105 CEST	443	55231	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:19.550575972 CEST	11492	55230	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:20.060214043 CEST	443	55231	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:20.061646938 CEST	55231	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:20.061745882 CEST	443	55231	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:20.210732937 CEST	443	55231	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:20.210854053 CEST	443	55231	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:20.210903883 CEST	55231	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:20.211611986 CEST	55231	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:20.212450027 CEST	55232	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:20.217314959 CEST	11492	55232	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:20.217447996 CEST	55232	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:20.217699051 CEST	55232	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:20.222484112 CEST	11492	55232	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:21.893472910 CEST	11492	55232	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:21.893527031 CEST	55232	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:21.937866926 CEST	55232	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:21.939059973 CEST	55233	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:21.939110041 CEST	443	55233	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:21.939171076 CEST	55233	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:21.939603090 CEST	55233	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:21.939615965 CEST	443	55233	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:21.942775011 CEST	11492	55232	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:22.503498077 CEST	443	55233	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:22.505810022 CEST	55233	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:22.505844116 CEST	443	55233	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:22.653075933 CEST	443	55233	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:22.653162956 CEST	443	55233	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:22.656769037 CEST	55233	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:22.657198906 CEST	55233	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:22.660654068 CEST	55234	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:22.665482998 CEST	11492	55234	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:22.665611982 CEST	55234	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:22.668651104 CEST	55234	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:22.673418045 CEST	11492	55234	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:24.399687052 CEST	11492	55234	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:24.401916981 CEST	55234	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:24.435899973 CEST	55234	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:24.438678026 CEST	55235	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:24.438776016 CEST	443	55235	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:24.439121008 CEST	55235	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:24.439332962 CEST	55235	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:24.439362049 CEST	443	55235	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:24.644171953 CEST	11492	55234	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:25.104522943 CEST	443	55235	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:25.105905056 CEST	55235	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:25.105976105 CEST	443	55235	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:25.389324903 CEST	443	55235	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:25.389416933 CEST	443	55235	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:25.389472961 CEST	55235	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:25.390027046 CEST	55235	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:25.390816927 CEST	55236	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:25.395628929 CEST	11492	55236	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:25.395705938 CEST	55236	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:25.396114111 CEST	55236	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:25.401081085 CEST	11492	55236	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:27.089402914 CEST	11492	55236	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:27.092700958 CEST	55236	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:27.123382092 CEST	55236	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:27.124672890 CEST	55237	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:27.124774933 CEST	443	55237	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:27.128196955 CEST	11492	55236	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:27.128777027 CEST	55237	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:27.131650925 CEST	55237	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:27.131688118 CEST	443	55237	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:27.609479904 CEST	443	55237	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:27.610903978 CEST	55237	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:27.610937119 CEST	443	55237	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:27.769807100 CEST	443	55237	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:27.769912958 CEST	443	55237	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:27.769962072 CEST	55237	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:27.770442009 CEST	55237	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:27.771424055 CEST	55238	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:27.782402039 CEST	11492	55238	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:27.782468081 CEST	55238	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:27.782866001 CEST	55238	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:27.787697077 CEST	11492	55238	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:29.440155029 CEST	11492	55238	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:29.440243006 CEST	55238	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:29.467871904 CEST	55238	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:29.469016075 CEST	55239	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:29.469064951 CEST	443	55239	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:29.469121933 CEST	55239	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:29.469422102 CEST	55239	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:29.469434977 CEST	443	55239	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:29.473026991 CEST	11492	55238	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:29.948455095 CEST	443	55239	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:29.950125933 CEST	55239	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:29.950160980 CEST	443	55239	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:30.101881981 CEST	443	55239	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:30.101998091 CEST	443	55239	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:30.102050066 CEST	55239	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:30.102669954 CEST	55239	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:30.103584051 CEST	55240	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:30.108438015 CEST	11492	55240	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:30.108504057 CEST	55240	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:30.108875036 CEST	55240	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:30.113997936 CEST	11492	55240	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:31.765697002 CEST	11492	55240	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:31.765769958 CEST	55240	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:31.795973063 CEST	55240	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:31.797514915 CEST	55241	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:31.797568083 CEST	443	55241	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:31.797640085 CEST	55241	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:31.797961950 CEST	55241	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:31.797976017 CEST	443	55241	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:31.801983118 CEST	11492	55240	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:32.334247112 CEST	443	55241	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:32.340624094 CEST	55241	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:32.340643883 CEST	443	55241	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:32.503233910 CEST	443	55241	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:32.503333092 CEST	443	55241	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:32.503434896 CEST	55241	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:32.504605055 CEST	55242	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:32.504611015 CEST	55241	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:32.511334896 CEST	11492	55242	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:32.511580944 CEST	55242	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:32.514616966 CEST	55242	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:32.520184040 CEST	11492	55242	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:34.155721903 CEST	11492	55242	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:34.155781031 CEST	55242	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:34.186439991 CEST	55242	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:34.187814951 CEST	55243	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:34.187846899 CEST	443	55243	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:34.187916994 CEST	55243	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:34.188271046 CEST	55243	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:34.188277960 CEST	443	55243	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:34.191426039 CEST	11492	55242	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:34.662863016 CEST	443	55243	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:34.668632030 CEST	55243	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:34.668657064 CEST	443	55243	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:34.817336082 CEST	443	55243	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:34.817430019 CEST	443	55243	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:34.817559004 CEST	55243	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:34.817971945 CEST	55243	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:34.819015026 CEST	55244	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:34.823805094 CEST	11492	55244	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:34.827116013 CEST	55244	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:34.830689907 CEST	55244	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:34.835562944 CEST	11492	55244	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:36.556749105 CEST	11492	55244	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:36.560695887 CEST	55244	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:36.576598883 CEST	55244	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:36.577229977 CEST	55245	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:36.577265978 CEST	443	55245	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:36.577465057 CEST	55245	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:36.577630997 CEST	55245	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:36.577637911 CEST	443	55245	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:36.581733942 CEST	11492	55244	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:37.057908058 CEST	443	55245	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:37.061343908 CEST	55245	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:37.061379910 CEST	443	55245	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:37.202943087 CEST	443	55245	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:37.203182936 CEST	443	55245	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:37.203655005 CEST	55245	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:37.204804897 CEST	55246	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:37.204809904 CEST	55245	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:37.209664106 CEST	11492	55246	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:37.211328030 CEST	55246	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:37.214802980 CEST	55246	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:37.219630957 CEST	11492	55246	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:38.879913092 CEST	11492	55246	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:38.887132883 CEST	55246	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:38.904711962 CEST	55246	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:38.908607960 CEST	55247	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:38.908673048 CEST	443	55247	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:38.912878036 CEST	11492	55246	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:38.912914038 CEST	55247	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:38.912914038 CEST	55247	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:38.912964106 CEST	443	55247	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:39.407699108 CEST	443	55247	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:39.415915012 CEST	55247	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:39.415971994 CEST	443	55247	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:39.666598082 CEST	443	55247	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:39.666711092 CEST	443	55247	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:39.666768074 CEST	55247	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:39.667238951 CEST	55247	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:39.668113947 CEST	55248	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:39.672890902 CEST	11492	55248	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:39.672967911 CEST	55248	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:39.673322916 CEST	55248	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:39.678311110 CEST	11492	55248	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:41.379347086 CEST	11492	55248	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:41.379430056 CEST	55248	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:41.404366016 CEST	55248	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:41.405500889 CEST	55249	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:41.405548096 CEST	443	55249	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:41.405611038 CEST	55249	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:41.405893087 CEST	55249	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:41.405906916 CEST	443	55249	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:41.409821987 CEST	11492	55248	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:41.874723911 CEST	443	55249	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:41.876374006 CEST	55249	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:41.876408100 CEST	443	55249	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:42.035489082 CEST	443	55249	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:42.035588026 CEST	443	55249	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:42.035634041 CEST	55249	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:42.036287069 CEST	55249	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:42.037086964 CEST	55250	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:42.042695999 CEST	11492	55250	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:42.042757034 CEST	55250	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:42.043077946 CEST	55250	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:42.048042059 CEST	11492	55250	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:43.694797039 CEST	11492	55250	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:43.694861889 CEST	55250	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:43.717773914 CEST	55250	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:43.719031096 CEST	55251	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:43.719070911 CEST	443	55251	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:43.719144106 CEST	55251	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:43.719521046 CEST	55251	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:43.719537973 CEST	443	55251	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:43.726408958 CEST	11492	55250	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:44.288911104 CEST	443	55251	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:44.290550947 CEST	55251	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:44.290577888 CEST	443	55251	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:44.427026987 CEST	443	55251	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:44.428766012 CEST	443	55251	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:44.431338072 CEST	55251	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:44.431338072 CEST	55251	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:44.435472965 CEST	55252	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:44.440565109 CEST	11492	55252	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:44.444950104 CEST	55252	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:44.444950104 CEST	55252	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:44.451371908 CEST	11492	55252	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:46.097446918 CEST	11492	55252	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:46.097510099 CEST	55252	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:46.123913050 CEST	55252	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:46.125308037 CEST	55253	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:46.125336885 CEST	443	55253	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:46.125438929 CEST	55253	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:46.125735044 CEST	55253	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:46.125746012 CEST	443	55253	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:46.128684998 CEST	11492	55252	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:46.639086008 CEST	443	55253	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:46.640574932 CEST	55253	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:46.640595913 CEST	443	55253	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:46.770196915 CEST	443	55253	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:46.770317078 CEST	443	55253	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:46.770561934 CEST	55253	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:46.772582054 CEST	55254	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:46.772608042 CEST	55253	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:46.779241085 CEST	11492	55254	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:46.779345989 CEST	55254	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:46.779789925 CEST	55254	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:46.785319090 CEST	11492	55254	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:48.444619894 CEST	11492	55254	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:48.444757938 CEST	55254	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:48.467020035 CEST	55254	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:48.468564034 CEST	55255	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:48.468605042 CEST	443	55255	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:48.468678951 CEST	55255	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:48.472204924 CEST	11492	55254	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:48.472245932 CEST	55255	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:48.472259045 CEST	443	55255	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:48.981513977 CEST	443	55255	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:48.985686064 CEST	55255	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:48.985718966 CEST	443	55255	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:49.134124994 CEST	443	55255	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:49.134377003 CEST	443	55255	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:49.136704922 CEST	55255	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:49.138156891 CEST	55255	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:49.138168097 CEST	55256	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:49.144428968 CEST	11492	55256	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:49.144669056 CEST	55256	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:49.147540092 CEST	55256	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:49.152298927 CEST	11492	55256	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:50.799254894 CEST	11492	55256	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:50.799396038 CEST	55256	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:50.814712048 CEST	55257	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:50.814712048 CEST	55256	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:50.814738035 CEST	443	55257	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:50.814999104 CEST	55257	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:50.815233946 CEST	55257	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:50.815247059 CEST	443	55257	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:50.820341110 CEST	11492	55256	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:51.292793036 CEST	443	55257	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:51.299005985 CEST	55257	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:51.299037933 CEST	443	55257	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:51.444878101 CEST	443	55257	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:51.445136070 CEST	443	55257	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:51.445198059 CEST	55257	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:51.445559025 CEST	55257	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:51.446471930 CEST	55258	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:51.451271057 CEST	11492	55258	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:51.451350927 CEST	55258	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:51.451785088 CEST	55258	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:51.456507921 CEST	11492	55258	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:53.128408909 CEST	11492	55258	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:53.135116100 CEST	55258	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:53.155911922 CEST	55259	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:53.155917883 CEST	55258	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:53.155956984 CEST	443	55259	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:53.158893108 CEST	55259	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:53.160706997 CEST	11492	55258	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:53.160738945 CEST	55259	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:53.160754919 CEST	443	55259	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:53.642390013 CEST	443	55259	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:53.643630981 CEST	55259	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:53.643661022 CEST	443	55259	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:53.772316933 CEST	443	55259	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:53.772706032 CEST	443	55259	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:53.772754908 CEST	55259	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:53.773228884 CEST	55259	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:53.773976088 CEST	55260	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:53.778775930 CEST	11492	55260	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:53.778845072 CEST	55260	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:53.779195070 CEST	55260	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:53.784116030 CEST	11492	55260	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:55.443078041 CEST	11492	55260	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:55.443142891 CEST	55260	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:55.466757059 CEST	55260	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:55.467823982 CEST	55261	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:55.467891932 CEST	443	55261	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:55.467951059 CEST	55261	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:55.468291998 CEST	55261	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:55.468307972 CEST	443	55261	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:55.476315975 CEST	11492	55260	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:55.945919991 CEST	443	55261	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:55.947514057 CEST	55261	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:55.947540045 CEST	443	55261	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:56.102679014 CEST	443	55261	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:56.103018045 CEST	443	55261	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:56.103079081 CEST	55261	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:56.103379965 CEST	55261	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:56.104183912 CEST	55262	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:56.109592915 CEST	11492	55262	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:56.109657049 CEST	55262	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:56.109946966 CEST	55262	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:56.115716934 CEST	11492	55262	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:57.770010948 CEST	11492	55262	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:57.770090103 CEST	55262	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:57.779623985 CEST	55262	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:57.780850887 CEST	55263	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:57.780880928 CEST	443	55263	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:57.780939102 CEST	55263	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:57.781292915 CEST	55263	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:57.781311035 CEST	443	55263	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:57.784512997 CEST	11492	55262	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:58.283301115 CEST	443	55263	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:58.284904957 CEST	55263	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:58.284920931 CEST	443	55263	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:58.430834055 CEST	443	55263	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:58.431081057 CEST	443	55263	104.20.3.235	192.168.2.6
Jun 27, 2024 19:39:58.432638884 CEST	55263	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:58.433727980 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:58.433728933 CEST	55263	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:39:58.438772917 CEST	11492	55264	3.69.157.220	192.168.2.6
Jun 27, 2024 19:39:58.440654039 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:58.444549084 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:39:58.449460983 CEST	11492	55264	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:00.521646976 CEST	11492	55264	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:00.524738073 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:00.532321930 CEST	11492	55264	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:00.532392979 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:00.533216000 CEST	11492	55264	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:00.536571980 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:00.544914007 CEST	55264	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:00.548537016 CEST	55265	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:00.548592091 CEST	443	55265	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:00.548806906 CEST	55265	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:00.549048901 CEST	55265	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:00.549062967 CEST	443	55265	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:00.550818920 CEST	11492	55264	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:01.038013935 CEST	443	55265	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:01.070790052 CEST	55265	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:01.070831060 CEST	443	55265	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:01.180875063 CEST	443	55265	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:01.180970907 CEST	443	55265	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:01.182676077 CEST	55265	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:01.183129072 CEST	55265	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:01.183780909 CEST	55266	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:01.188684940 CEST	11492	55266	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:01.188831091 CEST	55266	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:01.189215899 CEST	55266	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:01.194629908 CEST	11492	55266	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:02.870023012 CEST	11492	55266	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:02.870187998 CEST	55266	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:02.888533115 CEST	55266	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:02.889848948 CEST	55267	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:02.889884949 CEST	443	55267	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:02.889998913 CEST	55267	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:02.890602112 CEST	55267	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:02.890618086 CEST	443	55267	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:02.893364906 CEST	11492	55266	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:03.375508070 CEST	443	55267	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:03.393985033 CEST	55267	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:03.394007921 CEST	443	55267	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:03.581763029 CEST	443	55267	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:03.581859112 CEST	443	55267	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:03.581990957 CEST	55267	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:03.582468987 CEST	55267	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:03.583225965 CEST	55268	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:03.588259935 CEST	11492	55268	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:03.588326931 CEST	55268	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:03.588675022 CEST	55268	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:03.593739986 CEST	11492	55268	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:05.260116100 CEST	11492	55268	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:05.262948036 CEST	55268	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:05.280577898 CEST	55269	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:05.280612946 CEST	55268	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:05.280622005 CEST	443	55269	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:05.280767918 CEST	55269	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:05.282607079 CEST	55269	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:05.282620907 CEST	443	55269	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:05.287487030 CEST	11492	55268	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:05.767528057 CEST	443	55269	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:05.768903017 CEST	55269	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:05.768928051 CEST	443	55269	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:05.899168015 CEST	443	55269	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:05.899353981 CEST	443	55269	104.20.3.235	192.168.2.6
Jun 27, 2024 19:40:05.899437904 CEST	55269	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:05.899894953 CEST	55269	443	192.168.2.6	104.20.3.235
Jun 27, 2024 19:40:05.900656939 CEST	55270	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:05.905666113 CEST	11492	55270	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:05.905736923 CEST	55270	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:05.906136990 CEST	55270	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:05.911009073 CEST	11492	55270	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:07.599855900 CEST	11492	55270	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:07.599977016 CEST	55270	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:10.608355999 CEST	55270	11492	192.168.2.6	3.69.157.220
Jun 27, 2024 19:40:10.613343000 CEST	11492	55270	3.69.157.220	192.168.2.6
Jun 27, 2024 19:40:12.160125017 CEST	55272	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:12.168442011 CEST	11492	55272	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:12.170711994 CEST	55272	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:12.171017885 CEST	55272	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:12.177190065 CEST	11492	55272	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:13.814811945 CEST	11492	55272	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:13.814904928 CEST	55272	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:16.827974081 CEST	55272	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:16.832938910 CEST	11492	55272	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:17.462356091 CEST	55274	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:17.469800949 CEST	11492	55274	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:17.469891071 CEST	55274	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:17.470144987 CEST	55274	11492	192.168.2.6	3.66.38.117
Jun 27, 2024 19:40:17.477906942 CEST	11492	55274	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:19.128839016 CEST	11492	55274	3.66.38.117	192.168.2.6
Jun 27, 2024 19:40:19.128901005 CEST	55274	11492	192.168.2.6	3.66.38.117

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 27, 2024 19:36:00.834197044 CEST	63041	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:36:00.841872931 CEST	53	63041	1.1.1.1	192.168.2.6
Jun 27, 2024 19:36:01.971226931 CEST	59720	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:36:01.989773989 CEST	53	59720	1.1.1.1	192.168.2.6
Jun 27, 2024 19:36:17.879821062 CEST	53	51251	1.1.1.1	192.168.2.6
Jun 27, 2024 19:37:06.016432047 CEST	63287	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:37:06.024729967 CEST	53	63287	1.1.1.1	192.168.2.6
Jun 27, 2024 19:37:06.854675055 CEST	63133	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:37:06.865402937 CEST	53	63133	1.1.1.1	192.168.2.6
Jun 27, 2024 19:37:40.109328985 CEST	64351	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:37:40.116291046 CEST	53	64351	1.1.1.1	192.168.2.6
Jun 27, 2024 19:38:09.221724987 CEST	60567	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:38:09.232552052 CEST	53	60567	1.1.1.1	192.168.2.6
Jun 27, 2024 19:39:09.970165014 CEST	65016	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:39:09.980437994 CEST	53	65016	1.1.1.1	192.168.2.6
Jun 27, 2024 19:40:10.609251022 CEST	56055	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:40:10.616369963 CEST	53	56055	1.1.1.1	192.168.2.6
Jun 27, 2024 19:40:12.143683910 CEST	54256	53	192.168.2.6	1.1.1.1
Jun 27, 2024 19:40:12.159337044 CEST	53	54256	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 27, 2024 19:36:00.834197044 CEST	192.168.2.6	1.1.1.1	0x5071	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:36:01.971226931 CEST	192.168.2.6	1.1.1.1	0xe8c7	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:06.016432047 CEST	192.168.2.6	1.1.1.1	0xa950	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:06.854675055 CEST	192.168.2.6	1.1.1.1	0xe7b8	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:40.109328985 CEST	192.168.2.6	1.1.1.1	0x7070	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:38:09.221724987 CEST	192.168.2.6	1.1.1.1	0x1965	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:39:09.970165014 CEST	192.168.2.6	1.1.1.1	0x6410	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:40:10.609251022 CEST	192.168.2.6	1.1.1.1	0xc659	Standard query (0)	pastebin.com	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:40:12.143683910 CEST	192.168.2.6	1.1.1.1	0x5033	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jun 27, 2024 19:36:00.841872931 CEST	1.1.1.1	192.168.2.6	0x5071	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:36:00.841872931 CEST	1.1.1.1	192.168.2.6	0x5071	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:36:00.841872931 CEST	1.1.1.1	192.168.2.6	0x5071	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:36:01.989773989 CEST	1.1.1.1	192.168.2.6	0xe8c7	No error (0)	6.tcp.eu.ngrok.io	3.69.115.178	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:06.024729967 CEST	1.1.1.1	192.168.2.6	0xa950	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:06.024729967 CEST	1.1.1.1	192.168.2.6	0xa950	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:06.024729967 CEST	1.1.1.1	192.168.2.6	0xa950	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:06.865402937 CEST	1.1.1.1	192.168.2.6	0xe7b8	No error (0)	6.tcp.eu.ngrok.io	3.69.157.220	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:40.116291046 CEST	1.1.1.1	192.168.2.6	0x7070	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:40.116291046 CEST	1.1.1.1	192.168.2.6	0x7070	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:37:40.116291046 CEST	1.1.1.1	192.168.2.6	0x7070	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:38:09.232552052 CEST	1.1.1.1	192.168.2.6	0x1965	No error (0)	6.tcp.eu.ngrok.io	3.66.38.117	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:39:09.980437994 CEST	1.1.1.1	192.168.2.6	0x6410	No error (0)	6.tcp.eu.ngrok.io	3.69.157.220	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:40:10.616369963 CEST	1.1.1.1	192.168.2.6	0xc659	No error (0)	pastebin.com	104.20.4.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:40:10.616369963 CEST	1.1.1.1	192.168.2.6	0xc659	No error (0)	pastebin.com	104.20.3.235	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:40:10.616369963 CEST	1.1.1.1	192.168.2.6	0xc659	No error (0)	pastebin.com	172.67.19.24	A (IP address)	IN (0x0001)	false
Jun 27, 2024 19:40:12.159337044 CEST	1.1.1.1	192.168.2.6	0x5033	No error (0)	6.tcp.eu.ngrok.io	3.66.38.117	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pastebin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:01 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:01 UTC	391	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:01 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: EXPIRED Last-Modified: Thu, 27 Jun 2024 16:12:02 GMT Server: cloudflare CF-RAY: 89a732691fb91811-EWR
2024-06-27 17:36:01 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49714	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:07 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:36:07 UTC	395	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:07 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 6 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7328f3d40421f-EWR
2024-06-27 17:36:07 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:13 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:36:13 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:13 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 12 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a732b228b378ed-EWR
2024-06-27 17:36:13 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	55116	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:18 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:18 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:18 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 17 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a732d51afd7c6c-EWR
2024-06-27 17:36:18 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	55119	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:23 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:36:24 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:24 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 23 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a732f61a7a437e-EWR
2024-06-27 17:36:24 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	55121	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:29 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:29 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:29 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 28 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a733179edfc47c-EWR
2024-06-27 17:36:29 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	55123	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:34 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:34 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:34 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 33 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73338b91242c0-EWR
2024-06-27 17:36:34 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	55125	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:39 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:40 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:39 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 38 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73359c8c30cc2-EWR
2024-06-27 17:36:40 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	55128	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:45 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:45 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:45 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 44 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7337ab88d187d-EWR
2024-06-27 17:36:45 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	55130	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:50 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:50 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:50 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 49 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7339bff23192a-EWR
2024-06-27 17:36:50 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	55133	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:36:55 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:36:56 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:36:55 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 54 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a733bda9289dff-EWR
2024-06-27 17:36:56 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:36:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	55135	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:01 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:01 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:01 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 60 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a733dee91b42d5-EWR
2024-06-27 17:37:01 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	55137	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:06 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:06 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:06 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 65 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a734016813c44f-EWR
2024-06-27 17:37:06 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	55140	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:11 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:11 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:11 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 70 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73420ee8572a7-EWR
2024-06-27 17:37:11 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	55142	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:16 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:16 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:16 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 75 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7343e2b4f43c9-EWR
2024-06-27 17:37:16 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	55144	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:20 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:21 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:21 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 80 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7345a6eef43b5-EWR
2024-06-27 17:37:21 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	55146	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:25 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:25 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:25 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 84 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a734752a2b431c-EWR
2024-06-27 17:37:25 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	55148	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:29 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:29 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:29 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 88 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7348e9c9f0f90-EWR
2024-06-27 17:37:29 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	55150	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:33 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:37:33 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:33 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 92 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a734a74d9e43c7-EWR
2024-06-27 17:37:33 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	55153	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:36 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:37 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:37 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 96 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a734becf4a42ef-EWR
2024-06-27 17:37:37 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	55155	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:40 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:40 UTC	396	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:40 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 99 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a734d53df443ca-EWR
2024-06-27 17:37:40 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	55157	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:44 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:44 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:44 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 103 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a734eb1d6342e0-EWR
2024-06-27 17:37:44 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	55159	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:47 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:47 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:47 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 106 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735006f6c0f7b-EWR
2024-06-27 17:37:47 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	55161	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:50 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:50 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:50 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 109 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735149d937d06-EWR
2024-06-27 17:37:50 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	55163	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:53 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:54 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:53 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 112 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735283ed08c0f-EWR
2024-06-27 17:37:54 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	55165	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:37:57 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:37:57 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:37:57 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 116 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7353c2f4b42e3-EWR
2024-06-27 17:37:57 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:37:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	55167	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:00 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:00 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:00 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 119 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7354f0e3a42af-EWR
2024-06-27 17:38:00 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	55169	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:03 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:03 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:03 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 122 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73561da3f9e02-EWR
2024-06-27 17:38:03 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	55172	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:06 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:06 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:06 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 125 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73574c88142c2-EWR
2024-06-27 17:38:06 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	55174	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:09 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:09 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:09 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 128 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735873b6b1891-EWR
2024-06-27 17:38:09 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	55176	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:11 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:11 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:11 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 130 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735988d1143a6-EWR
2024-06-27 17:38:11 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	55178	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:14 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:38:14 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:14 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 133 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735aa29c941ac-EWR
2024-06-27 17:38:14 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	55180	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:17 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:17 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:17 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 136 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735bb387d1a1f-EWR
2024-06-27 17:38:17 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	55182	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:20 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:20 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:20 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 139 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735cbb81343a6-EWR
2024-06-27 17:38:20 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	55184	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:22 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:22 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:22 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 141 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735dd0a1e435e-EWR
2024-06-27 17:38:22 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	55186	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:25 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:25 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:25 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 144 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735ece91878df-EWR
2024-06-27 17:38:25 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	55188	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:27 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:28 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:27 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 146 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a735fca92b0fa8-EWR
2024-06-27 17:38:28 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	55190	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:30 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:30 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:30 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 149 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7360cffc443f4-EWR
2024-06-27 17:38:30 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	55192	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:33 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:33 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:33 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 152 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7361da80e8c69-EWR
2024-06-27 17:38:33 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	55194	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:35 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:35 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:35 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 154 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7362d9e43c461-EWR
2024-06-27 17:38:35 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	55196	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:38 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:38 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:38 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 157 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7363cfbcf41df-EWR
2024-06-27 17:38:38 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	55198	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:40 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:40 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:40 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 159 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7364ce8c342c8-EWR
2024-06-27 17:38:40 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	55200	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:43 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:43 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:43 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 162 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7365c0e3f440b-EWR
2024-06-27 17:38:43 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	55202	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:45 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:45 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:45 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 164 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7366afa99447a-EWR
2024-06-27 17:38:45 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	55204	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:47 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:48 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:48 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 167 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7367a3edac440-EWR
2024-06-27 17:38:48 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	55206	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:50 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:50 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:50 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 169 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736897e94433f-EWR
2024-06-27 17:38:50 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	55208	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:52 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:53 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:52 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 171 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73698fb8fc35b-EWR
2024-06-27 17:38:53 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	55210	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:55 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:55 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:55 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 174 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736a7bf990f74-EWR
2024-06-27 17:38:55 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	55212	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:38:57 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:38:57 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:38:57 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 176 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736b7687c4299-EWR
2024-06-27 17:38:57 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:38:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	55214	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:00 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:00 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:00 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 179 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736c74e660f5f-EWR
2024-06-27 17:39:00 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	55216	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:02 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:02 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:02 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 181 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736d699b419ef-EWR
2024-06-27 17:39:02 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	55218	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:05 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:05 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:05 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 184 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736e559710f93-EWR
2024-06-27 17:39:05 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	55220	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:07 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:07 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:07 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 186 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a736f46f4a19bb-EWR
2024-06-27 17:39:07 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	55222	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:09 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:09 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:09 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 188 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73702ec0a7ce4-EWR
2024-06-27 17:39:09 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	55224	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:12 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:39:12 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:12 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 191 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73711bb8c4303-EWR
2024-06-27 17:39:12 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	55227	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:15 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:15 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:15 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 194 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737255bd541a9-EWR
2024-06-27 17:39:15 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	55229	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:17 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:17 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:17 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 196 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73733fa341a28-EWR
2024-06-27 17:39:17 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	55231	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:20 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:20 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:20 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 199 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73742f9f643c1-EWR
2024-06-27 17:39:20 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	55233	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:22 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:22 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:22 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 201 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737523b84c434-EWR
2024-06-27 17:39:22 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	55235	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:25 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:25 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:25 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 204 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737627e86435c-EWR
2024-06-27 17:39:25 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	55237	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:27 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:27 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:27 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 206 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7377229a65e6c-EWR
2024-06-27 17:39:27 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	55239	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:29 UTC	50	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com
2024-06-27 17:39:30 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:30 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 209 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73780b83a19c3-EWR
2024-06-27 17:39:30 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	55241	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:32 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:32 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:32 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 211 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7378fafed8c29-EWR
2024-06-27 17:39:32 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	55243	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:34 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:34 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:34 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 213 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7379e3f2a5e76-EWR
2024-06-27 17:39:34 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	55245	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:37 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:37 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:37 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 216 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737ad1ed30fa5-EWR
2024-06-27 17:39:37 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	55247	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:39 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:39 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:39 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 218 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737bc4b3841a9-EWR
2024-06-27 17:39:39 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	55249	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:41 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:42 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:41 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 220 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737cb2f1e80d6-EWR
2024-06-27 17:39:42 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	55251	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:44 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:44 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:44 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 223 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737da4bae1768-EWR
2024-06-27 17:39:44 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	55253	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:46 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:46 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:46 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 225 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737e8f8573344-EWR
2024-06-27 17:39:46 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	55255	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:48 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:49 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:49 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 228 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a737f7bfe41a34-EWR
2024-06-27 17:39:49 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.6	55257	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:51 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:51 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:51 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 230 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a738062cbbc47f-EWR
2024-06-27 17:39:51 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	55259	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:53 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:53 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:53 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 232 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73814bae87c6f-EWR
2024-06-27 17:39:53 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.6	55261	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:55 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:56 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:56 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 235 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a738233d7f43a5-EWR
2024-06-27 17:39:56 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.6	55263	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:39:58 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:39:58 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:39:58 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 237 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73831cf4b8c84-EWR
2024-06-27 17:39:58 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:39:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	55265	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:40:01 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:40:01 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:40:01 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 240 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a7384308fe1891-EWR
2024-06-27 17:40:01 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:40:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	55267	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:40:03 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:40:03 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:40:03 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 242 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73851bfb20cb8-EWR
2024-06-27 17:40:03 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:40:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	55269	104.20.3.235	443	2924	C:\Users\user\Desktop\ClientAny.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-27 17:40:05 UTC	74	OUT	GET /raw/zAGEXn7M HTTP/1.1 Host: pastebin.com Connection: Keep-Alive
2024-06-27 17:40:05 UTC	397	IN	HTTP/1.1 200 OK Date: Thu, 27 Jun 2024 17:40:05 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close x-frame-options: DENY x-content-type-options: nosniff x-xss-protection: 1;mode=block cache-control: public, max-age=1801 CF-Cache-Status: HIT Age: 244 Last-Modified: Thu, 27 Jun 2024 17:36:01 GMT Server: cloudflare CF-RAY: 89a73860793a43dd-EWR
2024-06-27 17:40:05 UTC	29	IN	Data Raw: 31 37 0d 0a 36 2e 74 63 70 2e 65 75 2e 6e 67 72 6f 6b 2e 69 6f 3a 31 31 34 39 32 0d 0a Data Ascii: 176.tcp.eu.ngrok.io:11492
2024-06-27 17:40:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	13:35:57
Start date:	27/06/2024
Path:	C:\Users\user\Desktop\ClientAny.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\ClientAny.exe"
Imagebase:	0x860000
File size:	75'776 bytes
MD5 hash:	48865D6CC53E8A2FC637DA9F1EE5E353
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000000.2107638015.0000000000862000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	25.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	50%
Total number of Nodes:	20
Total number of Limit Nodes:	2

Executed Functions

Function 00007FFD34653D0E Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 482
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL ref: 00007FFD346540B4

Strings

HAT4, xrefs: 00007FFD34653F89
cV_H, xrefs: 00007FFD34653F93
HAT4, xrefs: 00007FFD34653F27

Memory Dump Source

Source File: 00000000.00000002.4592802805.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd34650000_ClientAny.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID: HAT4$HAT4$cV_H
API String ID: 2706961497-3673408008
Opcode ID: 52a550fa264f04b249571ded427338784b002b55c8a7f8c200b6ae6ee1e8eed2
Instruction ID: 9bbb10bb4802087ff385c6f626223634809655923ee4396a71e99cbbf7dc419d
Opcode Fuzzy Hash: 52a550fa264f04b249571ded427338784b002b55c8a7f8c200b6ae6ee1e8eed2
Instruction Fuzzy Hash: B6D15B31B0CB4D4FE719EB6898661FA77E1EF9A311F0442BFD48AC7193DD6868468381

Function 00007FFD346529E0 Relevance: 3.3, Strings: 2, Instructions: 808
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,, xrefs: 00007FFD346551BA
oP_H, xrefs: 00007FFD34655083

Memory Dump Source

Source File: 00000000.00000002.4592802805.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd34650000_ClientAny.jbxd

Similarity

API ID:
String ID: ,$oP_H
API String ID: 0-3207638262
Opcode ID: bb17a8660b68cc7e5da190174200096fce0225620c8b7ef751b94e77a0234f75
Instruction ID: 7be3c0e97c268f967c652a3108a0f55a734ffa81d39d59c4b6732a4d8cd9e130
Opcode Fuzzy Hash: bb17a8660b68cc7e5da190174200096fce0225620c8b7ef751b94e77a0234f75
Instruction Fuzzy Hash: 0E42C571B1DA194FEBA8EF68D0B96B973D1FFA9310B5405BDD04EC3296DD28B8428740

Function 00007FFD34650E5D Relevance: 1.8, Strings: 1, Instructions: 533
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#CP_^, xrefs: 00007FFD34651044

Memory Dump Source

Source File: 00000000.00000002.4592802805.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd34650000_ClientAny.jbxd

Similarity

API ID:
String ID: #CP_^
API String ID: 0-2637653657
Opcode ID: e1f5be33409e3114dc4c72e27f0df15dfe616861b743efb235ba987d96715298
Instruction ID: 83d10c07cf10da704d88403a7108203d1c33dc062b5ba42e6a7bcd73a209fa55
Opcode Fuzzy Hash: e1f5be33409e3114dc4c72e27f0df15dfe616861b743efb235ba987d96715298
Instruction Fuzzy Hash: 73F12822F0E9AA0FE765BEA898B51FA3794EF56314F1401BAE54DC71C3DD1CE8019391

Function 00007FFD34650E70 Relevance: .3, Instructions: 304
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4592802805.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd34650000_ClientAny.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1f95fb119faddaccce823ee5547788f036ba50db170544e9f574c5d1dfc618
Instruction ID: 3ec07aa632163b64e2b3ab0509d63e9797ed08603fdd9eb7415bd4724abd18cd
Opcode Fuzzy Hash: 2f1f95fb119faddaccce823ee5547788f036ba50db170544e9f574c5d1dfc618
Instruction Fuzzy Hash: 40A1E352F0EEA70BFBA56EA844B51F96A91AF53300F1901FAE64DC71C7CD1CE8019391

Function 00007FFD34654D98 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowsHookExW.USER32 ref: 00007FFD34654E61

Memory Dump Source

Source File: 00000000.00000002.4592802805.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd34650000_ClientAny.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 5fafd545e94a60a2568b8c4de75884b8bd963d0455cdfa662cddbc93a35e612a
Instruction ID: 3df29a9850594e0f5c0cec231fe0740cc49a45b32f29be43bdb815ccccd6c7cc
Opcode Fuzzy Hash: 5fafd545e94a60a2568b8c4de75884b8bd963d0455cdfa662cddbc93a35e612a
Instruction Fuzzy Hash: 2E41EA31A1CA5D4FEB19DFAC98566F9BBE1EF59311F00027ED049D3292CB64681287C1

Non-executed Functions

Function 00007FFD34653D88 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592802805.00007FFD34650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd34650000_ClientAny.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4c342caac30881718eadd667b4ebebae7b6b9a19d8476ffc028b6fc54c24cc7
Instruction ID: de108f33c2ae8efe10a23f7ee8e8339bd81ae26f2989966648021b1932581fe5
Opcode Fuzzy Hash: b4c342caac30881718eadd667b4ebebae7b6b9a19d8476ffc028b6fc54c24cc7
Instruction Fuzzy Hash: 70411831F18A098AF72DFB7498A61FA72E1EF99311F40457ED48BC3886DD78B4468681

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ClientAny.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: AsyncRAT

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
ClientAny.exe

Function 00007FFD34653D0E Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 482
nativeCOMMON

Function 00007FFD346529E0 Relevance: 3.3, Strings: 2, Instructions: 808
COMMON

Function 00007FFD34650E5D Relevance: 1.8, Strings: 1, Instructions: 533
COMMON

Function 00007FFD34650E70 Relevance: .3, Instructions: 304
COMMON

Function 00007FFD34654D98 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON